Last active
August 19, 2016 06:44
-
-
Save sergeykhegay/6848746f2a2b365beca260a39e6cebe9 to your computer and use it in GitHub Desktop.
A post for final evaluation of my work for Nmap Security Scanner during GSoC 2016.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
As part of the Google Summer of Code 2016, I was lucky enough to contribute | |
to Nmap Security Scanner open source project. It was not easy all along, the | |
were some difficulties and frustrating moments, but overall I got a very | |
positive experience. | |
I would like to thank my mentor, Fotis Chantzis, community, and all the | |
developers who provided helpful feedback and suggestions, Patrick Donnelly, | |
Daniel Miller, and, my fellow GSoC participant, Vincent Dumont. | |
During the summer I worked on two major tasks: improving brute.lua and adding | |
support for libssh2. | |
Neither of changes is merged yet. But both projects are finished and are | |
awaiting for pending review. Current statuses are: | |
o. gsoc-brute - improving brute.lua changes. | |
https://github.com/sergeykhegay/nmap/tree/gsoc-brute | |
A pull request was sent, which can be reviewed here: | |
https://github.com/nmap/nmap/pull/518 | |
All commits are available here: | |
https://github.com/sergeykhegay/nmap/commits/gsoc-brute?author=sergeykhegay | |
A performance report is available here (was shared with Nmap Dev before): | |
https://drive.google.com/file/d/0Bw4slNtwpBy9TEZVNVBlSUVlZG8/view?usp=sharing | |
Changes (against latest merged commit from nmap/master): | |
https://github.com/nmap/nmap/compare/nmap:ed59a3d3700851ac2ae32c502c7058905cebfba6...sergeykhegay:gsoc-brute | |
o. gsoc-ssh - integration of libssh2. | |
https://github.com/sergeykhegay/nmap/tree/gsoc-ssh | |
I will send a pull request as soon as I have a chance to test it on Windows. | |
It seems that for the moment nmap/master branch has a bug and segfaults even | |
during a simple scan (as of 08.19.16). I will wait until this is fixed. You | |
still can pull the project and use it on Linux. | |
Overall, I would say that the current implementation works pretty stably as | |
on Linux as on Windows. | |
It is worth to mention that there are couple scripts that were also added | |
(all of them are Devin Bjelland's work. Devin contibuted to this project | |
before me): | |
ssh-auth-methods.nse | |
ssh-brute.nse | |
ssh-publickey-acceptance.nse | |
ssh-run.nse | |
and a library utility: | |
nselib/libssh2-utility.lua. | |
Commits are available here: | |
https://github.com/sergeykhegay/nmap/commits/gsoc-ssh?author=sergeykhegay | |
Changes (against latest merged commit from nmap/master): | |
https://github.com/nmap/nmap/compare/nmap:ed59a3d3700851ac2ae32c502c7058905cebfba6...sergeykhegay:gsoc-ssh | |
Minor projects: | |
o. gsoc-lpeg - updating LPeg from v0.12 to v1.0. | |
https://github.com/sergeykhegay/nmap/tree/gsoc-lpeg | |
This project was stalled because of a presumable bug in LPeg v1.0. I found | |
a grammar and a pattern for which nmap crashes with a stack overflow. All | |
this was reported to Patrick Donnelly for further investigation. I plan to | |
resume on this project as soon as I finish with gsoc-brute and gsoc-ssh | |
(when they are merged). | |
PR and discussion are here: | |
https://github.com/nmap/nmap/pull/478 | |
Commits are here: | |
https://github.com/sergeykhegay/nmap/commits/gsoc-lpeg?author=sergeykhegay | |
o. issue-216 - I made a PR before the start of GSoC but committed some changes | |
during the program. | |
https://github.com/sergeykhegay/nmap/tree/issue-216 | |
PR "Add --defeat-icmp-ratelimit option for UDP scanning" is here: | |
https://github.com/nmap/nmap/pull/353 | |
Commits are here: | |
https://github.com/sergeykhegay/nmap/commits/issue-216?author=sergeykhegay | |
As for my plans, I will hang around with Nmap a bit longer, at least until all | |
my changes are merged. I hope I will be able to contribute more (I have seen | |
interesting issues in the bug tracker). | |
Best regards, | |
Sergey. | |
08.19.2016 - add more links and text. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment