Intro Reference Guide Book Install Guide Download Changelog Zenmap GUI Docs Bug Reports OS Detection Propaganda Related Projects In the Movies In the News

Nmap Summer of Code Introduction

The Nmap Security Scanner Project has participated in all six previous Google Summers of Code, and they have been a tremendous success for us and the 47 student participants! Google even featured our success stories and lessons learned in their Open Source Program blog. This innovative and extraordinarily generous program provides $5,000 stipends to 1,000+ college and graduate students to create and enhance open source software during their summer break. Students gain valuable experience, get paid, strengthen their résumé, and write code which will be distributed freely and used by millions of people! 2010 was a huge success, and we are delighted to be participating again for 2011!

Nmap is a free tool for network exploration or security auditing. Several project ideas are suggested below, or you can come up with your own clever project. Maybe there is a feature that you have wanted for years, but nobody has yet stepped up to the plate to implement it.

We're seeking college/grad students talented enough to blow our balls off, but you need to hurry because applications are only accepted until Friday, April 8 (complete timeline). To apply, see our SoC page. We have also written some tips for preparing a great application. If you apply (or plan to), please join the temporary Nmap SoC mailing list to receive announcements. If you have any questions about your ideas, the best place to post them is the nmap-dev mailing list (you can join here or read the archives online). Questions specific to the Nmap SoC program may be sent to Nmap-dev, or the Nmap SoC list.

Note that there are some basic requirements which apply to all sponsored projects.

While we hope you apply for Nmap, you are allowed to apply to multiple organizations. Doing so increases your odds of acceptance as long as you put sufficient time into each app. Many great security projects are part of the SoC this year, including The Honeynet Project, OpenWall, Nmap Security Scanner, Tor, and Freenet.

Project Ideas

While you may submit a proposal for any cool idea your heart desires, here are some suggestions that we consider extremely desirable for the Nmap project and its users:

Index

• Nmap Scripting Engine—Script Developers (3 Positions)
• IPv6 Expert
• Feature Creepers and Bug Wranglers
• Zenmap GUI Developer
• Slacker
• Nmap Cloud Scanning Platform
• Your Own Creative Idea!

In 2006, Diman Todorov worked as a GSoC student with Nmap author Fyodor to create the Nmap Scripting Engine (NSE). It has become one of Nmap's most popular and powerful features, allowing users to write (and share) simple scripts to automate a wide variety of networking tasks. We now have more than 180 scripts, all documented at the NSEDoc Reference Portal. They run the gamut from simple discovery tasks like whois lookups, retrieving web site titles, and banner grabbing, to complex functions like spidering a web server to find SQL injection vulnerabilities and brute force authentication cracking of MSRPC (SMB) servers. For a fun 38-minute introduction to NSE, see Fyodor and David Fifield's 2010 Defcon presentation video.

It is time we make the most of this fast and powerful scripting system! We need talented, creative developers to identify useful scripts (through research and community input) and then implementing them. We already have many candidate script ideas on our wiki.

The script developers will also likely write some new libraries since general code that many scripts are likely to use belongs in libraries rather than the scripts themselves. Developers will also help with testing and reviewing each other's scripts as well as those submitted by the Nmap community. They may also have opportunities to improve the NSE engine and infrastructure itself (this is where the C/C++ experience helps).

If we receive enough great applications and sufficient slots from Google, we would like to sponsor three script developers. Please specify your preferences among the following development roles:

• Web scanning specialist

  This position is perfect for a budding web guru with intimate knowledge and interest in web-related standards and protocols, particularly HTTP and HTML. SSL, Javascript, CSS, and XML are important too. An understanding of common web vulnerabilities such as SQL injection and cross-site scripting (XSS) will also help. Tools to look at for inspiration include Burp Suite and w3af. Nmap already has quite a few HTTP scripts that you can find on the NSEDoc Portal, but many of them could use improvement and they only scratch the surface of possible scripts. The web has grown to dominate the Internet, so it is crucial that Nmap have solid web scanning capabilities.

• Vulnerability and exploitation specialist

  If you love researching vulnerabilities and devising (and implementing) scripts to detect and/or exploit them, this position is for you! This person will follow the vulnerability announcement forums and decide which ones merit detection and/or exploitation in Nmap. They will watch what competing vuln scanners and exploitation tools are implementing, but we also hope to beat many of those tools to the punch. Malware detection scripts fit in this role too. You can see our current scripts in this genre by reviewing our vuln, exploit, auth, and malware categories.

• Discovery scanning specialist

  Nmap is famous for network discovery and it already has 110 discovery scripts. That still isn't good enough for us. Applicants for this position must enjoy learning about and implementing a wide variety of protocols. They will also be the go-to guy (or gal) for any scripts which don't fit either of the positions above, even if they aren't exclusively related to discovery.

While script developers may have specialties, they won't focus exclusively on that single niche. Sometimes priorities or workload balancing will dictate that they work on scripts or libraries which don't precisely match their NSE specialty.

NSE Script developers are listed first on our ideas page because they are our highest priority to fill. So if you don't have a strong preference for one of the other roles on this page, we suggest applying to be a script developer!

The IANA has run out of IPv4 addresses to allocate and the regional registries are expected to deplete their reserves within months. The competition for scarce IPv4 addresses is already heating up. Various hacky techniques (NAT, SSL SNI, name-based hosting, etc.) have been developed to conserve IPv4 addresses, but IPv6 is the only practical solution for fundamentally expanding the address space. Nmap was an early IPv6 adopter, with initial support added in August 2002. Nmap now supports IPv6 for limited types of host discovery, TCP port scanning, version detection, and NSE (Nmap Scripting Engine) on all the major platforms (Linux, Windows, Mac, etc.). But Nmap's IPv6 support is still lacking in several important ways:

• OS Detection is not supported
• TCP connect scan is supported, but the raw packet scans (TCP SYN scan, UDP scan, etc.) are not
• The raw packet host discovery types are not supported (even the ICMPv6 echo request ("ping") packet is not supported)
• Traceroute is not supported
• Many NSE scripts have not been tested against IPv6 applications, and some surely don't work properly in that case.
• While brute force ping scanning of IPv4 address space is extremely common, it is generally not feasible for IPv6 because even end users are usually assigned 18 quintillion addresses. Therefore we need to research and develop more effective host discovery techniques for IPv6.

While some of these tasks are relatively straightforward implementation work, others (particularly OS detection and novel host discovery techniques) require research beyond what is currently known in the field. We need applicants who aren't afraid to blaze a new trail and try things that nobody else ever has.

While Nmap offered the NmapFE front end for many years, it was a simple wrapper over the Nmap command-line executable and didn't provide much extra value. In 2005 and continuing in 2006, Adriano Monteiro Marques was sponsored by Nmap SoC to write a new, cross-platform Nmap GUI and advanced results viewer. It was eventually incorporated it into Nmap as Zenmap and we've been improving it ever since. We're particularly proud of the network topology, host filtering, scan comparison (using Ndiff), and language localization features.

While we're proud of what Zenmap has become, we know it could be much better. But user interface design is a difficult and subjective endeavor. We don't have a simple list you can follow for the perfect Zenmap redesign. Anyone who applies for this role needs to come in with substantial GUI design skills and some compelling ideas to start out with. Instead of spending the summer implementing someone else's design vision, your job will be to come up with and implement your own. The main focus is on usability, but making the app prettier is also a plus. Of course you won't just be set loose on the codebase for three months. We will have regular meetings and discuss design decisions. You will need to back up your change ideas with solid reasoning.

To apply for this position, first install and test out Zenmap. It comes with the Windows, Mac, and Linux packages on the Nmap download page. You application should describe, in detail, some of the changes you would make to enhance Zenmap's usability and aesthetic appeal. We highly encourage you to include design mock-ups in your application.

There are many Nmap bugs and desired features which are quite important but take much less than a whole summer to implement. Some may only take hours, while others could take weeks or even a month. The feature creeper and bug wranglers handle many such tasks during the summer. This lets them explore and contribute to a wide variety of the Nmap code base rather than spending the whole summer working on just one subsystem. The exact tasks won't all be itemized in advance, but you can look at the Nmap TODO list for the current list of pending tasks. If you apply for this task, you might mention several of the TODO items which you would be interested in and qualified for. Here are some more ideas:

• Create an update feed system for Nmap which let's people obtain the latest Nmap data files, such as NSE scripts/libs, nmap-os-db, nmap-service-probes, etc.
• Add functionality so that Nmap can do port scans through proxy servers (including SOCKS and HTTP proxies).
• Implement the NIST Common Platform Enumeration (CPE) standard (http://cpe.mitre.org/) for OS detection and version detection. Relevant discussion threads: here and here.
• When high-priority bugs are discovered, bug wranglers get on the case and solve them.

Rather than take a specific role (bug wrangler or feature creeper), the individual(s) sponsored for this position will do some of each. If you have ideas for small feature-creeping/bug-wrangling tasks, we'd love to hear about them in your application.

Since laziness is a virtue for this position, our normal application form is not required. Just tell us your best time-wasting story or any other relevant credentials for this critical role.

Nmap is moving into the cloud! Create a hosted application which allows users to log in and execute Nmap scans. Users should be able to view the results online (using Nmap XML output, rendered to XHTML or HTML using the nmap.xsl stylesheet distributed with Nmap) or have the normal (-oN) output emailed to them. Users should also be able to view online (or have mailed to them) differences since the last time they executed a particular scan. See the cloud scan requirements doc for more information. The Nmap project will pay for a Linode hosted virtual machine instance for the project duration.

We already have an initial version named Rainmap. It was written last year by SoC student Alexandru Totolici in Python (using the Django framework). It is anticipated that a sponsored student will work on improving and extending Rainmap rather than starting from scratch. That being said, it is 100% OK to write your application as if you were starting from scratch. That will allow you to express your own vision and you may be able to add many of those ideas to Rainmap during the summer.

Don't feel constrained to the ideas we have suggested here. If you are very familiar with Nmap and have your own great idea for improvement, propose it! There will be dozens of applicants for each position listed on this page, but your suggestions have less competition. Before writing a whole proposal, we recommend that you send a paragraph or two describing your idea to the nmap-dev list for feedback. Note that even if we don't accept your project idea (maybe the timing is not right or it doesn't quite fit into the Nmap roadmap), we will consider you for other Nmap projects if possible. We pay close attention to the credentials of every applicant and are happy to work with anyone with exceptional talent to find a project which is highly desirable to them and the Nmap project. So even submitting your own "long shot" idea is often more successful than cut & pasting one of the canned ideas on this page.

Ready to apply? Great! Please visit our SoC Application Notes page for instructions.

Nmap Site Navigation