Re: GSoC 2011: NSE Script Development

[Gorjan Petrovski <mogi57 () gmail com>]

Hello David,

Thank you for replying and for the useful information. I read the
Google Summer of Code documentation thoroughly and got some knowledge
of Lua scripting and the NSE libraries. I must say it is quite an
elegant solution for extending functionality.
Now I feel I should start implementing a new script in order to
perfect my knowledge. I've had my eye on the backorifice-info script
from the Script_Ideas page because the source code is available and
maybe I would be able to implement before the GSoC application
deadline, but if you have a more useful script in mind, like a certain
exploit or vulnerability, I would be happy to try my wits at it.

Thanks,
Gorjan Petrovski


On Thu, Mar 24, 2011 at 8:37 PM, David Fifield <david () bamsoftware com> wrote:
> On Wed, Mar 23, 2011 at 05:48:04PM +0100, Gorjan Petrovski wrote:
> > Hello Nmap developers,
> >
> > My name is Gorjan Petrovski and I've been eagerly waiting for GSoC
> > this year, hoping to cut my skills on the Nmap project. I'm a 4-th
> > year student of Computer Systems Engineering, with only 2 exams and my
> > thesis to go, so I'll be available and ready to do full-time work this
> > summer.
> >
> > I have a general knowledge of networking protocols, plenty of C/C++
> > experience, some of it using sockets. I have also made several python
> > scripts for personal use and I'm quite familiar with bash scripting.
> > I've also done some (little) tampering with exploits, mostly local
> > ones (shellcode).
> >
> > I'm really interested in doing research with vulnerabilities and
> > exploits. I've already gotten myself familiar with Nmap and the NSE
> > functionality through Fyodor's book and against a couple of local
> > virtual machines and I'm currently learning Lua while testing and
> > reading some existing scripts.
> >
> > Any suggestions on how to proceed futher, am I on the right path?
> > Ideas for a beginner's script that would be useful?
> > Are there any especially important scripts to write?
> > For the development of vulnerability and exploits NSE scripts, would
> > there be an emphasis on new exploits, or old and popular ones which
> > haven't yet made it to NSE?
>
> Hi Gorjan, thanks for writing. You are on the right path so far. If you
> haven't yet, read the pages
>        http://www.google-melange.com/gsoc/org/home/google/gsoc2011/nmap
>        http://nmap.org/soc/
>        http://nmap.org/soc/GeneralRequirements.html
>        http://nmap.org/soc/apply.html
>
> Some script ideas are at https://secwiki.org/w/Nmap/Script_Ideas. For a
> gentle beginner's introduction, you might try reimplementing
> http-date.nse: http://nmap.org/nsedoc/scripts/http-date.
>
> We want to focus on new important vulnerabilities, less on historical
> vulnerabilities.
>
> David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/