Nmap Development mailing list archives
Re: GSoC 2011: NSE Script Development
From: Gorjan Petrovski <mogi57 () gmail com>
Date: Mon, 28 Mar 2011 05:10:32 +0200
Hello David, Thank you for replying and for the useful information. I read the Google Summer of Code documentation thoroughly and got some knowledge of Lua scripting and the NSE libraries. I must say it is quite an elegant solution for extending functionality. Now I feel I should start implementing a new script in order to perfect my knowledge. I've had my eye on the backorifice-info script from the Script_Ideas page because the source code is available and maybe I would be able to implement before the GSoC application deadline, but if you have a more useful script in mind, like a certain exploit or vulnerability, I would be happy to try my wits at it. Thanks, Gorjan Petrovski On Thu, Mar 24, 2011 at 8:37 PM, David Fifield <david () bamsoftware com> wrote:
On Wed, Mar 23, 2011 at 05:48:04PM +0100, Gorjan Petrovski wrote:Hello Nmap developers, My name is Gorjan Petrovski and I've been eagerly waiting for GSoC this year, hoping to cut my skills on the Nmap project. I'm a 4-th year student of Computer Systems Engineering, with only 2 exams and my thesis to go, so I'll be available and ready to do full-time work this summer. I have a general knowledge of networking protocols, plenty of C/C++ experience, some of it using sockets. I have also made several python scripts for personal use and I'm quite familiar with bash scripting. I've also done some (little) tampering with exploits, mostly local ones (shellcode). I'm really interested in doing research with vulnerabilities and exploits. I've already gotten myself familiar with Nmap and the NSE functionality through Fyodor's book and against a couple of local virtual machines and I'm currently learning Lua while testing and reading some existing scripts. Any suggestions on how to proceed futher, am I on the right path? Ideas for a beginner's script that would be useful? Are there any especially important scripts to write? For the development of vulnerability and exploits NSE scripts, would there be an emphasis on new exploits, or old and popular ones which haven't yet made it to NSE?Hi Gorjan, thanks for writing. You are on the right path so far. If you haven't yet, read the pages http://www.google-melange.com/gsoc/org/home/google/gsoc2011/nmap http://nmap.org/soc/ http://nmap.org/soc/GeneralRequirements.html http://nmap.org/soc/apply.html Some script ideas are at https://secwiki.org/w/Nmap/Script_Ideas. For a gentle beginner's introduction, you might try reimplementing http-date.nse: http://nmap.org/nsedoc/scripts/http-date. We want to focus on new important vulnerabilities, less on historical vulnerabilities. David Fifield
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- GSoC 2011: NSE Script Development Gorjan Petrovski (Mar 23)
- Re: GSoC 2011: NSE Script Development David Fifield (Mar 24)
- Re: GSoC 2011: NSE Script Development Gorjan Petrovski (Mar 27)
- Re: GSoC 2011: NSE Script Development Toni Ruottu (Mar 28)
- Re: GSoC 2011: NSE Script Development Gorjan Petrovski (Mar 29)
- Re: GSoC 2011: NSE Script Development Gorjan Petrovski (Mar 30)
- Re: GSoC 2011: NSE Script Development Vlatko Kosturjak (Mar 30)
- Re: GSoC 2011: NSE Script Development Gorjan Petrovski (Mar 30)
- Re: GSoC 2011: NSE Script Development David Fifield (Mar 30)
- Re: GSoC 2011: NSE Script Development Toni Ruottu (Mar 31)
- Re: GSoC 2011: NSE Script Development Gorjan Petrovski (Mar 27)
- Re: GSoC 2011: NSE Script Development David Fifield (Mar 24)