GSoC: NSE script developer

[Hani Benhabiles <kroosec () gmail com>]

Hello,

I'm Hani "kroosec" Benhabiles, a student from Algeria.

I'm interested by the NSE—Script Developer position and I would like
to apply for the web scanning specialist one as it's where I see
myself shining the most (I was planning to work on w3af
and began studying the code but they didn't get accepted for GSoC.)

I do have some questions/remarks however:

- How should I approach Nmap web scanning ?
Will I've to focus on a certain area ? like Information gathering (seems the
most logical to me),
Vulnerability discovery or exploiting vulnerabilities.

- How will the scripts to be written be chosen ? Will it be the mentor who
chooses them,
community feedback, defined lists (like working on OWASP's Top 10 for
vulnerability discovery)
or will I be free to choose what I work on (and justify it of course.)

- How will the script developers collaborate ? Will they have the same
mentor who will be in charge of workload balancing or will they directly do
it.
I would enjoy working with other students on other specialties.

- I do have some issues defining the time line for this project. Should I
base it on the number
of scripts and libraries written or will it be something else ?

While studying the NSE internals, I've written a simple script that grabs
Google Analytics
and Adsense IDs of a website.
These could be used to further find websites with the same owner.
I would be glad if they are added to NSE scripts or at least if I'm given
some input and tips on
anything that I've overlooked or I could improve.

I've a very good knowledge of web application and network security that I
would like to
put in service of an open source project. This is my first time applying for
GSoC, so excuse me for
this wall of text. :)

regards,
Hani

Attachment: google-id.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/