GSoC/GCI Archive
Google Summer of Code 2009

Nmap Security Scanner

Web Page:

Mailing List:

The Nmap Security Scanner is a free and open source utility used by millions of people for network discovery, administration, inventory, and security auditing. Nmap uses raw IP packets in novel ways to determine what hosts are available on a network, what services (application name and version) those hosts are offering, what operating systems they are running, what type of packet filters or firewalls are in use, and more. Nmap was named "Information Security Product of the Year" by Linux Journal and Info World. It was also used by hackers in eight movies, including The Matrix Reloaded, Die Hard 4, and The Bourne Ultimatum. Nmap runs on all major computer operating systems, plus the Amiga. A traditional command-line interface and the Zenmap GUI are included.

This will be Nmap's fifth year as a SoC participant. Results from our previous years are described in this Google Open Source Blog article.

Please see all of our SoC information at


  • Create a Better Hping-"Nping" Hping is a command-line oriented TCP/IP packet assembler/analyzer to construct and send raw packets.The aim of this project is to create a more stable and better Hping called Nping from scratch using the Nmap network libraries like nsock,nbase etc; with a good documentation.This supports all the features of Hping and have a lot of extra features like ARP Spoofing etc;and with no limit or restriction to create packets of one's choice and desire.
  • Development of Nping The following application presents the GSOC proposal for project "Nping". The proposal is submitted by Luis MartinGarcia, a computer engineering student, pursing his master's degree in information security.
  • Nmap Scripting Engine -- Infrastructure manager I intend to resolve pending bugs in NSE (Nmap Scripting Engine) including: solve deadlock through generalized detection mechanisms, correct the behavior of NSE with respect to child coroutines of script threads, and eliminate extraneous bugs in the nsock library binding. I shall implement the boolean operators patch for the new Lua implementation. I will finally create a script for crawling a web server to map its contents.
  • Nmap Web Scanning Infrastructure Today many services have web front-end interfaces. Web applications such as phpmyadmin, git-web, webmails provides many services over HTTP, making it accessible through web browsers. These applications might also be vulnerable to attacks, making web application scanning a very important task. The goal of this project is to develop a infrastructure that allows efficient web applications scanning through Nmap. The infrastructure consists in a group of NSE scripts and modules.
  • Nmap: Ncat & General Feature Extension Proposal for Ncat general improvement as well as for the position of Feature Creeper/Bug Wrangler with emphasis on Raw IPv6 Support and the application-abusing/proxy-scanning engine.
  • Reorganizing the Nmap code base into a C/C++ library The goal of this project is to reorganize as much of the Nmap code base as is desirable into a C/C++ library. This could potentially increase usability and extendability. Once this is completed, existing Nmap and Zenmap code will also have to be ported to use the new library.