Key requirements: Strong C++, algorithm, data structure, benchmarking, and code analysis skills.
We at the Nmap project pride ourselves at writing fast, efficient code, but there is always room for improvement. We're looking for someone who can do a deep dive into Nmap and find ways to improve the user experience by increasing speed and reducing resource (memory, CPU, network) usage. But we don't want to dramatically increase code complexity or cause other major maintenance headaches either.
For this role, deciding what to do will probably involve as much or more work than actually doing that. It will take careful analysis to determine what changes are likely to provide the most postive effect for users for a given amount of work.
The person in this role may also help with our large-scale scanning research to collect empirical data for improving performance, and/or analyze existing large data sets such as the Carna botnet. You will also want to take a close look at "competitor" scanning tools which focus on performance, such as Masscan and Zmap.
Here are some example tasks:
- Parallelize Nmap's forward DNS (target lookup) system so it doesn't have to handle them one-by-one using the gethostbyname family of system calls.
- Consider using a binary decision diagram for --exclude list to make it more efficient for large exclude lists. See http://seclists.org/nmap-dev/2012/q4/420.
- Improve our "top port list" (finding the best ports to scan by default) by using empirical data from the Carna botnet (details) or maybe by conducting large scale Internet scanning research.
- Benchmark Nmap's fixed rate scanning capability to ensure we can keep up with smaller tools like Masscan and Zmap.
- Optimize Zenmap to work with large-scale scans without running out of memory or otherwise bogging down.
Applications for this position should focus on your relevant optimization skills and experience as well as any ideas you have for improving Nmap performance.
Nmap Scripting Engine—Script Developers (3 Positions)
Key requirements: Know or quickly learn the (simple) Lua scripting language. Have significant network security and/or network administration skills. Experience with the C and C++ languages is a plus.
In 2006, Diman Todorov worked as a GSoC student with Nmap
to create the Nmap
Scripting Engine (NSE). It has become one of Nmap's most popular
and powerful features, allowing users to write (and share) simple
scripts to automate a wide variety of networking tasks. We now have
more than 430 scripts, all documented at
the NSEDoc Reference Portal.
They run the gamut from simple discovery tasks
web site titles,
grabbing, to complex functions
a web server to find SQL injection vulnerabilities
force authentication cracking of MSRPC (SMB) servers. For a fun
38-minute introduction to NSE, see Fyodor and David
Fifield's 2010 Defcon
It is time we make the most of this fast and powerful scripting
system! We need talented, creative developers to identify
useful scripts (through research and community input) and then
implementing them. We already have many candidate script
ideas on our
The script developers will also likely write some new libraries
since general code that many scripts are likely to use belongs in
libraries rather than the scripts themselves. Developers will also
help with testing and reviewing each other's scripts as well as those
submitted by the Nmap community. They may also have opportunities to
improve the NSE engine and infrastructure itself (this is where the C/C++ experience
If we receive enough great applications and sufficient slots from Google,
we would like to sponsor three script developers. Please specify your
preferences among the following development roles:
- Web scanning specialist
This position is perfect for a budding web guru with intimate
knowledge and interest in web-related standards and protocols,
important too. An understanding of common web
vulnerabilities such as SQL injection and cross-site scripting (XSS)
will also help. Tools to look at for inspiration
include Burp Suite and
w3af. Nmap already has
quite a few HTTP scripts that you can find on
the NSEDoc Portal, but many of
them could use improvement and they only scratch the surface of possible scripts. The
web has grown to dominate the Internet, so it is crucial that Nmap have solid web scanning capabilities.
- Discovery scanning specialist
Nmap is famous for network discovery and it already
discovery scripts. That still isn't good enough for us.
Applicants for this position must enjoy learning about and
implementing a wide variety of protocols. They will also be the go-to
guy (or gal) for any scripts which don't fit either of the positions
above, even if they aren't exclusively related to discovery.
- Vulnerability and exploitation specialist
If you love researching vulnerabilities and devising (and
implementing) scripts to detect and/or exploit them, this position is
for you! This person will follow the vulnerability announcement
forums and decide which ones merit detection and/or exploitation in
Nmap. They will watch what competing vuln scanners and exploitation
tools are implementing, but we also hope to beat many of those tools
to the punch. Malware detection scripts fit in this role too. You can see our current scripts in this genre by
our vuln, exploit, auth, and malware
While script developers may have specialties, they won't focus
exclusively on that single niche. Sometimes priorities or workload
balancing will dictate that they work on scripts or libraries which
don't precisely match their NSE specialty.