GSoC 2026: Password Security Wizard - Optimizing the NSE Brute Library

[Adithya Shetty <adithyashetty39 () gmail com>]

Hi Nmap Development Team and Fotis,

My name is Adithya, and I am a 4th-semester Computer Science student
specializing in Cybersecurity. I am writing to express my strong interest
in the "Password Security Wizard" project for GSoC 2026.

Over the past few days, I have cloned the repository, set up my build
environment, and have been digging into the nselib/brute.lua library and
several of the -brute.nse scripts (specifically focusing on how
ftp-brute.nse implements the Driver and Engine:new functions).

Coming from a background of playing CTFs and writing Python/C++ tooling, I
am very interested in the project's goal of improving the brute force
authentication cracking ability of NSE.

Before drafting my formal proposal, I wanted to ask a structural question
regarding the performance optimization of the underlying NSE
parallelization system: When looking to bring the NSE brute library's
performance closer to a dedicated tool like Ncrack, are you currently
prioritizing optimizations within the Lua engine's coroutine scheduling, or
are you looking more toward optimizing the underlying C/C++ socket handling
(Nsock) that the Lua scripts rely on?

I am currently testing a few of the brute scripts against local vulnerable
VMs to benchmark their current throughput. Any guidance on where the major
bottlenecks currently reside would be highly appreciated.

Thank you for your time and for maintaining such an incredible project.

Best regards,

 Adithya B Shetty

Github: adithyashetty39-lang

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at https://seclists.org/nmap-dev/