mailing list archives
Re: Nmap - Summer Project Idea
From: Fyodor <fyodor () nmap org>
Date: Mon, 17 Feb 2014 13:29:50 -0800
On Fri, Feb 14, 2014 at 6:24 PM, Everardo Padilla Saca <
everardo.padilla.saca () gmail com> wrote:
I've been thinking on how I could make something useful for the Nmap
community. I would appreciate your feedback on this idea. It's about a
distributed Nmap network with a RESTful backend, where multiple Nmap
clients are managed by a control server, who is managed by the final
user(s) through a web browser.
If you all think this is a worthy/relevant idea it would be nice if it
could be part of this year's GSoC. I would like to hear your opinions and
A bit about myself: I'm a last year BSc in Computer Science student, about
to start working for my Uni on researching methods for IPv6 address
exploring with Raul Fuentes' work shown here
http://seclists.org/nmap-dev/2013/q4/285 (currently working on those
Hi Everado, and thanks for sending your idea! The Nmap Project has again
applied as a mentoring organization for the Google Summer of Code and we're
hopeful for another great year! Assuming we get accepted again, this will
be our 10th year participating. I don't know how many other orgs have
participated in every year Google has offered this program, but I'll bet it
You sound quite motivated and ambitious and I would definitely encourage
you to apply for Nmap SoC! Your Clustered Nmap is a great project, but I'm
not sure it's the sort of thing we'll be looking for this year. We've done
a lot of somewhat external-to-nmap SoC projects in the past (Ncat, Nping,
Zenmap, Ncrack, etc.), but I'm thinking we might turn more inward this
summer and focus on improvements to Nmap itself.
Perhaps you could focus more on performance increases by optimizing Nmap
itself rather than by executing many Nmap instances in parallel. For
example, we've talked about optimizing Nmap's fixed rate scanning (e.g.
--min-rate) so it can keep up with the likes of zmap and masscan. Those
tools are only useful in very specific edge cases, IMHO, but they are edge
cases in which there has long been much interest. I mean who doesn't love
massive Internet scanning/sampling/research? This work could be paired
with empirical scanning to assess the results and reliability of changes
and optimizations in the real world. We maintain a system on a fast
network for this purpose.
I should also mention that the part in your bio about "researching methods
for IPv6 address exploring" is something we continue to be very interested
in. Perhaps it could be worked into the application in some way.
Note that we haven't yet done much organizational discussion or meetings
about our GSoC ideas for this year (the current ideas list on the site is
from last year), so you can take all this with a bit of a grain of salt.
But it is based on my discussions with a number of other Nmap devs. Also,
anyone is free to post their own ideas on our community GSoC ideas page:
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/