Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform



Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
Nmap Summer of Code Introduction

The last three years of Google Summer of Code projects were a tremendous success for the Nmap Project and student participants (results: 2005, 2006 , and 2007). So we are delighted that Google accepted us again for 2008! This innovative and extraordinarily generous program provides $4,500 stipends to hundreds of university students to create or enhance open source software during their summer break. Students get paid, gain valuable experience and a great resume booster, and write code which will be used by millions of people!

If you have the time and motivation, submit an application! It doesn't even require a postage stamp. The big decision to make is what project you wish to take on. There are many other great mentoring organizations, but our obviously biased suggestion is the Nmap Security Scanner. Several project ideas are suggested below, or you can come up with your own clever project. Maybe there is a feature that you have wanted for years, but nobody has yet stepped up to the plate to implement it.

Applications are only accepted from March 24 through April 7. In the application "detailed description" text field, please paste in this Nmap-specific template. If you apply (or plan to), please join the temporary Nmap SoC mailing list. Also, we have written some tips for preparing a great application.

Note that there are some basic requirements which apply to all sponsored projects.

If you have any questions about your ideas, the best place to post them is nmap-dev@insecure.org. You can also join the list or read the archives online. For Nmap SoC specific questions, you can mail them to the Nmap SoC list. Good luck!

Project Ideas

While you can submit a proposal for whatever cool idea your heart desires, here are a few suggestions that would be extremely helpful to the Nmap project and its users. These are in no particular order.

Zenmap developer

While Nmap offered the NmapFE front end for many years, it was a simple wrapper over the Nmap command-line executable and didn't provide much extra value. In 2005 and continuing in 2006, Adriano Monteiro Marques was sponsored by Nmap SoC to write a new, cross-platform Nmap GUI and advanced results viewer. He called it Umit, and in 2007 Umit itself was accepted as an independent project for SoC sponsorship. After that third summer of development, it was integrated into Nmap as the Zenmap frontend.

Now we are seeking someone to improve it further. We're particularly interested in improving the user interface to make it more intuitive and logical, and also some portability work on Macintosh and other platforms. Of course identifying and fixing bugs is a key aspect as well. We're looking for someone motivated and creative enough to build a Zenmap that any Nmap user can love, from the absolute newbies to Nmap experts who know every command-line option by heart!

Nmap Scripting Engine -- Infrastructure manager

In 2006, Diman Todorov worked as a GSoC student with Fyodor to create the Nmap Scripting Engine, which was then integrated into Nmap. This is one of Nmap's most powerful features, allowing users to write (and share) simple scripts to automate a wide variety of networking tasks. For 2007, Diman came back as a GSoC mentor to further improve the systems, adding features such as the NSE standard library. For 2008, we have even more ideas in mind:

  • NSE script documentation system - We need a way for script creators to add script documentation inline with the script. Then we can automatically generate documentation for posting to the Web or real-time viewing on a system. This is similar in goal to Java's JavaDoc system and Perl's POD.
  • Performance testing and optimization
  • Bug fixing
  • Improving the libraries and APIs
  • Developing a better script categorization system - This is mostly organizing/recategorizing work rather than recoding anything.

Nmap Scripting Engine—Script Developer

See the previous project for a description of NSE. Now that we have this extensible scripting system, it is time to really make use of it! We need a talented, creative developer to help by identifying useful scripts (through research and community input) and then implementing them. Future script developers will surely review these scripts as examples, so this is a chance to really set precedent and customs for readable, efficient, maintainable scripts. The script developer(s) will also probably identify some bugs in NSE and likely have infrastructure suggestions for making script writing easier or execution more efficient. Script developer will work with the infrastructure guy (or gal!) to address these issues.

The script developer(s) will also likely write some new libraries that their scripts depend on. It is best to use libraries for general task which many scripts might find useful, rather than locking the code up in a single NSE script.

Slacker

Nmap developers are known as some of the most productive in the open source world. In order to crank out more code, many eschew luxuries like classes, social lives, sex, and sleep. To counterbalance all of this planned productivity, we may need some experienced slackers to spend the summer playing video games, watching TV, reading Slashdot, and dating. You will report these activities in a weekly status report so the rest of us can live our lives vicariously through yours.

Since lazyness is a virtue for this position, our normal application form is not required. Just tell us your best time-wasting story or any other relevant credentials for this critical role.

Feature Creepers and Bug Wranglers

There are many small Nmap bugs and desired features which are quite valuable but may take only a couple days to handle rather than a whole summer. The feature creeper and bug wranglers handle many such tasks during the summer. This lets them explore and contribute to a wide variety of the Nmap code base rather than spending the whole summer working on just one subsystem. The exact tasks won't all be itemized in advance, but here are the sorts of things these people might be doing. You should state in the application which of these might be a good fit for your interests and skillset.

  • Determine which TCP and UDP ports are most commonly open through extensive empirical testing. This will allow us to activate the --top-ports feature which allows you to only scan the most common ports. We would likely also change the -F option to scan many fewer than it currently does).
  • Add a fixed-rate packet sending mode to ultra_scan() (like what UnicornScan and ScanRand offer).
  • Write a tool to improve the process of integrating OS detection fingerprint submissions. David Fifield, who was an Nmap SoC student last year and will be one of our mentors this year, wrote up a detailed description of this task.
  • Write a general scanning engine for abusing applications for port scanning purposes. This would handle scanning through SOCKS and HTTP proxies, and the existing FTP bounce scan would also be ported to this engine. Proxy chaining must be supported.
  • Explore many different application protocols, trying to finds way to identify difficult services such as the new Skype protocols or DHCP.
  • Improve Nmap packaging and support for the Macintosh, and maybe embedded devices such as the OLPC or Nokia Internet Tablet.
  • When high-priority bugs are discovered, bug wranglers get on the case and solve them.

Rather than take a specific role (bug wrangler or feature creeper), the individual(s) sponsored for this position will do some of each. But if you have ideas for small feature-creeping/bug-wrangling tasks, please note them in your application.

Create a Better Netcat and Hping

Sadly, the venerable Netcat tool has been unmaintained for many years. The neglect is so serious that it can be difficult to find, and often fails to compile on newer systems. Such a simple but useful program could be rewritten in a more portable, modern, and extensible way. Cool new features could then be added, as long as they don't detract from the classic and simple interface that makes Netcat so popular. A new "ncat" could easily be written using Nmap infrastructure libraries such as nsock and nbase, and possibly even distributed along with Nmap. An "Nping" that caters to Nmap users would also be quite handy! Check out the proposed requirements doc. Please note that an initial version of Ncat has already been written by previous SoC student Chris Gibson. You can download it from the Ncat web page. So you just need to clean it up a bit, add a few of your own touches, work on integration with Nmap, and then you can start from scratch designing and writing Nping.

Your Own Creative Idea!

Don't feel constrained to the ideas we have suggested here. If you are very familiar with Nmap and have your own great idea for improvement, propose it! There will be dozens of applicants for each position listed on this page, but your suggestions have less competition. Before writing a whole proposal, we recommand that you send a paragraph or two describing your idea to the nmap-dev list for feedback.

Ready to apply? Great! Please visit our SoC Application Notes page for instructions.

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]