I want to analyze Nmap source code,for a start, what should I do? Nmap have many files and folders,and I don't know where to start, what should I do? i want know some Nmap work like how nmap detects the os or how nmap detects open ports? Does some nmap work exist in modules?
Thanks. Best Regards.
Nmap is an old and "grown" software package. It's better to start to read the excellent documentation and then the source instead the other way around.
I suggest Phrack 51 - The Art of Port Scanning and the slightly updated version as a still relevant primer.
Just to give you an glimpse on the mish mash nmaps internals are see this quote from the Phrack Articke above:
Prior to writing nmap, I spent a lot of time with other scanners exploring the Internet and various private networks (note the avoidance of the "intranet" buzzword). I have used many of the top scanners available today, including strobe by Julian Assange, netcat by Hobbit, stcp by Uriel Maimon, pscan by Pluvius, ident-scan by Dave Goldsmith, and the SATAN tcp/udp scanners by Wietse Venema. These are all excellent scanners! In fact, I ended up hacking most of them to support the best features of the others. Finally I decided to write a whole new scanner, rather than rely on hacked versions of a dozen different scanners in my /usr/local/sbin. While I wrote all the code, nmap uses a lot of good ideas from its predecessors. I also incorporated some new stuff like fragmentation scanning and options that were on my "wish list" for other scanners.
(Disclaimer: haven't checked nmap's internals for a few years. Somebody might have cleaned up the code in between, but i consider it unlikely.
Your best bet now is to use the python nmap library. It gives the best look at what's under the hood and you get to learn python as well.
An even better option if you are willing is to build your own in ruby. It really isn't that hard to do and you have more control on what is going on. Scapy is pretty good to learn as well. If you pull up wireshark with any of these while you are doing your scanning you will gain a much better understand on how everything works.
