Nmap Development mailing list archives
REG : Project Proposal - GSOC 2014
From: Sriharsha Karamchati <leo.harsha93 () gmail com>
Date: Thu, 20 Mar 2014 02:39:33 +0530
Hi, This is a draft of my proposal for GSoC 2014.Any feedback/Suggestions on this are appreciated! I. Basic/Contact Information Name: Sriharsha Karamchati Email Address: leo.harsha93 () gmail com, I also use sriharsha.karamchati () students iiit ac in Instant messenger names and protocols (if any): Nick : Chati ,I'm available on IRC (#nmap) daily. Telephone number (optional): Available for future mentor only. URL for résumé/CV: http://web.iiit.ac.in/~sriharsha.karamchati/Btech_Sriharsh%20Karamchati_201102037.pdf Personal/blog/LinkedIn/Twitter URLs: I have none. <https://stackexchange.com/users/1097930/d33tah?tab=accounts>II. Project Selection Top Project Choice (If choosing one from the Nmap ideas page): New IPv6 OS SCAN FEATURES For Details visit : https://secwiki.org/w/GSoC_community_ideas#New_IPv6_OS_scan_features Are you willing and able to do other projects instead? Absolutely, with pleasure! While preparing for this proposal I only looked into IPv6 fingerprinting and basic scanning features so far, but I will definitely love to work on any other project instead. This would be a great opportunity to learn more about the projects from the Nmap family. I could also work with any of these projects below, I found them interesting and very much related with work I have done so far: Refer https://svn.nmap.org/nmap/todo/nmap.txt for details. 1)Consider implementing both global and per-host congestion control in the IPv6 OS detection engine. 2)Move advanced IPv6 host discovery features from NSE into core Nmap 3)Do more thinking/researching/investigating the way our machine learning IPv6 OS detection system decides whether a match is perfect and/or how close the match is. 4) Improvements to the Nmap multicast IPv6 host discovery scripts III. Skills/Experience 1. Please describe in a few lines your C/C++ knowledge or experience (if any): My best achievement in C/C++ programming is the Selection in the most privileged Coding Contest. ACM ICPC REGIONALS - 2013. The most practical use of my C++ skills is to create a terminal Made an OS Shell which supported almost all commands (Background processes , Redirection, I/O etc) of the Linux terminal and also some additional user defined commands. I have also made an Application Level file sharing protocol with support for upload/download , indexed searching and File Hashing to enable two network clients listening for requests waiting to share files and made use of this protocol among my friends. I have also created an rpg game ,using OpenGL with the character moving in a 3D world having different levels and with different objectives and obstacles at each level using rendering mechanisms, optimizations and algorithms.Being a coding freak, I regularly participate in all the online coding contests I come across. 2. Please describe any Lua, Python, Perl, or other scripting language knowledge/experience: I am new to Lua,no knowledge about lua prior to this project and have learnt quite a bit in past few days Python experience -Made a robot game (Diffusing Bombs) using Python as a course project using curses library. -Made a portal for photo sharing, The users using this portal will be able to upload, share, delete, modify, like and also comment on others pictures using Web2Py (An Interface similar to Facebook was built) -I also write python scripts for pen testing the start-up websites of my friends. 3. Please describe any Windows development experience: I participated in Windows-8 development workshop which gave me have hands-on working with Microsoft Visual Studio (C# )..Developed an App in that workshop and was the Finalist in the that workshop which was conducted across the country. 4. Please describe any UNIX development experience: I tried to mimic the terminal using C++,to test my C++ skills.In which I have implemented Background processes, Redirection, I/O etc.,) with some other user defined functions I wrote a plugin which searches YouTube, Picks the first result and Plays it in VLC in the background.Inspired from my friend's Idea of a similar thing.User has functions to pause, resume, enqueue was an add on. 5. Please describe any Mac development experience: None at all, I know very little about this OS. 6. Please describe any previous/explus Nmap usage experience: I used nmap as a pentester in various Capture The Flags and other security contests i've participated (Haccon'14) . I also used nmap for Determining the <http://en.wikipedia.org/wiki/Operating_system>operating system and hardware characteristics of network devices. 7. Please describe any previous Nmap development experience: No this is my first time . 8.Please describe any previous Open Source development experience: I have created many apps and have all my codes under free license , My love towards App Hacking started when I went through an open source App ,thus motivating me to leave my hacks for public use , the major ones being Microsoft.code.Fun.Do (Habit cultivator - Finalist 4th Position) and Banglore Hacckathon'14 (2 hacks on packet sniffing and distributed computing - SemiFinalist) . 9. If possible, include a link to source code you've written, such as a school or personal project: https://github.com/chati/Wiki-search-master - A Search Engine for 43 GB Wikipedia Data. https://github.com/chati/linux-shell-terminal - - This is an imitation of the terminal using C++,to test my C++ skills.In which I have implemented Background processes, Redirection, I/O etc.,) with few special user defined function. https://github.com/chati/File-sharing-protocol - Application Level file sharing protocol with support for upload/download ,indexed searching and File Hashing to enable two network clients listening for requests waiting to share files and made use of this protocol among my friends https://github.com/chati/Habitcultivator - App which helps to cultivate habits (Written using C#) https://github.com/chati/Quality-Of-Services-IPv6 - This is the white paper on "Quality Of Services in IPv6" which was prepared as a report after going through various documentations and RFCs. 10. Have you participated in any previous Summer of Code projects? If so (and it wasn't Nmap), please describe your projects and experience. Be sure to mention the years involved and the name of your former mentors. No I haven't. 11. Have you applied for (or intend to) any other 2014 Summer of Code projects? If so, which ones? Not at the moment. I considered applying to IPv6 related projects in Haiku-os, ns-3 simulator. IV. Education 1. What school do you attend? IIIT-HYDERABAD (International Institute of Information Technology ). 2. What degree are you pursuing (include the specialty/major)? Btech + MS by Research in Computer Science. Currently doing my research in CSTAR (Center For Security Theory And Algorithmic Research) Labs , My Stream of Research being Quality of Services in IPv6 and Packet Classification .Currently Setting up IPv6 workbench in our Institute. 3. How many years have you attended there? This is my third year. 4. When do you expect to graduate? 2016. 5. What city/country will you be spending this summer in? Hyderabad,INDIA.. 6. How much time do you expect to have for this project? Please list jobs, summer classes, and/or vacations that you'll need to work around: I have no problem working up to 7 hours a day.As this will be my summer vacation, the only other work which I would have is my Research work which is also in IPv6 and Networking , this shall boost up my work towards the GSoC project as well. V. Project Proposal 1. Please describe your proposed project in detail, including deliverables and expected timeline with milestones (this is the long answer): Motivation for the project and the deliverables: When I have been working on Packet classification in IPv6, I found that the DSCP code values can be changed accordingly to provide privileged services.I thought this can be used while probing , as when we send the packets across the network to scan the Operating Systems for ports, we can mark these packets separately by modifying the DSCP(Differentiated Services Code Point) values so that they get higher preference in the network traffic and do not get stuck in the network, thereby ensuring a more reliable port scanning with a higher probability of reaching out to all the systems.This ensures Advance probing in IPv6. My implementation attempts: I already read whole https://svn.nmap.org/nmap-exp/luis/ipv6tests/vectorize.py in order to get an overview of the problems Nmap developers..I have read the OS-detection part completely in the nmap-book and started understanding the vectorize.py code , understood the Idea behind each function by reading through the comments, Since the code used Scapy(Python). I learnt scapy and coded a patch which modifies the DSCP code values of the packets and send them from one router to other. This code clearly shows the difference between the packets with high DSCP code and the lower ones. This is the link to patch of code which I have written (Read-me clearly mentions on how to run the code): https://github.com/chati/Packet-Classification-OS-Probing Tentative Timeline (in 3 Sessions): Note : This is a very first sample of a timeline. not the final timeline . I will make that with precise details during the first week of the bonding period with my mentors First Session (From 19th May): - Get much more acquainted with IPv6 fingerprinting and OS scanning. - Try to find out the missing features so that I could include them along with the advance features I am planning to add to the packets which are sent for probing. - Check the compatibility of my code with the given nmap code vectorize.py - I will get acquainted with community members. - And then discuss my ideas and make a complete and clear list of deliverables and schedule. - Learn how the current FP engine.cc and Vectorize.py scripts work. - Learn more about Lua. Mid Session (From June 16th ): - I will add my code into the vectorize.py and try out working the whole code at once. - Make sure the whole code is working .Check the complexity and latency ,see if the addition of my code affects the original code , try to optimize the code. - Check out for more optimizations possible in the tool by use of packet classification,I am sure I will find at least 2-3 places where this might be a useful. - A deadline for each script will be decided on between me and my mentor. The scripts will be submitted to the mailing list as and when they are completed. End Session (From 28th July): - I will wrap up things and test it in order to find the bugs and fix them up .And merge them with the original code, Bugs can be expected here hence would solve them if they arise. - I am quite sure that I would be getting some Ideas throughout my implementation process (May be even after my submission),Ill see If they can be added easily else will try to work on that after my submission. 2. Why are you well suited to perform this project? (This can be a long answer too if you don't have a résumé/CV link.) I loved the way Nmap works in my first interaction with it itself.And this is literally my dream project. My research stream being in IPv6 and networking is a big bonus for me as I have read many RFCs related to IPv6 already and have a good grip of the subject.I never give anything less than my best for the things which I love to do, this project being one of them.I am a kind of person who can come with a number of creative Ideas spontaneously irrespective of the domain .So you can always look up to me if you want to come up with new features .I would love to work with this organisation even after the GSoC and stay with the team , as this really attracted me. I am a self motivated passionate coder and very quick learner (which was proved as I have learnt Scapy as soon as I found that the code which was given in the link used the same and wrote the code overnight) .I love to take up challenges. In my last semester took up 3 Advance courses in parallel , one of them was considered to be the toughest course in the institute (Advance Computer Networks) and received an 'A' grade(Top grade) in all the 3 (which was never achieved in past 2-3 years) . I always wanted to do something for the social good.But It makes me much more enthusiastic when I am doing it through my expertise - Coding! . _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- REG : Project Proposal - GSOC 2014 Sriharsha Karamchati (Mar 19)