GSoC/GCI Archive
Google Summer of Code 2011

Nmap Security Scanner

Web Page: http://nmap.org/soc/

Mailing List: http://seclists.org/nmap-dev/

Nmap Security Scanner

[IMAGE http://nmap.org/images/sitelogo-transparent.png]

The source code repository for 2011 is here: http://code.google.com/p/google-summer-of-code-2011-nmap/

Nmap Security Scanner home page: http://nmap.org/

Ideas page: http://nmap.org/soc/

The Nmap Security Scanner is a free and open source utility used by millions of people for network discovery, administration, inventory, and security auditing. Nmap uses raw IP packets in novel ways to determine what hosts are available on a network, what services (application name and version) those hosts are offering, what operating systems they are running, what type of packet filters or firewalls are in use, and more. Nmap was named "Information Security Product of the Year" by Linux Journal and Info World. It was also used by hackers in 11 movies, including The Matrix Reloaded, Die Hard 4, The Bourne Ultimatum, and The Girl with the Dragon Tattoo. Nmap runs on all major computer operating systems, plus the Amiga. A traditional command-line interface and the Zenmap GUI are included.

Nmap is a great project for talented programmers. Some networking or security experience is very helpful. You'll be part of an active development group and benefit from enthusiastic user feedback.

Potential Projects

Contact

Developer and user mailing list: nmap-dev@insecure.org
The nmap-dev mailing list is the best place to ask specific questions about your proposal ideas.

IRC: #nmap on Freenode or EFnet

Projects

  • Addition of new information gathering and fuzzing scripts This proposal is about developing a variety of NSE scripts such as CakePHP versioning, Nikto integration, Router Default Login. Another objective of this proposal is to provide a more complete set of fuzzing scripts for the protocols HTTP, FTP and SMTP.
  • Feature Creepers and Bug Wranglers -- NSE focus There are many Nmap bugs and desired features which are quite important but take much less than a whole summer to implement. Some may only take hours, while others could take weeks or even a month. This is a project that will try to handle many such tasks during the summer, with a special focus on the Nmap Scripting Engine.
  • IPv6 Expert The project involves extending Nmap to provide full support for IPv6. This includes making Nmap capable of creating and injecting raw IPv6/ICMPv6 packets, implementing new host discovery techniques and adapting the OS fingerprinting engine to operate over IPv6.
  • Nmap on IPv6 The ultimate goal of this proposal is to make Nmap more complete on IPv6 network and satisfy the increasing needs for IPv6 network exploration and security auditing. I plan to add several IPv6 features on Nmap. These include not only conventional ones, such as raw packet scan, traceroute, but also special features of host discovery on IPv6.
  • Nmap Script Developer - discovery and miscellaneous scripts Writing NSE scripts which gather information from different network services
  • Updating system for NMAP and Bug Wrangles I would like to wrangle some bugs and write an autoupdater.
  • Zencat Zencat is a GUI to Ncat, the Nmap equivalent of the popular swiss army knife of network tools, netcat. The purpose of Zencat is to facilitate raw human interaction(either manual or semi-automatic) with network sockets by building an extended usability layer above the Ncat backend. Zencat will enable for usability cases to be built on top of Ncat that aren’t possible or comfortable for the command line version of this tool.