Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Some work for a beginner

From: David Fifield <david () bamsoftware com>
Date: Sun, 5 Feb 2012 23:50:17 -0800
On Mon, Feb 06, 2012 at 12:33:39PM +0530, Alok Upadhyay wrote:

Hi There,


I am a new to the nmap-dev list and also to the world of open source
development. I am really interested in working under the nmap's hood.

I was looking for some easy headway into the development side by
trying to solve a bug etc., but wasn't quite able to figure out stuff.
I am good in programming using Java, Python and C. And I have some
experience in socket programming as well.


Something helpful to me personally would be to add new checks to
sv-tidy.py, the script that checks for errors in the nmap-service-probes
database. it may seem like a small thing but it has already found tons
of bugs.

There are some notes about sv-tidy.py in
https://svn.nmap.org/nmap/todo/nmap.txt, but here's a more up-to-date
list of what I need:

* Add a mode where it prints out all the d// device types. I want to
  pipe this through "sort | uniq -c" to easily check for typos.
* Add a CPE parser, and make sure that cpe:// fields are proper CPE
  URLs. This mainly means checking that the first component is "a", "h",
  or "o". There is some information about CPE here:
  http://nmap.org/book/output-formats-cpe.html.
* Check for human language names that aren't reflected in the CPE, and
  vice versa. For example, i/French/ without cpe:/...:fr/ or vice versa.
  You only need to look at the i// and cpe:// fields for this.
* Check that substituted variables are used in the appropriate place in
  CPE. If we have h/$1/ and cpe:/a:apache:http_server:$1/, it's a bug,
  because there's no reason for a host name to appear in the version
  part of a CPE URL.
* Similarly, warn if e.g. v/$1/ is present but $1 is not used in any
  CPE.

If you want to try these, please send a patch for each small piece that
you do. A big patch doing all the above would be too much, and anyway
some of the above might cause you to want to consult with me on design.

David Fifield

Attachment: sv-tidy.py
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: