Re: Google Summer of Code 2013 (Feature Creeper and Bug Wrangler)

[David Fifield <david () bamsoftware com>]

On Sat, Apr 20, 2013 at 10:08:22PM +0500, Usman Zaheer wrote:
> Note: I sent the following e-mail on 16th April as well, but I guess it got
> lost somewhere during the Nmap-dev downtime.

Thanks for resending your message. It's good to know you are planning to
apply.

> Regarding the "Exploring port scanning from within NSE" idea, what are some
> baseline features that we are going to write modules for? Any suggestions?

This task will probably be more about building the software
infrastructure to support NSE port scanning. If I were to mentor this
task, I would have you start by writing a simple TCP connect scan (like
-sT) and make sure that NSE has the API necessary to support it. Then,
supporting different types of idle scan would be nice, and would
probably suggest a common architecture for NSE-based port scanning
scripts.

> Moreover, how do the developers test the code patches for Nmap (best
> practices?) because this is a bit different from typical software apps.

Our testing practices could be improved. To do so is another potential
summer project
(https://secwiki.org/w/GSoC_community_ideas#Test_automation_specialist).
For code changes involving network performance, we usually test scans on
a known network before and after the change.

> Further, I guess other ideas like XML parser listed on the Ideas page also
> fall into the feature creeper role, right?

This is potentially in bounds for a feature creeper.

David Fifield
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/