Home page logo

nmap-dev logo Nmap Development mailing list archives

Jacek's GSoC summary and a status report - #16 of 16
From: Jacek Wielemborek <wielemborekj1 () gmail com>
Date: Mon, 23 Sep 2013 20:55:55 +0200

Hi guys,

Sadly, looks like Google Summer of Code 2013 is over! Before I move on
to the short list of my accomplishments for this final week, I'd like
to thank some people for making my project happen.

On top of the list is David Fifield, my mentor, who patiently spent
many hours helping me bring Lua to Ncat in a way that I'm really happy
about. His reviews of my code uncovered many of my bugs and led to a
great increase in quality of the code. Thanks to him, I learned much
more during the project than I could possibly expect. Once again -
thank you, David!

Also, I'd like to thank Fyodor, the leader of the organization. If it
wasn't for Nmap taking part in Google Summer of Code, this summer
wouldn't be as exciting. His enthusiasm about my new Ncat features was
really motivating and judging by his feedback I can tell that he
actually went through all the hard work in order to understand the
ideas behind my prototypes and give some cool pieces of advice. At the
same time, he was mentoring Yang and watching George's project as well
- kudos for that, too! Keep up the good work, I'd really love to work
for Nmap project during the next Google Summer of Code.

Henri Doreau and Patrick Donelly helped me figure out some of the hard
parts of NSock and Lua API design, respectively. They dedicated quite
a few hours to explain many problems I had to face and thanks to them
none of the issues really stopped me for long. Thank you, guys!

Thanks to George Chatsizofroniou, Yang Luo and the #nmap IRC team,
especially Daniel Miller, Cipher-0 and AlexWebr for keeping me company
during the sometimes long hours of debugging. I'd probably go crazy if
I kept thinking about my code all the time. Also, thanks to everyone
who tested my code and/or commented on the features.

Last but not least, thanks to the Google team for making GSoC happen
and to original Ncat developers, whose code was a great base for my
project. And to whoever I skipped by mistake. Thanks a lot for making
it all happen.


* Created the ncat-colors branch. David admitted he likes the idea for
the Ncat coloring feature command-line switch; we discussed its
behavior a bit and decided to shorten its name from --color-input to

* Reworked the luaexec-lookup code twice. David pointed out a design
flaw in my last week's version and when I tried to address it, I
introduced a (rather benign) race condition. My second attempt fixed
it and the code is now waiting for a review.

* As a part of final week relaxation, had some fun with OpenTibia
project and wrote an Nmap probe detecting it and an NSE script to pull
some potentially interesting data from it using its info protocol. You
can read more about it here: http://seclists.org/nmap-dev/2013/q3/596


Below is my list of biggest achievements during the whole “Bringing
Lua to Ncat” GsoC project:

* Delivered --lua-exec feature that was released with Nmap 6.40. I
wrote the code for POSIX and Windows (first I had to set up a Windows
VM so I could build Ncat for this system and found a way to control it
from my Linux system), created a test case, added a few example
scripts and drafted the documentation for the feature. I learned that
“A Systems Product is a truly useful object but costs at least 9 times
as much as a Program” (in this context, costs in terms of time). I had
a lesson on how to build a readable SVN history and got familiar with
Git's (actually, git-svn) rebasing. I also learned a bit about Windows
IPC. Moreover, David taught me how to write good documentation.

* Tried out my idea from ncat-lua-inlines branch. Learned a lesson:
“if you're starting to fail to understand your own code, you should
rewrite it or at least clean it up first, THEN think of new features”.

* Experimented with --lua-exec extensions. That actually took most of
the time - I was exploring the ways to turn it into a Lua filters
interface, with stacking support. Most of my code was rejected due to
its complexity, but in the process I found a way to develop on Windows
over Cygwin SSH more conveniently, solved some Ncat bugs, added the
environment variables and learned a lot about non-blocking socket
operations and POSIX IPC.

* Wrote a few --lua-exec demo scripts, including a DNS server and
httpd.lua. The latter will most likely be released with next version
of Nmap, along with my script lookup code and modifications to the
installer. Learned quite a lot about Unicode and protecting against
path traversals.

* Started the “socket abstractions” feature. Unfortunately it's too
complicated to be delivered during this GSoC project, but as I
demonstrated with my chat.lua demo, this could be build to create
really powerful filters. Perhaps in the future it'll provide Websocket
support for Ncat?

To sum it all up, I absolutely recommend Nmap as the mentoring
organization for Google Summer of Code. The atmosphere in the project
is great and the mentors are real experts that will surely help you
learn a lot. Again, I just can't wait for the next GSoC!

Jacek Wielemborek
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]