Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Sergey. [Status Report 01/17]

From: Sergey Khegay <g.sergeykhegay () gmail com>
Date: Thu, 5 May 2016 14:32:06 -0400
[Report 01/17]
Hello Nmap Community,

My name is Sergey, I am a MS Computer Science student at New York
University
Tandon School of Engineering.

I am going to work on improvement of NSE brute-force performance and add
additional support of such protocols like ssh and rdp. Currently there are
more than 60 brute-forcing scripts but there is still room for improvement
of
NSE's parallelism, performance and protocol support.

My mentor is Fotis Hantzis, Ncrack's author.

This is my first status report.

I would highly appreciate any feedback from the community.
My IRC chat nickname is scier.
My email is g.sergeykhegay (at) gmail.com

So far I have managed to:
- Learn about NSE Parallelism and Ncrack Information.

- Set up a testing environment
o I use a Vagrant VM to benchmark performance locally.
o Amazon EC2 Virtual Server is used for remote testing.
o In both environments I run vsftpd daemon.
o I use Ncrack and THC-Hydra for comparison.
o A script is written to automate testing.
o I use Ncrack's default password and username lists.  Mostly hugely
 minimized version of latter.  The correct credentials are just appended
 to the lists. (student:gsoc2016)

- I studied the internals of the brute.lua.
o So far there is no any kind of adaptivity to the working condition.
o The script just spawns pre-specified number of coroutines without any
 adaptation en route.

- On the question of adaptability. This is a bit more tricky. I like the
  Ncrack's approach, but it seems that right now it is hard to implement it
in
  the brute.lua not breaking other scripts that depend on the library. I
need to
  dig a bit more into internals of the NSE. Probably I am going to try to
change
  some parts and look how it works.


Goals:
o: Conduct performance testing and see where NSE falls back.
o: Make minor iterative changes to brute.lua see how it works.
o: Study more about the internals of the NSE, especially parallelism part.

Best regards,
Sergey.

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: