Wai Tuck's Google Summer of Code with Nmap
After a gruelling 3 months from the middle of May to the end of August, GSoC has come to an end! It was my first time contributing to an open source project, and I felt I really did something amazing, contributing to something millions of people use all over the world. At the same time, I learnt the difficulties of working in an open source project - these are life lessons which I would not be able to get otherwise.
What has been done
- Sambacry script Repo PR (Merged)
- SMB minor bug fix Repo PR (Merged)
- Puppet naive signing detection script Repo PR (Merged)
- CVE-2017-8917 (Joomla!) Repo PR (Merged)
- exploit.lua refactoring + LFI improvements Repo PR (Pending review)
- smbloris script Repo PR(Pending review)
- pwdprofiling library Repo PR (Pending review)
What is left to do
- Merge exploit.lua and expand functionality - additions can include XSS, SQL injection, RFI
- Merge pwdprofiling library
- Fix socket issues/timing issues with smbloris (described here)
- Implement pwdmangling library (perhaps a Winter project that I might take on!) (design can be found here)
I will do my best to continue contributing to Nmap! It's been a great pleasure serving the community the best I can. I would like thank my mentor George Chatzisofroniou for his patience and guidance, and the rest of the Nmap team - calderpwn, dmiller, fyodor - for all the help; I had to juggle a number of commitments during this period and I do apologize for not being able to do more. A painful lesson to learn here is that having too many commitments is not a good thing either.