Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: GSOC 2012 Web scanning specialist

From: David Fifield <david () bamsoftware com>
Date: Thu, 29 Mar 2012 10:26:50 -0700
On Mon, Mar 26, 2012 at 02:38:23PM +0530, Chetan Hosmani wrote:

I am Chetan Hosmani. I am doing my majors in Electronics at Birla
Institute of Technology and Science, Pilani. I am in my last year and
have plenty of time.

I have always been very interested in security related fields and now
am intrigued by Nmap's Lua scripting engine. Although I had never used
Nmap before (I have experimented a lot on packets using Wireshark and
AirPcap though) I feel I can enjoy working at Nmap, and gain and
contribute to the community.

The project on Web scanning specialist is very interesting. I feel I
have the relevant experience in this area.

I have worked on several HTML JavaScript based websites (links to
which I will add in the application).
Presently I am working on my academic project in a private firm that
deals with HTTP header injection, SQL Injection, XSS based security
threats. The technology involved however is J2EE (GWT as well as JSP).
I have a good idea of the server side vulnerabilities that exist and
how they are secured.
Apart from this I have worked on PHP based sites (again the exact
details I prefer to add in the application).

For the GSoC project I have been going through the HTTP based scanning
scripts and am getting a hang on Lua.

So I would be really grateful if you could throw some pointers or
ideas on what I could do. Any specific tasks (apart from building
Nmap, zenmap, etc.) that would help me judge my own application would
also be very useful.


Hello Chetan. It's nice to hear from you.

Based on your experience, what are the areas in which Nmap's web script
coverage is most lacking? You can get an idea of the types of scripts we
have by going to http://nmap.org/nsedoc/ and browsing the ones that
start with "http-".

What vulnerabilities have you worked on that could be tested in NSE
scripts?

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: