Re: [ GSoC Nmap scripting engine ]

[Patrick Donnelly <batrick () batbytes com>]

Hello Ashish,

On Sun, Apr 28, 2013 at 7:48 AM, Ashish Raste <rasteashish () gmail com> wrote:
> I'm Ashish from Singapore. I went through the GSoC ideas list of Nmap.
> Being a guy interested in network security and system security, I'm willing
> to work for the Nmap scripting engine project. Some of my recent works in
> the security related concepts are hosted
> here<https://github.com/ashishraste>(a minifirewall and arp-dns-attack
> code using pcap library)

Thanks for sharing previous code you've worked on, it helps us get to know you!

> My preference list on that project are (i)Vulnerability and exploitation,
> (ii)Discovery scanning and (iii)Web scanning.
> My concern is on the Lua scripting language which I'm not familiar with but
> I believe that I can catch up with it quickly.

There are may resources for learning Lua. Programming in Lua 1st ed.,
written by Lua's architect, is available for free online [1,2]. There
is also the NSE chapter in the Nmap book, also available online [3].

> 1. I am currently following the vulnerability announcement lists including
> Bugtraq. I would like to know the expectation for this project and any
> starters that you can recommend?

Take a look through the Script Ideas page on the wiki [4].

> 3. Can I submit my initial solution in a pseudocode format or in Bash
> scripts until I get a hold on Lua?

We typically suggest trying to reimplement a simple script like
http-title.nse to get the hang of NSE.

[1] http://www.lua.org/pil/
[2] http://www.lua.org/pil/contents.html
[3] http://nmap.org/book/nse.html
[4] https://secwiki.org/w/Nmap/Script_Ideas

--
- Patrick Donnelly
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/