Skip to content

Instantly share code, notes, and snippets.

@wongwaituck wongwaituck/GSoC Secret
Last active Aug 29, 2017

What would you like to do?

Wai Tuck's Google Summer of Code with Nmap

After a gruelling 3 months from the middle of May to the end of August, GSoC has come to an end! It was my first time contributing to an open source project, and I felt I really did something amazing, contributing to something millions of people use all over the world. At the same time, I learnt the difficulties of working in an open source project - these are life lessons which I would not be able to get otherwise.

What has been done

  • Sambacry script Repo PR (Merged)
  • SMB minor bug fix Repo PR (Merged)
  • Puppet naive signing detection script Repo PR (Merged)
  • CVE-2017-8917 (Joomla!) Repo PR (Merged)
  • exploit.lua refactoring + LFI improvements Repo PR (Pending review)
  • smbloris script Repo PR(Pending review)
  • pwdprofiling library Repo PR (Pending review)

What is left to do

  • Merge exploit.lua and expand functionality - additions can include XSS, SQL injection, RFI
  • Merge pwdprofiling library
  • Fix socket issues/timing issues with smbloris (described here)
  • Implement pwdmangling library (perhaps a Winter project that I might take on!) (design can be found here)

I will do my best to continue contributing to Nmap! It's been a great pleasure serving the community the best I can. I would like thank my mentor George Chatzisofroniou for his patience and guidance, and the rest of the Nmap team - calderpwn, dmiller, fyodor - for all the help; I had to juggle a number of commitments during this period and I do apologize for not being able to do more. A painful lesson to learn here is that having too many commitments is not a good thing either.

Hack on!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.