Intro Reference Guide Book Install Guide Download Changelog Zenmap GUI Docs Bug Reports OS Detection Propaganda Related Projects In the Movies In the News

Sponsors

Nmap Summer of Code Introduction

The Nmap Security Scanner Project has participated in all eight previous Google Summers of Code, and they have been a tremendous success for us and the 59 student participants! Google even featured our success stories and lessons learned in their Open Source Program blog. This innovative and extraordinarily generous program provides $5,000 stipends to 1,000+ college and graduate students each year to create and enhance open source software during their summer break. Students gain valuable experience, get paid, strengthen their résumé, and write code which will be distributed freely and used by millions of people! Last year was a huge success, and we're excited to participate again in 2012.

Nmap is a free tool for network exploration or security auditing. Several project ideas are suggested below, or you can come up with your own clever project. Maybe there is a feature that you have wanted for years, but nobody has yet stepped up to the plate to implement it.

Almost all college and graduate students are eligible, but you need to hurry because student applications are only accepted from April 22 through May 3 (complete timeline). To apply, see our SoC page. We have written some tips for preparing a great application. If you apply (or plan to), please join the temporary Nmap SoC mailing list to receive announcements. If you have any questions about your ideas, the best place to post them is the Nmap Dev mailing list (you can join here or read the archives online). Questions specific to the Nmap SoC program may be sent to Nmap-dev, or the Nmap SoC list, but we recommend Nmap-dev if the post is technical in nature.

Note that there are some basic requirements which apply to all sponsored projects.

While we hope you apply for Nmap, you are allowed to apply to multiple organizations. Doing so increases your odds of acceptance as long as you put sufficient time into each app. Many great security projects have taken part in SoC, including The Honeynet Project, Openwall, Tor, Nmap Security Scanner, Freenet, Netfilter, Wireshark, Crypto Stick, Privly, and OWASP.

Project Ideas

While you may submit a proposal for any cool idea your heart desires, here are some suggestions that we consider extremely desirable for the Nmap project and its users:

Index

• Performance/Optimization Specialist
• Nmap Scripting Engine—Script Developers (3 Positions)
• Feature Creepers and Bug Wranglers
• Zenmap GUI Developer
• WinPcap developer (low-level Windows expert)
• Slacker
• Your Own Creative Idea!
• Community-contributed Ideas

The person in this role may also help with our large-scale scanning research to collect empirical data for improving performance, and/or analyze existing large data sets such as the Carna botnet.

Here are some example tasks:

• Parallelize Nmap's forward DNS (target lookup) system so it doesn't have to handle them one-by-one using the gethostbyname family of system calls.
• Consider using a binary decision diagram for --exclude list to make it more efficient for large exclude lists. See http://seclists.org/nmap-dev/2012/q4/420.
• Improve our "top port list" (finding the best ports to scan by default) by using empirical data from the Carna botnet (details).

Applications for this position should focus on your relevant optimization skills and experience as well as any ideas you have for improving Nmap performance.

Nmap Scripting Engine—Script Developers (3 Positions)

In 2006, Diman Todorov worked as a GSoC student with Nmap author Fyodor to create the Nmap Scripting Engine (NSE). It has become one of Nmap's most popular and powerful features, allowing users to write (and share) simple scripts to automate a wide variety of networking tasks. We now have more than 430 scripts, all documented at the NSEDoc Reference Portal. They run the gamut from simple discovery tasks like whois lookups, retrieving web site titles, and banner grabbing, to complex functions like spidering a web server to find SQL injection vulnerabilities and brute force authentication cracking of MSRPC (SMB) servers. For a fun 38-minute introduction to NSE, see Fyodor and David Fifield's 2010 Defcon presentation video.

It is time we make the most of this fast and powerful scripting system! We need talented, creative developers to identify useful scripts (through research and community input) and then implementing them. We already have many candidate script ideas on our wiki.

The script developers will also likely write some new libraries since general code that many scripts are likely to use belongs in libraries rather than the scripts themselves. Developers will also help with testing and reviewing each other's scripts as well as those submitted by the Nmap community. They may also have opportunities to improve the NSE engine and infrastructure itself (this is where the C/C++ experience helps).

If we receive enough great applications and sufficient slots from Google, we would like to sponsor three script developers. Please specify your preferences among the following development roles:

• Web scanning specialist

  This position is perfect for a budding web guru with intimate knowledge and interest in web-related standards and protocols, particularly HTTP and HTML. SSL, Javascript, CSS, and XML are important too. An understanding of common web vulnerabilities such as SQL injection and cross-site scripting (XSS) will also help. Tools to look at for inspiration include Burp Suite and w3af. Nmap already has quite a few HTTP scripts that you can find on the NSEDoc Portal, but many of them could use improvement and they only scratch the surface of possible scripts. The web has grown to dominate the Internet, so it is crucial that Nmap have solid web scanning capabilities.

• Discovery scanning specialist

  Nmap is famous for network discovery and it already has 110 discovery scripts. That still isn't good enough for us. Applicants for this position must enjoy learning about and implementing a wide variety of protocols. They will also be the go-to guy (or gal) for any scripts which don't fit either of the positions above, even if they aren't exclusively related to discovery.

• Vulnerability and exploitation specialist

  If you love researching vulnerabilities and devising (and implementing) scripts to detect and/or exploit them, this position is for you! This person will follow the vulnerability announcement forums and decide which ones merit detection and/or exploitation in Nmap. They will watch what competing vuln scanners and exploitation tools are implementing, but we also hope to beat many of those tools to the punch. Malware detection scripts fit in this role too. You can see our current scripts in this genre by reviewing our vuln, exploit, auth, and malware categories.

While script developers may have specialties, they won't focus exclusively on that single niche. Sometimes priorities or workload balancing will dictate that they work on scripts or libraries which don't precisely match their NSE specialty.

There are many Nmap bugs and desired features which are quite important but take much less than a whole summer to implement. Some may only take hours, while others could take weeks or even a month. The feature creeper and bug wranglers handle many such tasks during the summer. This lets them explore and contribute to a wide variety of the Nmap code base rather than spending the whole summer working on just one subsystem. The exact tasks won't all be itemized in advance, but you can look at the Nmap TODO list for the current list of pending tasks. Also see the community ideas page. If you apply for this task, you might mention several of the TODO items which you would be interested in and qualified for. Here are some more ideas:

• Implement port scanning from within the Nmap Scripting Engine (see here and here.
• When high-priority bugs are discovered, you get on the case and solve them.

Rather than take a specific role (bug wrangler or feature creeper), the individual(s) sponsored for this position will do some of each. If you have ideas for small feature-creeping/bug-wrangling tasks, we'd love to hear about them in your application.

While Nmap offered the NmapFE front end for many years, it was a simple wrapper over the Nmap command-line executable and didn't provide much extra value. In 2005 and continuing in 2006, Adriano Monteiro Marques was sponsored by Nmap SoC to write a new, cross-platform Nmap GUI and advanced results viewer. It was eventually incorporated it into Nmap as Zenmap and we've been improving it ever since. We're particularly proud of the network topology, host filtering, scan comparison (using Ndiff), and language localization features.

While we're proud of what Zenmap has become, we know it could be much better. But user interface design is a difficult and subjective endeavor. We don't have a simple list you can follow for the perfect Zenmap redesign. Anyone who applies for this role needs to come in with substantial GUI design skills and some compelling ideas to start out with. Instead of spending the summer implementing someone else's design vision, your job will be to come up with and implement your own. The main focus is on usability, but making the app prettier is also a plus. Of course you won't just be set loose on the codebase for three months. We will have regular meetings and discuss design decisions. You will need to back up your change ideas with solid reasoning.

To apply for this position, first install and test out Zenmap. It comes with the Windows, Mac, and Linux packages on the Nmap download page. You application should describe, in detail, some of the changes you would make to enhance Zenmap's usability and aesthetic appeal. We highly encourage you to include design mock-ups in your application.

Nmap uses the excellent open source WinPcap library for sending and receiving raw packets (usually encapsulated in ethernet frames). We currently ship it in our own installer which adds features such as silent install mode. But there are other features we'd like to have, and we're looking for a talented person to make these improvements. We'd prefer if WinPcap devs will incorporate them into their upstream release, but another alternative is that we could ship our own modified “NPcap” library containing the changes. Here are some ideas:

• Support for the new NDIS 6 API
• Privileges support so we can restrict WinPcap uses to users with Administrator access. This is similar to UNIX where you need root access to capture packets.
• No-install DLL support would allow Pcap to load and unload automatically while the application runs. Riverbed used to sell a "WinPcap Pro" edition which did that, but they may have discontinued that.
• Enable Microsoft Driver Signing.
• If we release our own “NPcap”, we'd presumably change the function entry point and external variable names so that we don't conflict with original WinPcap. Riverbed WinPcap Pro did this.

The WinPcap developer might also help with other low level Windows networking code.

Applicants for this position should emphasize their low-level Windows network programming experience, with a particular emphasis on any sample code or previous projects (with downloadable source code) you can show us.

Since laziness is a virtue for this position, our normal application form is not required. Just tell us your best time-wasting story or any other relevant credentials for this critical role.

Don't feel constrained to the ideas we have suggested here. If you are very familiar with Nmap and have your own great idea for improvement, propose it! There will be dozens of applicants for each position listed on this page, but your suggestions have less competition. Before writing a whole proposal, we recommend that you send a paragraph or two describing your idea to the nmap-dev list for feedback. Note that even if we don't accept your project idea (maybe the timing is not right or it doesn't quite fit into the Nmap roadmap), we will consider you for other Nmap projects if possible. We pay close attention to the credentials of every applicant and are happy to work with anyone with exceptional talent to find a project which is highly desirable to them and to the Nmap project. So even submitting your own "long shot" idea is often more successful than cut and pasting one of the canned ideas on this page.

If nothing yet has tickled your fancy and you don't want to propose your own idea from scratch, consider some of the commnity-contributed ideas on our wiki. Or feel free to add your own ideas there, even if you don't plan to apply for Nmap SoC.

In addition, we have many candidate ideas in the Nmap TODO list.

Ready to apply? Great! Please visit our SoC Application Notes page for instructions.

Nmap Site Navigation