The Nmap Security Scanner Project is one of only 7 organizations to
participate in all twelve
Google Summers of Code. This innovative and extraordinarily generous program provides up to $6000 USD
stipends to 1,000+ college and graduate students each year to create
and enhance open source software during their summer break. Students
gain valuable experience, get paid, strengthen their résumé, and write
code which will be distributed freely and used by millions of people! It has
been a huge success for us and the 73 student participants we've mentored over
the years. Google published a great story by one of our alumni in
his own words explaining how GSoC changed his life for the better, and we
also publish our success
stories every year. So we're delighted and excited that Google has
selected us again in 2017!
Nmap is a free tool for network exploration or security auditing.
Several project ideas are suggested below,
or you can come up with your own clever
project. Maybe there is a feature that you have wanted for years,
but nobody has yet stepped up to the plate to implement it.
Almost all college and graduate students are eligible, but you need to hurry because student applications are only accepted from March 20 until Monday, April 3, 16:00 UTC (complete timeline). Applications can be submitted from our org profile page (the apply button should appear on March 20).
We have written some tips for preparing a great
application. If you apply (or plan to), please join the temporary
mailing list to receive announcements. If you have any questions
about your ideas, the best place to post them is
the Nmap Dev mailing list
here or read the archives
online). Questions specific to the Nmap SoC program may be sent
to Nmap Dev or SoC
lists, but we recommend Nmap Dev if the post is technical in nature.
Note that there are some basic requirements which apply to all sponsored projects.
While you may submit a proposal for any cool idea your heart
desires, here are some suggestions that we consider extremely
desirable for the Nmap project and its users:
Key requirements: C/C++ skills, software engineering and test writing experience.
The Nmap Project is a fairly large code base, about 20 million lines of code
including bundled third-party libraries. We have some rudimentary regression
tests, but only for some components (Nsock, Ncat, and Zenmap). We're looking
for someone who can implement an easy-to-use test system that can run on the
various platforms we support (Windows, Linux, OS X, etc.) so we can be sure
that the code does what it intends to do.
While the primary purpose of this role is to implement testing for Nmap's C++ codebase, we would also give consideration to someone willing to clean up Zenmap's existing tests, written in Python 2.
Key requirements: Strong C++, algorithm, data structure, benchmarking, and code analysis skills.
We at the Nmap project pride ourselves at writing fast, efficient code, but there is always room for improvement. We're looking for someone who can do a deep dive into Nmap and find ways to improve the user experience by increasing speed and reducing resource (memory, CPU, network) usage. But we don't want to dramatically increase code complexity or cause other major maintenance headaches either.
For this role, deciding what to do will probably involve as much or more work than actually doing that. It will take careful analysis to determine what changes are likely to provide the most postive effect for users for a given amount of work.
The person in this role may also help with our large-scale scanning research to collect empirical data for improving performance, and/or analyze existing large data sets such as the Carna botnet. You will also want to take a close look at "competitive" scanning tools which focus on performance, such as Masscan and Zmap.
Here are some example tasks:
- Parallelize Nmap's forward DNS (target lookup) system so it doesn't have to handle them one-by-one using the gethostbyname family of system calls.
- Consider using a binary decision diagram for --exclude list to make it more efficient for large exclude lists. See http://seclists.org/nmap-dev/2012/q4/420.
- Improve our "top port list" (finding the best ports to scan by default) by using empirical data from the Carna botnet (details) or by conducting large scale Internet scanning research.
- Benchmark Nmap's fixed rate scanning capability to ensure we can keep up with smaller tools like Masscan and Zmap.
- Optimize Zenmap to work with large-scale scans without running out of memory or otherwise bogging down.
More ideas are on the SecWiki GSoC community ideas page.
Applications for this position should focus on your relevant optimization skills and experience as well as any ideas you have for improving Nmap performance.
Nmap Scripting Engine—Script Developers
Key requirements: Know or quickly learn the (simple) Lua scripting language. Have significant network security and/or network administration skills. Experience with the C and C++ languages is a plus.
In 2006, Diman Todorov worked as a GSoC student with Nmap
to create the Nmap
Scripting Engine (NSE). It has become one of Nmap's most popular
and powerful features, allowing users to write (and share) simple
scripts to automate a wide variety of networking tasks. We now have
more than 515 scripts, all documented at
the NSEDoc Reference Portal.
They run the gamut from simple discovery tasks
web site titles,
grabbing, to complex functions
a web server to find SQL injection vulnerabilities
force authentication cracking of MSRPC (SMB) servers. For a fun
38-minute introduction to NSE, see Fyodor and David
Fifield's 2010 Defcon
It is time we make the most of this fast and powerful scripting
system! We need talented, creative developers to identify
useful scripts (through research and community input) and then
implementing them. We already have many candidate script
ideas on our
The script developers will also likely write some new libraries
since general code that many scripts are likely to use belongs in
libraries rather than the scripts themselves. Developers will also
help with testing and reviewing each other's scripts as well as those
submitted by the Nmap community. They may also have opportunities to
improve the NSE engine and infrastructure itself (this is where the C/C++ experience
In previous years we have sponsored up to 3 script developer in a single
summer. Please specify your preferences among the following development roles:
- Web scanning specialist
This position is perfect for a budding web guru with intimate
knowledge and interest in web-related standards and protocols,
important too. An understanding of common web
vulnerabilities such as SQL injection and cross-site scripting (XSS)
will also help. Tools to look at for inspiration
include Burp Suite and
w3af. Nmap already has
quite a few HTTP scripts that you can find on
the NSEDoc Portal, but many of
them could use improvement and they only scratch the surface of possible scripts. The
web has grown to dominate the Internet, so it is crucial that Nmap have solid web scanning capabilities.
- Discovery scanning specialist
Nmap is famous for network discovery and it already
discovery scripts. That still isn't good enough for us.
Applicants for this position must enjoy learning about and
implementing a wide variety of protocols. They will also be the go-to
guy (or gal) for any scripts which don't fit either of the other positions,
even if they aren't exclusively related to discovery.
- Vulnerability and exploitation specialist
If you love researching vulnerabilities and devising (and
implementing) scripts to detect and/or exploit them, this position is
for you! This person will follow the vulnerability announcement
forums and decide which ones merit detection and/or exploitation in
Nmap. They will watch what competing vuln scanners and exploitation
tools are implementing, but we also hope to beat many of those tools
to the punch. Malware detection scripts fit in this role too. You can see our current scripts in this genre by
our vuln, exploit, auth, and malware
While script developers may have specialties, they won't focus
exclusively on that single niche. Sometimes priorities or workload
balancing will dictate that they work on scripts or libraries which
don't precisely match their NSE specialty.
Feature Creepers and Bug Wranglers
Key requirements: Strong C/C++ skills. Python and Lua skills are valuable as well.
There are many Nmap bugs and desired features which are quite
important but take much less than a whole summer to implement. Some
may only take hours, while others could take weeks or even a month.
The feature creeper and bug wranglers handle many such tasks during
the summer. This lets them explore and contribute to a wide variety
of the Nmap code base rather than spending the whole summer working on
just one subsystem. The exact tasks won't all be itemized in advance,
but you can look at our bug tracker or
the Nmap TODO list for
the current list of pending tasks. Also see the community ideas page. If you apply for this task, you
might mention several of the TODO items which you would be interested
in and qualified for. Here are some more ideas:
- Implement a "fast-mode" for UDP scanning that could speed up one of the slowest parts of Nmap.
- Extend Nmap's
--resume feature to work with XML output (see issue #243).
- Implement port scanning from within the Nmap Scripting Engine (see here and here).
- Extend IPv6 support to the decoy and fragmentation scan features of Nmap.
- When high-priority bugs are discovered, you get on the case and solve them.
Rather than take a specific role (bug wrangler or feature creeper),
the individual(s) sponsored for this position will do some of each.
If you have ideas for small feature-creeping/bug-wrangling tasks,
we'd love to hear about them in your application.
Machine learning IPv6 OS detection
Key requirements: Substantial machine learning experience as well as strong C/C++ programming skills. Networking and IPv6 knowledge is also valuable.
Machine learning (sometimes called artificial intelligence) is revolutionizing the way we use computers, from systems that respond to our voice to cars that drive themselves. We're using it in Nmap too—particularly for our new IPv6 OS detection system. With IPv4, we manually look at features such as TCP window size and option order to create signatures for distinguishing operating systems. But with IPv6, we just dump 600 factors into a linear classification system and give it a big data set of known OS responses and let the system learn the best ways to distinguish them.
We believe this ML system is the future and that we'll eventually extend this to IPv4. But we also see room for improvement. We're not ML experts, but we've considered adding imputation as well as changing some aspects of the classifier to produce better results. Creating a good empirical test system to evaluate changes is essential so we know that our "improvements" actually make things better. We're looking for someone who really understands ML and can find innovative ways to ensure that Nmap remains the top tool for active OS detection.
The most likely mentor for this project is Nmap developer and IPv6 researcher Mathias Morbitzer.
Password security wizard
Key requirements: Solid networking skills and programming experience. C/C++ and Lua are the most important languages for this project (Lua is easy to learn). Performance optimization experience is helpful as well.
One of the biggest weaknesses in many major networked systems is the lowly password. No matter how high the general security "walls" are bult up, they're useless if an attacker can compromise a password and get in through the front door. And even if 99% of the passwords are good, it only takes that 1% of weak/default passwords to let the bad guys in.
For these reasons, the Nmap Project has developed a number of systems to allow organizations to test their passwords for security by brute force authentication cracking. One is the Ncrack tool, which was developed by Fotis Hantzis (Ithilgore) and Fyodor during a previous Summer of Code. But this Summer, our focus is improving the brute force authentication cracking ability of Nmap's native Nmap Scripting Engine.
The Nmap Scripting Engine currently has more than 60 scripts in our authentication checking ("brute") category. We also offer the brute library and a creds (credentials) library to make writing and maintaining these scripts easier. But there is plenty of room to make the system faster, more comprehensive, and more useful. While the exact tasks to do this summer will be worked out between the mentor and selected student, here are some ideas of valuable work for helping to close the persistent security risk:
- Write and test new scripts to allow brute force credential checking of protocols we can't yet handle.
- Work on supporting particularly tough protocols, such as SSH and RDP.
- Test the performance of Nmap's current system and work to improve it. It is unlikely that Nmap NSE will be able to surpass a dedicated tool like Ncrack in performance, but we should be able to come closer. Changes might include optimizing the underlying NSE parallelization system, updating the brute library to be more efficient, upgrading scripts themselves, etc. Of course it is critical that accuracy doesn't suffer in the name of speed.
The most likely mentor for this task would be Ncrack author Fotis Hantzis (Ithilgore).
Your Own Creative Idea!
Key requirements: Creativity
Don't feel constrained to the ideas we have suggested here. If you
are very familiar with Nmap and have your own great idea for
improvement, propose it! There will be dozens of applicants for each
position listed on this page, but your suggestions have less
competition. Before writing a whole proposal, we recommend that you
send a paragraph or two describing your idea to
the nmap-dev list for
feedback. Also, the idea does have to be directly related to Nmap or its
family of tools (Ncat, Ndiff, etc.) We're not going to sponsor unrelated
Note that even if we don't accept your project idea (maybe
the timing is not right or it doesn't quite fit into the Nmap
roadmap), we will consider you for other Nmap projects if possible.
We pay close attention to the credentials of every applicant and are
happy to work with anyone with exceptional talent to find a project
which is highly desirable to them and to the Nmap project. So even
submitting your own "long shot" idea is often more successful than cut
and pasting one of the canned ideas on this page.
Key requirements: Varies
If nothing yet has tickled your fancy and you don't want to propose your own idea from scratch, consider some of the community-contributed ideas on our wiki. Or feel free to add your own ideas there, even if you don't plan to apply for Nmap SoC.
In addition, we have many candidate ideas in the Nmap TODO list and the bug tracker.
Ready to apply? Great! Please visit our SoC Application Notes page for instructions.