From 2397237e207a7e78b7235170651d949a758ca0c5 Mon Sep 17 00:00:00 2001 From: knakul853 Date: Sat, 6 Dec 2025 22:20:02 +0530 Subject: [PATCH 1/5] feat: added gsoc docs --- mint.json | 40 ++ opensource/gsoc/2025/application-process.mdx | 368 +++++++++++++++ opensource/gsoc/2025/community-engagement.mdx | 349 ++++++++++++++ opensource/gsoc/2025/faq.mdx | 348 ++++++++++++++ opensource/gsoc/2025/getting-started.mdx | 317 +++++++++++++ opensource/gsoc/2025/mentor-guidelines.mdx | 328 ++++++++++++++ opensource/gsoc/2025/mentor-resources.mdx | 400 ++++++++++++++++ opensource/gsoc/2025/overview.mdx | 188 ++++++++ opensource/gsoc/2025/project-ideas.mdx | 426 ++++++++++++++++++ opensource/gsoc/2025/timeline.mdx | 271 +++++++++++ opensource/gsoc/index.mdx | 78 ++++ .../gsoc/resources/evaluation-criteria.mdx | 343 ++++++++++++++ .../gsoc/resources/proposal-template.mdx | 274 +++++++++++ 13 files changed, 3730 insertions(+) create mode 100644 opensource/gsoc/2025/application-process.mdx create mode 100644 opensource/gsoc/2025/community-engagement.mdx create mode 100644 opensource/gsoc/2025/faq.mdx create mode 100644 opensource/gsoc/2025/getting-started.mdx create mode 100644 opensource/gsoc/2025/mentor-guidelines.mdx create mode 100644 opensource/gsoc/2025/mentor-resources.mdx create mode 100644 opensource/gsoc/2025/overview.mdx create mode 100644 opensource/gsoc/2025/project-ideas.mdx create mode 100644 opensource/gsoc/2025/timeline.mdx create mode 100644 opensource/gsoc/index.mdx create mode 100644 opensource/gsoc/resources/evaluation-criteria.mdx create mode 100644 opensource/gsoc/resources/proposal-template.mdx diff --git a/mint.json b/mint.json index 0532eee3..1af2fc03 100644 --- a/mint.json +++ b/mint.json @@ -105,6 +105,46 @@ "group": "Open Source", "pages": [ "opensource/index", + { + "group": "Google Summer of Code", + "icon": "graduation-cap", + "iconType": "duotone", + "pages": [ + "opensource/gsoc/index", + { + "group": "GSoC 2025", + "icon": "calendar", + "iconType": "solid", + "pages": [ + "opensource/gsoc/2025/overview", + "opensource/gsoc/2025/getting-started", + "opensource/gsoc/2025/application-process", + "opensource/gsoc/2025/project-ideas", + "opensource/gsoc/2025/timeline", + "opensource/gsoc/2025/faq", + "opensource/gsoc/2025/community-engagement", + { + "group": "For Mentors", + "icon": "chalkboard-user", + "iconType": "solid", + "pages": [ + "opensource/gsoc/2025/mentor-guidelines", + "opensource/gsoc/2025/mentor-resources" + ] + } + ] + }, + { + "group": "Resources", + "icon": "book", + "iconType": "solid", + "pages": [ + "opensource/gsoc/resources/proposal-template", + "opensource/gsoc/resources/evaluation-criteria" + ] + } + ] + }, { "group": "AlterX", "icon": "cloud-word", diff --git a/opensource/gsoc/2025/application-process.mdx b/opensource/gsoc/2025/application-process.mdx new file mode 100644 index 00000000..c1bd0644 --- /dev/null +++ b/opensource/gsoc/2025/application-process.mdx @@ -0,0 +1,368 @@ +--- +title: "Application Process & Proposal Guidelines" +description: "How to write a successful GSoC proposal for ProjectDiscovery" +sidebarTitle: "Application Process" +icon: "file-pen" +--- + +# Application Process & Proposal Guidelines + +Learn how to write a compelling GSoC proposal that stands out. A well-crafted proposal significantly increases your chances of acceptance. + +## Application Timeline + +| Date | Action | +|------|--------| +| **March 18, 2025** | Applications open on GSoC website | +| **March 18-31** | Draft proposal, get mentor feedback, iterate | +| **April 1, 18:00 UTC** | ⚠️ **Application deadline** - Submit final proposal | +| **May 1, 2025** | Accepted contributors announced | + + +**Deadline**: April 1, 2025 at 18:00 UTC. No late submissions are accepted. Submit early! + + +[View full timeline →](/opensource/gsoc/2025/timeline) + +## Before You Apply + +### Prerequisites Checklist + +Before writing your proposal: + +- ✅ Joined ProjectDiscovery Discord +- ✅ Tried at least 2-3 of our tools +- ✅ Made at least 1 code contribution (strongly recommended) +- ✅ Discussed project ideas with mentors +- ✅ Read relevant tool documentation +- ✅ Understand the codebase basics + + +Contributors who make meaningful contributions before applying have significantly higher acceptance rates. + + +## Proposal Structure + +Your proposal should include these sections: + +### 1. Personal Information +- Full name and contact details +- GitHub and Discord usernames +- University and graduation year (if applicable) +- Time zone and location +- Expected availability + +### 2. Abstract (2-3 sentences) +Concise summary of your project: +- What problem you're solving +- Your approach +- Expected outcome + +**Example**: *"This project will implement a performance profiling framework for Nuclei templates to identify bottlenecks and optimize scan speed. The solution includes profiling hooks in the template engine, a CLI analysis tool, and a web dashboard for visualization. The expected outcome is 20-30% improvement in template execution speed for complex scans."* + +### 3. Project Description + +#### Problem Statement +- What problem are you solving? +- Why is this important? +- What are current limitations? +- Who will benefit from this? + +#### Proposed Solution +- Your approach to solving the problem +- Why this approach is appropriate +- Alternative approaches considered +- Expected benefits + +#### Technical Approach +- Specific implementation details +- Technologies and libraries you'll use +- Architecture and design patterns +- Integration with existing code +- Performance considerations + +### 4. Implementation Plan + +Break your project into phases with specific milestones: + +**Phase 1: Foundation (Weeks 1-4)** +- Week 1: [Specific milestone with deliverable] +- Week 2: [Specific milestone with deliverable] +- Week 3: [Specific milestone with deliverable] +- Week 4: [Specific milestone with deliverable] +- **Deliverables**: [Concrete, testable outcomes] + +**Phase 2: Core Development (Weeks 5-8)** +- Detailed weekly milestones +- **Deliverables**: [What will be completed] + +**Phase 3: Integration & Testing (Weeks 9-12)** +- Testing, documentation, polish +- **Deliverables**: [Final outcomes] + + +Each milestone should be specific and measurable. Instead of "Implement feature X", write "Implement feature X with unit tests achieving 80% coverage". + + +### 5. Testing Strategy +- Unit tests for core functionality +- Integration tests for feature interactions +- Performance benchmarks +- Edge case handling +- Test coverage goals (aim for 70-80%) + +### 6. Documentation Plan +- Code comments and docstrings +- README updates +- User guide or tutorial +- API documentation (if applicable) +- Example usage + +### 7. Qualifications + +#### Your Experience +- Programming background +- Relevant coursework or projects +- Professional experience (if any) +- Open source contributions + +#### Technical Skills +- **Go**: Proficiency level and experience +- **Other languages**: Relevant skills +- **Tools**: Version control, CI/CD, etc. +- **Security**: Any security-related experience + +#### Contributions to ProjectDiscovery +List your contributions with links: +- PR #123: Description - [Link] +- Issue #456: Description - [Link] +- Documentation improvements - [Link] + +#### Past Projects +Showcase 1-2 relevant projects: +- Description +- Technologies used +- Your role +- Link to code/demo + +### 8. Timeline & Availability +- Total hours (175 or 350) +- Weekly time commitment +- Any known conflicts (exams, vacation, etc.) +- Backup plans for conflicts + +### 9. Post-GSoC Plans +- How you'll continue contributing +- Long-term vision for the project +- Plans to maintain your work + +### 10. References +- Links to relevant issues, discussions, docs +- Technical references +- Research papers or articles (if applicable) + +## What Makes a Strong Proposal + +### Technical Excellence +✅ Demonstrates deep understanding of the problem +✅ Provides specific implementation details +✅ Considers edge cases and challenges +✅ Shows familiarity with codebase +✅ Includes performance considerations + +### Realistic Planning +✅ Detailed week-by-week timeline +✅ Measurable milestones +✅ Appropriate scope for hours +✅ Includes testing and documentation time +✅ Has buffer for unexpected issues + +### Community Engagement +✅ Prior code contributions +✅ Active Discord participation +✅ Understanding of project goals +✅ Professional communication +✅ Early engagement (not last-minute) + +### Clear Communication +✅ Well-organized structure +✅ Clear, concise writing +✅ Proper grammar and spelling +✅ Appropriate level of detail +✅ Professional presentation + +## Proposal Resources + + + + Copy our template to get started + + + Understand how proposals are scored + + + Browse available projects + + + Learn the basics + + + +## Tips for Success + +### Start Early +- Begin 3-4 weeks before the deadline +- Give yourself time for feedback and iteration +- Early submissions can be updated before the deadline + +### Get Feedback +- Share your draft with mentors on Discord +- Ask specific questions about your approach +- Iterate based on feedback +- Don't wait until the last day + +### Be Specific +Replace vague statements with concrete details: + +❌ "Improve performance of the tool" +✅ "Optimize template execution by implementing caching for DNS responses, reducing redundant lookups by 60%" + +❌ "Add new features" +✅ "Implement three specific features: rate limiting (Week 3-4), custom headers support (Week 5-6), and response caching (Week 7-8)" + +### Show Your Work +- Link to your prior contributions +- Include code samples or demos +- Reference specific files/functions in the codebase +- Show you've done your research + +### Be Realistic +- Don't over-promise +- Account for learning curve +- Include buffer time +- Better to under-promise and over-deliver + +### Proofread +- Check grammar and spelling +- Ensure all links work +- Format consistently +- Have someone else review it + +## Common Mistakes to Avoid + + +Avoid these pitfalls that hurt proposals: + + +### Too Vague +❌ Generic descriptions without specifics +❌ "Will improve the tool" +❌ No technical details +✅ Specific features, approaches, and outcomes + +### Too Ambitious +❌ Proposing to rewrite major components +❌ 500+ hours of work in 350-hour project +❌ No buffer for problems +✅ Realistic scope with buffer time + +### No Prior Engagement +❌ First interaction is submitting proposal +❌ No contributions to ProjectDiscovery +❌ Hasn't tried the tools +✅ Active community member with contributions + +### Copy-Paste +❌ Generic proposal that could apply anywhere +❌ Copied from other proposals +❌ No customization to ProjectDiscovery +✅ Specific to ProjectDiscovery and the project + +### Poor Planning +❌ Vague milestones like "Work on feature X" +❌ All work in first few weeks +❌ No testing or documentation time +✅ Detailed weekly plan with testing included + +## Submission Process + +### How to Submit + +1. **Create account** on [GSoC website](https://summerofcode.withgoogle.com/) +2. **Find ProjectDiscovery** in organization list +3. **Select project** (or choose "Custom Project") +4. **Upload proposal** (PDF or Google Doc link) +5. **Submit** before deadline +6. **Confirm** submission was successful + +### Submission Tips + +- **Format**: PDF or Google Docs (preferred for easy updates) +- **Length**: 5-10 pages typically (quality over quantity) +- **Filename**: `GSoC2025_YourName_ProjectTitle.pdf` +- **Backup**: Keep a local copy +- **Early submission**: You can update before deadline + + +Submit at least 24 hours before the deadline to account for technical issues. + + +### After Submission + +- **Continue contributing**: Keep making contributions +- **Be responsive**: Answer any follow-up questions promptly +- **Stay engaged**: Participate in Discord +- **Be patient**: Review takes time +- **Check regularly**: Monitor your GSoC dashboard + +## Evaluation Process + +Your proposal will be evaluated by mentors based on: + +- **Technical Merit** (30%): Quality of technical approach +- **Implementation Plan** (25%): Realism and detail of timeline +- **Community Engagement** (20%): Prior contributions and involvement +- **Applicant Qualifications** (15%): Relevant skills and experience +- **Proposal Quality** (10%): Clarity and professionalism + +[View detailed evaluation criteria →](/opensource/gsoc/resources/evaluation-criteria) + +## Timeline for Applicants + +### 3-4 Weeks Before Deadline +- Draft complete proposal +- Include all required sections +- Add technical details + +### 2-3 Weeks Before Deadline +- Share draft with mentors on Discord +- Get feedback on approach +- Continue making contributions + +### 1-2 Weeks Before Deadline +- Incorporate mentor feedback +- Polish and proofread +- Finalize timeline details + +### 3-7 Days Before Deadline +- Final review +- Submit to GSoC website +- Confirm submission + +### After Submission +- Continue contributing +- Stay active in community +- Be available for questions + +## Need Help? + + + + Get help from mentors and community in #gsoc + + + See our proposal template + + + +Good luck with your proposal! We're excited to read it. 🚀 diff --git a/opensource/gsoc/2025/community-engagement.mdx b/opensource/gsoc/2025/community-engagement.mdx new file mode 100644 index 00000000..cad87da5 --- /dev/null +++ b/opensource/gsoc/2025/community-engagement.mdx @@ -0,0 +1,349 @@ +--- +title: "Community Engagement Guide" +description: "How to engage with ProjectDiscovery's community during GSoC" +sidebarTitle: "Community" +icon: "users" +--- + +# Community Engagement Guide + +Learn how to effectively engage with ProjectDiscovery's community, make contributions, and build relationships with mentors and fellow contributors. + +## Communication Channels + +### Discord (Primary Channel) + +Our main hub for community interaction: + + + Join 20,000+ security enthusiasts in our community + + +**Key Channels for GSoC**: +- **#gsoc**: GSoC-specific discussions, questions, and announcements +- **#introductions**: Introduce yourself to the community +- **#nuclei**, **#httpx**, **#katana**: Tool-specific technical discussions +- **#general**: General conversations +- **#help**: Get help with our tools + +**When to Use Discord**: +- Asking questions about projects or proposals +- Getting clarification on technical approaches +- Discussing ideas with mentors +- Daily updates during GSoC +- Community bonding and networking + +### GitHub (Code & Issues) + +Where the code lives and work happens: + +**ProjectDiscovery Organization**: [github.com/projectdiscovery](https://github.com/projectdiscovery) + +**When to Use GitHub**: +- Reporting bugs or issues +- Submitting code contributions (pull requests) +- Reviewing code changes +- Technical discussions on specific issues +- Tracking project progress + +**Popular Repositories**: +- [Nuclei](https://github.com/projectdiscovery/nuclei) +- [httpx](https://github.com/projectdiscovery/httpx) +- [Katana](https://github.com/projectdiscovery/katana) +- [Subfinder](https://github.com/projectdiscovery/subfinder) +- [All repositories](https://github.com/orgs/projectdiscovery/repositories) + +### Email (Limited Use) + +Email is for private communications only. Prefer public channels (Discord/GitHub) when possible. + +## Communication Etiquette + +### Asking Good Questions + + +**Before asking**, search Discord history and GitHub issues to see if your question has been answered before. + + +**Good Question Format**: +1. **Context**: What are you trying to do? +2. **What you've tried**: Steps you've already taken +3. **Specific problem**: Exact error or issue +4. **Environment**: Relevant details (OS, version, etc.) + +**Example**: +``` +❌ Bad: "httpx doesn't work, help!" + +✅ Good: "I'm trying to use httpx to scan a list of URLs from a file, +but I'm getting a 'connection refused' error. I've tried: +1. Running with -v flag +2. Checking the target is accessible with curl (works fine) +3. Testing with a single URL (works) + +Error message: [paste error] +Command: httpx -l urls.txt +OS: Ubuntu 22.04, httpx version: v1.3.0 + +Any ideas what might be wrong?" +``` + +### Response Time Expectations + +**From you**: +- **Within 24 hours** for mentor questions +- **Same day** for critical blocking issues +- **Regular updates** on Discord during GSoC + +**From mentors/community**: +- **24-48 hours** during application period +- **24 hours** for GSoC blocking issues +- **48 hours** for general questions +- Faster responses during UTC business hours + +### Professional Communication + +✅ **Do**: +- Be respectful and professional +- Provide context and details +- Thank people for their help +- Share solutions when you figure things out +- Help others when you can +- Be patient and understanding + +❌ **Don't**: +- Send unsolicited DMs to mentors (use public channels) +- Ask the same question across multiple channels +- Demand immediate responses +- Share confidential or inappropriate content +- Spam or flood channels +- Be dismissive of feedback + +## Making Your First Contribution + +### Finding Good Issues + +Look for issues labeled: +- `good-first-issue`: Perfect for newcomers +- `help-wanted`: Community contributions welcome +- `documentation`: Improve docs +- `bug`: Fix a reported problem + +**Where to Find Them**: +``` +https://github.com/projectdiscovery/nuclei/labels/good-first-issue +https://github.com/projectdiscovery/httpx/labels/help-wanted +``` + +### Contribution Workflow + +1. **Find an issue** you want to work on +2. **Comment** on the issue: "I'd like to work on this" +3. **Fork** the repository to your account +4. **Clone** your fork locally + ```bash + git clone https://github.com/YOUR_USERNAME/nuclei.git + cd nuclei + ``` +5. **Create a branch** for your changes + ```bash + git checkout -b fix-issue-123 + ``` +6. **Make your changes** with tests +7. **Commit** with a clear message + ```bash + git commit -m "Fix: description of what you fixed (#123)" + ``` +8. **Push** to your fork + ```bash + git push origin fix-issue-123 + ``` +9. **Create Pull Request** on GitHub +10. **Respond to feedback** and iterate + +### Pull Request Best Practices + +**Good PR Description**: +```markdown +## Description +Fixes #123 - Brief description of the issue + +## Changes +- Specific change 1 +- Specific change 2 + +## Testing +- [ ] Added unit tests +- [ ] Tested manually with: [command] +- [ ] All existing tests pass + +## Screenshots (if applicable) +[Add screenshots for UI changes] +``` + +**Before Submitting**: +- ✅ Code follows project style guidelines +- ✅ All tests pass (`go test ./...`) +- ✅ Added tests for new functionality +- ✅ Updated documentation if needed +- ✅ Commit messages are clear +- ✅ PR description explains changes + +### Responding to Code Review + +Code review is a learning opportunity: + +1. **Be receptive**: Feedback helps you improve +2. **Ask questions**: If you don't understand, ask for clarification +3. **Explain reasoning**: Share why you made certain choices +4. **Make changes**: Update your PR based on feedback +5. **Thank reviewers**: Appreciate their time + + +Don't take feedback personally. Even experienced developers get lots of comments on their PRs! + + +## Building Your Profile + +### Consistent Contributions + +**Quality > Quantity**: +- 1 meaningful PR > 10 typo fixes +- Focus on understanding, not just fixing +- Learn from each contribution + +**Contribution Ideas**: +1. **Week 1**: Documentation improvements +2. **Week 2**: Fix a simple bug +3. **Week 3**: Add test coverage +4. **Week 4**: Implement a small feature +5. **Ongoing**: Help others, review PRs + +### Helping Others + +**Ways to Contribute Beyond Code**: +- Answer questions in Discord +- Review others' pull requests +- Write tutorials or blog posts +- Report bugs with detailed reproduction steps +- Test new features and provide feedback +- Improve documentation + +### Engaging with Mentors + +**Building Relationships**: +- Participate in technical discussions +- Share your learning journey +- Ask thoughtful questions +- Show initiative and curiosity +- Be consistent and reliable + +**What Mentors Look For**: +- Technical ability +- Communication skills +- Initiative and self-direction +- Willingness to learn +- Reliability and follow-through +- Positive attitude + +## Community Guidelines + +### Code of Conduct + +ProjectDiscovery is committed to providing a welcoming and inclusive community for everyone. + +**Expected Behavior**: +- Be respectful and considerate +- Welcome newcomers +- Accept constructive criticism gracefully +- Focus on what's best for the community +- Show empathy towards others + +**Unacceptable Behavior**: +- Harassment or discrimination +- Trolling or inflammatory comments +- Personal attacks +- Sharing private information +- Inappropriate content + +### Conflict Resolution + +If you encounter issues: + +1. **Assume good intent**: Most conflicts are misunderstandings +2. **Communicate directly**: Try to resolve privately first +3. **Stay professional**: Keep emotions in check +4. **Involve moderators**: If direct resolution doesn't work +5. **Document**: Keep records of serious issues + +## During GSoC + +### Communication Expectations + +**Weekly Minimum**: +- 2 check-ins with your mentor +- 1 progress update in Discord +- Regular commits to your branch +- Prompt responses to feedback + +**Recommended**: +- Daily brief updates (even if small) +- Proactive communication about blockers +- Sharing interesting discoveries +- Participating in community discussions + +### Staying Engaged + +**Daily**: +- Check Discord for messages +- Review mentor feedback +- Make progress on your project +- Help others when possible + +**Weekly**: +- Share progress update +- Sync with mentor +- Review your timeline +- Adjust plans if needed + +**Monthly**: +- Reflect on progress +- Update documentation +- Celebrate milestones +- Plan next phase + +## Resources + + + + Join our community + + + Browse our code + + + GSoC participation guide + + + Common questions + + + +## Tips for Success + + + + Begin contributing 6-8 weeks before the application deadline + + + Regular small contributions > occasional large ones + + + Over-communicate rather than under-communicate + + + Give back to the community that's helping you + + + +Welcome to the ProjectDiscovery community! We're excited to have you. 🎉 diff --git a/opensource/gsoc/2025/faq.mdx b/opensource/gsoc/2025/faq.mdx new file mode 100644 index 00000000..7be9d5ca --- /dev/null +++ b/opensource/gsoc/2025/faq.mdx @@ -0,0 +1,348 @@ +--- +title: "Frequently Asked Questions" +description: "Common questions about ProjectDiscovery's GSoC program" +sidebarTitle: "FAQ" +icon: "circle-question" +--- + +# Frequently Asked Questions + +Find answers to common questions about participating in Google Summer of Code with ProjectDiscovery. + +## Eligibility Questions + +### Who can apply to GSoC? + +Anyone who is at least 18 years old and meets GSoC's eligibility criteria can apply. You should be: +- A student or recent graduate, or +- An open source beginner (first-time contributor) + +You must also be able to work legally during the program period. + +### Do I need to be currently enrolled as a student? + +No, recent graduates and open source beginners can also participate. Check the [official GSoC eligibility rules](https://summerofcode.withgoogle.com/rules) for details. + +### Are there age restrictions? + +Yes, you must be at least 18 years old to participate in GSoC. + +### Can I participate from any country? + +Most countries are eligible. However, some countries may be restricted due to legal requirements. Check the [GSoC eligibility page](https://summerofcode.withgoogle.com/rules) for the current list. + +### I'm not a security expert. Can I still apply? + +Absolutely! We're looking for strong programmers who are interested in learning about security. GSoC is a learning experience. + +## Application Questions + +### When should I start my application? + +Start engaging with the community 6-8 weeks before the application deadline (April 1, 2025). This gives you time to: +- Understand our tools and codebase +- Make meaningful contributions +- Discuss your ideas with mentors +- Write a strong proposal + + +Contributors who start early and make contributions before applying have significantly higher acceptance rates. + + +### Can I submit multiple proposals? + +You can submit multiple proposals to different projects within ProjectDiscovery, but we recommend focusing on one strong proposal. Quality is more important than quantity. + +You can only participate in **one** GSoC project across **all** organizations, even if multiple proposals are accepted. + +### Can I submit proposals to multiple organizations? + +Yes, but you can only accept one project if multiple are offered. We recommend focusing on 1-2 organizations where you're most interested and engaged. + +### Can I propose my own project idea? + +Yes! Custom proposals are welcome, but you should: +1. Discuss your idea with mentors on Discord first +2. Ensure it aligns with ProjectDiscovery's goals +3. Scope it appropriately for 175 or 350 hours +4. Show that you understand our codebase + +### Do I need prior contributions to apply? + +While not strictly required, contributors with meaningful prior contributions have **much higher** acceptance rates. We strongly encourage making at least 1-3 contributions before applying to demonstrate: +- Your commitment to the project +- Your ability to work with our codebase +- Your communication skills + +### What programming languages should I know? + +**Required**: Go programming language (most of our tools are written in Go) + +**Helpful** (depending on project): +- JavaScript/TypeScript (for web-related projects) +- Python (for tooling and scripts) +- Bash/Shell scripting +- Basic web technologies (HTML, CSS) + +You don't need to be an expert in Go, but you should be comfortable reading and writing Go code. + +### What if I'm new to Go? + +That's okay! If you're experienced in another language (Python, Java, C++, etc.), you can learn Go during the application period. We recommend: +1. Complete the [Tour of Go](https://go.dev/tour/) +2. Read [Effective Go](https://go.dev/doc/effective_go) +3. Try fixing simple issues in our codebase +4. Ask questions in Discord + +### How detailed should my proposal be? + +Very detailed! Your proposal should include: +- Clear problem definition +- Specific technical approach +- Week-by-week timeline with milestones +- Deliverables for each phase +- Testing and documentation plans +- Your qualifications and past work + +See our [proposal template](/opensource/gsoc/resources/proposal-template) and [evaluation criteria](/opensource/gsoc/resources/evaluation-criteria). + +## Project Questions + +### How many hours per week do I need to commit? + +It depends on your project size: + +- **175-hour projects**: 12-15 hours per week over 12-14 weeks +- **350-hour projects**: 25-30 hours per week over 12-14 weeks + +You should be honest about your availability in your proposal. + +### Can I work on multiple GSoC projects? + +No, you can only participate in one GSoC project per year, even across different organizations. + +### What if I can't complete my project on time? + +Communication is key! If you encounter blockers: +1. Notify your mentor immediately +2. Discuss adjusting the scope or timeline +3. Work together to find solutions + +Passing is based on making reasonable progress and good communication, not perfection. + +### Can I continue working after GSoC ends? + +Yes! We encourage all contributors to continue working on their projects and other ProjectDiscovery tools. Many GSoC contributors become long-term maintainers and even future mentors. + +### Will my code be merged into the main repository? + +Yes, that's the goal! Your work will be reviewed and merged according to our standard code review process. This ensures quality and helps you learn best practices. + +## Communication Questions + +### How do I contact mentors? + +**Primary channel**: Discord #gsoc channel +- Best for questions, discussions, and community engagement +- Public discussions help other applicants too + +**GitHub**: For code-related discussions +- Comment on relevant issues +- Ask questions in pull requests + +**Email**: For private communications only +- Use sparingly +- Prefer public Discord discussions when possible + + +Please do not DM mentors privately unless absolutely necessary. Use public channels so everyone can benefit from the discussion. + + +### What's the expected response time? + +**From you**: Within 24 hours for mentor questions + +**From mentors**: +- During application: 24-48 hours +- During coding period: 24 hours for blocking issues, 48 hours otherwise + +### Where should I ask technical questions? + +- **General questions**: Discord #gsoc channel +- **Tool-specific questions**: Relevant tool channels (#nuclei, #httpx, etc.) +- **Code review**: GitHub pull request comments +- **Project planning**: Direct mentor discussions + +### How often should I communicate during GSoC? + +At minimum: +- **2 check-ins per week** with your mentor +- **Weekly progress updates** (can be in Discord or meeting) +- **Immediate notification** if you encounter blockers +- **Daily commits** during active coding periods (when applicable) + +## Technical Questions + +### What tools do I need? + +**Essential**: +- Git and GitHub account +- Go 1.21+ installed +- Code editor (VS Code, GoLand, Vim, etc.) +- Terminal/command line + +**Project-specific**: Depends on your project +- Docker (for some projects) +- Database tools (PostgreSQL, MongoDB, etc.) +- Browser automation tools +- Testing frameworks + +### What's the development workflow? + +1. Fork the repository on GitHub +2. Clone your fork locally +3. Create a feature branch +4. Make your changes with tests +5. Commit with clear messages +6. Push to your fork +7. Create a pull request +8. Respond to code review +9. Update based on feedback +10. Merge when approved + +[Learn more about our workflow →](/opensource/gsoc/2025/community-engagement) + +### How do I set up my development environment? + +Each tool has specific setup instructions: +- [Nuclei setup](/opensource/nuclei) +- [httpx setup](/opensource/httpx) +- [Katana setup](/opensource/katana) + +General steps: +1. Install Go +2. Fork and clone repository +3. Install dependencies (`go mod download`) +4. Build the tool (`go build`) +5. Run tests (`go test ./...`) + +### What's the code review process? + +All code goes through review: +1. You create a pull request +2. Automated tests run (CI/CD) +3. Mentor(s) review the code +4. You address feedback +5. Multiple review rounds may occur +6. Approved and merged when ready + +Expect thorough reviews - this is part of the learning process! + +## Evaluation Questions + +### How am I evaluated? + +You're evaluated at two points: + +**Midterm** (July 7-14): +- Have you made meaningful progress (40-50% complete)? +- Is your code quality good? +- Are you communicating well? +- Are you on track with your timeline? + +**Final** (September 1-8): +- Did you complete core deliverables? +- Is code well-tested and documented? +- Is work production-ready? +- Did you communicate throughout? + +See our [evaluation criteria](/opensource/gsoc/resources/evaluation-criteria) for details. + +### What happens if I fail the midterm evaluation? + +If you fail midterm, your participation in GSoC ends. However, you can: +- Continue contributing as a community member +- Complete your project independently +- Apply again next year + +Failures are rare if you communicate regularly with mentors and make consistent progress. + +### What are the evaluation criteria? + +Proposals are scored on: +- Technical Merit (30%) +- Implementation Plan (25%) +- Community Engagement (20%) +- Applicant Qualifications (15%) +- Proposal Quality (10%) + +[View detailed criteria →](/opensource/gsoc/resources/evaluation-criteria) + +### How is success measured? + +Success is measured by: +- **Completion**: Did you deliver core features? +- **Quality**: Is code well-tested and maintainable? +- **Communication**: Did you stay in touch and responsive? +- **Documentation**: Is your work well-documented? +- **Learning**: Did you grow as a developer? + +Perfection isn't required - consistent progress and good communication are key. + +## Program Logistics + +### What's the stipend amount? + +Stipend amounts are set by Google and vary by project size: +- 175-hour projects: ~$1,500 USD +- 350-hour projects: ~$3,000 USD + +Exact amounts are announced by Google each year. Check the [official GSoC site](https://summerofcode.withgoogle.com/) for current stipends. + +### When and how do I get paid? + +Google handles all payments directly. You'll be paid in installments: +- After midterm evaluation (50%) +- After final evaluation (50%) + +You must pass each evaluation to receive that payment. + +### Do I need to pay taxes on the stipend? + +Tax requirements vary by country. Google provides documentation, but you're responsible for understanding and meeting your local tax obligations. Consult a tax professional if needed. + +### Can I participate if I have other commitments? + +Yes, but be realistic about your available time. Common scenarios: + +- **Part-time job**: Possible if combined hours don't exceed 40/week +- **Summer classes**: Possible if light course load +- **Internship**: Generally not recommended - GSoC should be your primary summer focus +- **Vacation**: Plan for this in your proposal and inform mentors + +Be honest about your availability in your proposal. + +### Can I work on GSoC from anywhere? + +Yes! GSoC is fully remote. Work from wherever you're comfortable. Just ensure you're in an eligible country and can meet the time commitments. + +## Still Have Questions? + + + + Join our community and ask in #gsoc + + + Google's GSoC FAQ + + + Read our application guide + + + Browse available projects + + + + +Can't find your answer? Join our [Discord community](https://projectdiscovery.io/community) and ask in the #gsoc channel. We're here to help! + diff --git a/opensource/gsoc/2025/getting-started.mdx b/opensource/gsoc/2025/getting-started.mdx new file mode 100644 index 00000000..a84a29c6 --- /dev/null +++ b/opensource/gsoc/2025/getting-started.mdx @@ -0,0 +1,317 @@ +--- +title: "Getting Started with GSoC" +description: "Everything you need to know to participate in Google Summer of Code 2025 with ProjectDiscovery" +sidebarTitle: "Getting Started" +icon: "rocket" +--- + +# Getting Started with GSoC 2025 + +Ready to contribute to ProjectDiscovery through Google Summer of Code? This guide will walk you through everything you need to know to apply and succeed. + +## What is Google Summer of Code? + +Google Summer of Code (GSoC) is a global program that connects new contributors with open source organizations. Contributors work on real-world projects under the guidance of experienced mentors and receive a stipend from Google upon successful completion. + +### Program Benefits + +- **💰 Stipend**: Receive payment from Google for your work +- **👨‍🏫 Mentorship**: Learn from experienced security researchers +- **🎓 Experience**: Gain real-world open source development experience +- **🌐 Network**: Connect with the global security community +- **📜 Recognition**: GSoC certificate and achievement on your resume + + +Learn more about GSoC on the [official website](https://summerofcode.withgoogle.com/). + + +## Eligibility Requirements + +To participate in GSoC 2025, you must: + +- **Age**: Be at least 18 years old +- **Status**: Be a student, recent graduate, or open source beginner +- **Availability**: Commit 175 or 350 hours over 12-14 weeks +- **Work Authorization**: Be able to legally work during the program period +- **Location**: Residents of most countries are eligible (check [GSoC eligibility](https://summerofcode.withgoogle.com/rules)) + + +**Important**: You can only participate in ONE GSoC project per year across all organizations. + + +## How to Participate: 6 Steps + +### 1. Join the Community + +Connect with ProjectDiscovery's community on Discord: + + + Join our 20,000+ member community to connect with mentors and contributors + + +**What to do**: +- Introduce yourself in the #introductions channel +- Join the #gsoc channel for program-specific discussions +- Explore tool-specific channels (#nuclei, #httpx, #katana, etc.) + +### 2. Explore ProjectDiscovery Tools + +Get hands-on experience with our security tools: + + + + Fast vulnerability scanner + + + Multi-purpose HTTP toolkit + + + Web crawling framework + + + Browse all our tools + + + +**What to do**: +- Install and try at least 2-3 tools +- Read the documentation +- Run examples and understand functionality +- Identify areas for improvement + +### 3. Review Project Ideas + +Browse available projects and find one that matches your interests and skills: + + + Browse 2025 project ideas across our tool ecosystem + + +**What to do**: +- Read all project descriptions carefully +- Consider your skills and interests +- Think about which project excites you most +- Consider proposing your own custom project + +### 4. Make Initial Contributions + +Start contributing to ProjectDiscovery projects **before** applying: + + +**Critical**: Contributors who make meaningful contributions before applying have significantly higher acceptance rates. + + +**Where to start**: +- Look for issues labeled `good-first-issue` or `help-wanted` +- Fix documentation typos or improve clarity +- Add test cases +- Fix bugs +- Improve error messages + +**Find issues**: +- [Nuclei Issues](https://github.com/projectdiscovery/nuclei/issues) +- [httpx Issues](https://github.com/projectdiscovery/httpx/issues) +- [Katana Issues](https://github.com/projectdiscovery/katana/issues) +- [All ProjectDiscovery Repos](https://github.com/projectdiscovery) + +### 5. Draft Your Proposal + +Write a detailed proposal following our guidelines: + + + + Detailed proposal guidelines + + + Use our template + + + +**What to include**: +- Clear project description +- Detailed week-by-week timeline +- Your qualifications and experience +- Prior contributions to ProjectDiscovery +- Testing and documentation plans + + +**Timeline**: Start your proposal at least 2-3 weeks before the deadline. Give yourself time to get feedback and iterate. + + +### 6. Submit Application + +Submit your proposal through the official GSoC website: + +**Application Period**: March 18 - April 1, 2025 (18:00 UTC) + + + Submit your proposal on the official GSoC platform + + +**Submission tips**: +- Submit early - don't wait until the last minute +- Double-check all links and formatting +- Proofread carefully +- Keep a copy of your proposal + +## Before You Apply + +### Prerequisites + +To be successful in GSoC with ProjectDiscovery, you should have: + +**Required Skills**: +- Programming experience (especially Go) +- Basic understanding of command-line tools +- Git and GitHub workflow knowledge +- Ability to read and write technical documentation +- Self-motivation and time management + +**Preferred Skills** (depends on project): +- Security testing or vulnerability research experience +- Web development knowledge (HTML/CSS/JavaScript) +- Database or networking concepts +- Experience with CI/CD pipelines + + +Don't worry if you don't have all preferred skills - GSoC is about learning! Focus on demonstrating your ability to learn and grow. + + +### Setting Up Your Development Environment + +Each tool has specific setup instructions: + +1. **Install Go**: Most projects require Go 1.21+ + ```bash + # Visit https://go.dev/doc/install + ``` + +2. **Fork and Clone Repository**: + ```bash + # Example for Nuclei + git clone https://github.com/YOUR_USERNAME/nuclei.git + cd nuclei + ``` + +3. **Follow Tool-Specific Docs**: + - [Nuclei Development](/opensource/nuclei) + - [httpx Development](/opensource/httpx) + - [Katana Development](/opensource/katana) + +### Making Your First Contribution + +**Step-by-step**: + +1. Find a good first issue +2. Comment on the issue to claim it +3. Fork the repository +4. Create a branch for your changes +5. Make your changes with tests +6. Commit with a clear message +7. Push and create a pull request +8. Respond to code review feedback + +[Learn more about contributing →](/opensource/gsoc/2025/community-engagement) + +## Timeline for Success + +Here's a recommended timeline for applying: + +| When | What to Do | +|------|------------| +| **6-8 weeks before deadline** | Join Discord, explore tools, start learning codebase | +| **4-6 weeks before deadline** | Make your first contributions, discuss project ideas with mentors | +| **3-4 weeks before deadline** | Draft your proposal, get feedback from mentors | +| **2-3 weeks before deadline** | Finalize proposal, continue contributing | +| **1 week before deadline** | Final review, submit proposal | +| **Before deadline** | Submit and relax! | + + +**Pro Tip**: The most successful applicants start engaging with the community 6-8 weeks before the application deadline. + + +## What Happens After You Apply? + +### Selection Process + +1. **April 1**: Application deadline +2. **April - May**: Mentors review and score proposals +3. **May 1**: Accepted contributors announced +4. **May 1-26**: Community bonding period +5. **May 27**: Coding period begins! + +### If You're Accepted + +Congratulations! Next steps: + +- Participate in community bonding activities +- Finalize your project plan with mentors +- Set up regular communication schedules +- Start contributing! + +### If You're Not Accepted + +Don't be discouraged! You can: + +- Continue contributing as a community member +- Work on your project independently +- Apply again next year +- Join other open source projects + +Many of our core contributors started by not being accepted in GSoC but stayed involved in the community. + +## Tips for Success + + + + Begin engaging 6-8 weeks before the deadline. Early starters have higher success rates. + + + Make meaningful code contributions before applying. This demonstrates commitment and ability. + + + Ask questions, provide updates, be responsive. Good communication is crucial for remote work. + + + Propose achievable goals. It's better to under-promise and over-deliver. + + + +## Frequently Asked Questions + +**Q: Do I need security experience?** + +No! While security knowledge helps, it's not required. We're looking for strong programmers who are eager to learn about security. + +**Q: Can I work on multiple projects?** + +No, you can only participate in one GSoC project per year across all organizations. + +**Q: Do I need to contribute before applying?** + +While not strictly required, contributors with prior meaningful contributions have significantly higher acceptance rates. + +**Q: Can I propose my own project?** + +Yes! Custom proposals are welcome, but discuss your idea with mentors first to ensure it aligns with ProjectDiscovery's goals. + +[More FAQs →](/opensource/gsoc/2025/faq) + +## Next Steps + + + + Start here: introduce yourself + + + Find a project you like + + + Learn how to apply + + + Important dates + + + +Good luck with your application! We're excited to work with you. 🚀 diff --git a/opensource/gsoc/2025/mentor-guidelines.mdx b/opensource/gsoc/2025/mentor-guidelines.mdx new file mode 100644 index 00000000..74e062d8 --- /dev/null +++ b/opensource/gsoc/2025/mentor-guidelines.mdx @@ -0,0 +1,328 @@ +--- +title: "Mentor Guidelines" +description: "Guidelines and responsibilities for GSoC mentors at ProjectDiscovery" +sidebarTitle: "Mentor Guidelines" +icon: "chalkboard-user" +--- + +# Mentor Guidelines + +Guidelines and responsibilities for mentors participating in ProjectDiscovery's Google Summer of Code program. + +## Mentor Role & Responsibilities + +### Time Commitment + +**Expected**: 5-6 hours per week during coding period + +**Breakdown**: +- 1-2 hours: Check-ins and meetings with contributor +- 2-3 hours: Code review and technical guidance +- 1 hour: Communication, planning, documentation +- 1 hour: Coordination with other mentors/admins + +### Core Responsibilities + +1. **Guide the contributor** through their project +2. **Review code** regularly and provide constructive feedback +3. **Communicate** at least twice weekly with contributor +4. **Track progress** against project timeline +5. **Evaluate** at midterm and final checkpoints +6. **Escalate issues** to organization admins when needed +7. **Document** important decisions and changes + +## Pre-Program Phase + +### Proposal Review (April) + +**Tasks**: +- Review all proposals for your project area +- Score proposals using evaluation criteria +- Provide feedback on technical approaches +- Participate in selection discussions +- Help rank top candidates + +**Evaluation Focus**: +- Technical merit and feasibility +- Contributor's understanding of the problem +- Realistic timeline and planning +- Prior community engagement +- Communication quality + +### Contributor Selection (Late April - Early May) + +**Tasks**: +- Review top-ranked proposals in detail +- Check contributor's prior contributions +- Verify technical capabilities +- Confirm availability and commitment +- Make final selection recommendations + + +**Important**: Once selections are made, mentors are committed to supporting their contributor(s) for the entire program duration. + + +## Community Bonding Period (May 1-26) + +### Goals for This Phase + +Help your contributor prepare for success: + +1. **Build relationship**: Get to know each other +2. **Finalize plan**: Create detailed week-by-week schedule +3. **Setup environment**: Ensure dev environment is ready +4. **Set expectations**: Clarify communication norms +5. **Review code**: Familiarize with relevant codebase areas + +### Initial Meeting Agenda + +Cover these topics in your first meeting: + +- **Introductions**: Background, experience, interests +- **Project review**: Confirm understanding of goals +- **Timeline refinement**: Adjust milestones if needed +- **Communication plan**: When and how to check in +- **Tools setup**: Development environment, access +- **Questions**: Address any concerns + +### Communication Norms to Establish + +Agree on: +- **Check-in schedule**: Days and times for regular meetings +- **Communication channels**: Discord, email, video calls +- **Response time expectations**: How quickly to respond +- **Progress updates**: How often and in what format +- **Blocker escalation**: How to handle issues + +## Coding Period (May 27 - Aug 31) + +### Weekly Routine + +**Minimum twice per week**: +- Technical check-ins (synchronous or async) +- Code reviews +- Progress tracking +- Blocker identification + +**Recommended structure**: +- **Monday**: Week planning, milestone review +- **Wednesday/Thursday**: Mid-week check-in, code review +- **Friday**: Week wrap-up, next week preview + +### Code Review Best Practices + +**What to Review**: +- Code quality and style +- Test coverage +- Documentation +- Performance considerations +- Security implications +- Integration with existing code + +**How to Provide Feedback**: +✅ Be constructive and educational +✅ Explain "why", not just "what" +✅ Suggest improvements with examples +✅ Acknowledge good work +✅ Be timely (review within 24-48 hours) + +❌ Don't be overly critical or harsh +❌ Don't just point out problems without guidance +❌ Don't let PRs sit for days without feedback + +**Example Feedback**: +``` +❌ "This code is bad, rewrite it." + +✅ "This approach works, but we can improve efficiency. +Currently O(n²) due to nested loops. Consider using +a hashmap for O(n) lookup. Here's an example: [code] + +Also great job on the comprehensive test coverage!" +``` + +### Tracking Progress + +**Weekly**: +- Review commits and PRs +- Check milestone completion +- Update project tracker +- Identify any delays or blockers + +**Indicators of Good Progress**: +✅ Regular commits (3-5+ per week) +✅ Milestones completed on time +✅ Responsive to feedback +✅ Proactive communication +✅ Quality code with tests + +**Warning Signs**: +⚠️ No commits for 3+ days +⚠️ Not responding to messages +⚠️ Missing milestones +⚠️ Rushed code without tests +⚠️ Avoiding difficult parts + +### Handling Blockers + +**When contributor gets stuck**: + +1. **Understand the problem**: Ask questions to clarify +2. **Guide don't solve**: Help them find the solution +3. **Provide resources**: Documentation, examples, references +4. **Pair if needed**: Screen share to work through issues +5. **Adjust if necessary**: Rescope if blocker is major + +**Escalate to admins if**: +- Contributor becomes unresponsive (3+ days) +- Technical blocker requires org-level decision +- Scope needs significant adjustment +- Personal issues affecting participation + +## Evaluation Periods + +### Midterm Evaluation (July 7-14) + +**What to Assess**: +- Progress: 40-50% of project completed? +- Code quality: Well-tested and documented? +- Communication: Regular and responsive? +- Trajectory: On track to complete? + +**Pass Criteria**: +✅ Completed core milestones for first half +✅ Code quality meets standards +✅ Communicates regularly +✅ Demonstrates problem-solving ability +✅ Responsive to feedback + +**Fail Criteria**: +❌ < 30% progress with no clear path forward +❌ Unresponsive to communication (7+ days) +❌ Poor code quality despite feedback +❌ Hasn't made meaningful contributions +❌ Unable to work independently + + +**Before failing**: Discuss with org admins. Failing ends the contributor's participation. + + +### Final Evaluation (Sept 1-8) + +**What to Assess**: +- Completion: Core deliverables finished? +- Quality: Production-ready code? +- Documentation: Comprehensive and clear? +- Tests: Good coverage and passing? +- Overall: Successful project? + +**Pass Criteria**: +✅ All core deliverables completed +✅ Code merged or mergeable +✅ Comprehensive documentation +✅ Good test coverage (70-80%+) +✅ Positive collaboration throughout + +**Evaluation Form**: +Google provides a form covering: +- Work product quality +- Communication +- Evaluation recommendation (pass/fail) +- Narrative feedback + +## Best Practices + +### Communication + +**Be available**: +- Respond within 24 hours +- Set up regular check-ins +- Be present in Discord +- Make yourself reachable + +**Be proactive**: +- Check in even if contributor doesn't +- Ask about progress regularly +- Notice warning signs early +- Celebrate wins and milestones + +### Technical Guidance + +**Teach, don't just tell**: +- Explain reasoning behind suggestions +- Share resources for learning +- Encourage exploration +- Guide problem-solving process + +**Balance support and independence**: +- Let them struggle a bit (learning opportunity) +- Step in when truly stuck +- Encourage asking for help +- Build confidence through success + +### Motivation + +**Keep contributors engaged**: +- Recognize achievements +- Provide positive reinforcement +- Show real-world impact of their work +- Connect them with the community + +**Address issues early**: +- Notice declining engagement +- Check in on blockers +- Adjust expectations if needed +- Provide encouragement + +## When to Escalate + +Contact organization admins if: + +- ⚠️ Contributor unresponsive for 3+ days +- ⚠️ Major scope changes needed +- ⚠️ Technical decisions requiring org input +- ⚠️ Considering failing an evaluation +- ⚠️ Interpersonal conflicts +- ⚠️ You're unable to fulfill mentor duties + +## Resources for Mentors + +**Official GSoC Resources**: +- [GSoC Mentor Guide](https://google.github.io/gsocguides/mentor/) +- [GSoC Evaluations Guide](https://google.github.io/gsocguides/mentor/evaluations) +- [GSoC Help Center](https://developers.google.com/open-source/gsoc/help) + +**ProjectDiscovery Resources**: +- [Mentor Resources](/opensource/gsoc/2025/mentor-resources) - Best practices and tips +- Discord #mentors channel (private) +- Weekly mentor sync meetings + +**Contact**: +- Organization admins: [To be specified] +- Discord: #mentors channel +- Emergency: [To be specified] + +## Mentor Checklist + +### Community Bonding +- [ ] Schedule first meeting +- [ ] Review project plan in detail +- [ ] Establish communication routine +- [ ] Ensure dev environment is set up +- [ ] Set clear expectations + +### Coding Period +- [ ] Check in at least 2x per week +- [ ] Review code within 24-48 hours +- [ ] Track progress against milestones +- [ ] Provide constructive feedback +- [ ] Identify and help resolve blockers + +### Evaluations +- [ ] Complete midterm evaluation on time +- [ ] Discuss progress with contributor before evaluating +- [ ] Complete final evaluation on time +- [ ] Provide thoughtful narrative feedback +- [ ] Submit evaluations 24-48 hours before deadline + +Thank you for mentoring with ProjectDiscovery! Your guidance makes GSoC successful. 🙏 diff --git a/opensource/gsoc/2025/mentor-resources.mdx b/opensource/gsoc/2025/mentor-resources.mdx new file mode 100644 index 00000000..e45b01e1 --- /dev/null +++ b/opensource/gsoc/2025/mentor-resources.mdx @@ -0,0 +1,400 @@ +--- +title: "Mentor Resources & Best Practices" +description: "Resources and tips for successful mentoring in GSoC" +sidebarTitle: "Mentor Resources" +icon: "book-open" +--- + +# Mentor Resources & Best Practices + +Practical tips, strategies, and resources to help you be an effective GSoC mentor. + +## Communication Best Practices + +### Frequency & Timing + +**Minimum Requirements**: +- 2 check-ins per week +- 24-hour response time for blocking issues +- 48-hour response time for general questions + +**Recommended**: +- 3-4 touchpoints per week (mix of sync/async) +- Daily presence in Discord during active hours +- Weekly video/voice call for deeper discussions +- Quick responses to show you're engaged + +### Effective Check-ins + +**Good Check-in Questions**: +- What did you accomplish since last time? +- What are you working on now? +- Any blockers or challenges? +- What's your plan for the next few days? +- How are you feeling about progress? + +**Structure for Weekly Meetings**: +1. **Progress review** (10 min): What got done +2. **Blockers discussion** (10 min): Current challenges +3. **Code review** (15 min): Review recent PRs +4. **Planning** (10 min): Next week's goals +5. **Questions** (5 min): Open discussion + +### Communication Channels + +**Discord** - Daily, informal: +- Quick questions +- Progress updates +- Casual conversations +- Community engagement + +**GitHub** - Code-related: +- Pull request reviews +- Technical discussions +- Issue tracking + +**Video/Voice** - Weekly: +- Deeper technical discussions +- Complex problem-solving +- Building rapport + +**Email** - Rare: +- Formal communications +- Privacy-sensitive topics + +## Student Management + +### Setting Clear Expectations + +**First Week Checklist**: +- [ ] Define "done" for each milestone +- [ ] Agree on code quality standards +- [ ] Establish testing requirements +- [ ] Set documentation expectations +- [ ] Clarify communication norms +- [ ] Define success criteria + +**Document Your Agreement**: +Create a shared document covering: +- Weekly goals and milestones +- Check-in schedule +- Code review process +- Testing requirements +- Documentation standards +- Emergency procedures + +### Creating Actionable Milestones + +**Bad Milestone**: +- "Work on feature X" +- "Improve performance" +- "Fix bugs" + +**Good Milestone**: +- "Implement feature X with unit tests achieving 80% coverage" +- "Optimize function Y to reduce execution time by 30%, measured by benchmark suite" +- "Fix issues #123, #456, #789 with regression tests" + +**SMART Milestones**: +- **Specific**: Clear what needs to be done +- **Measurable**: Can verify completion +- **Achievable**: Realistic scope +- **Relevant**: Contributes to project goals +- **Time-bound**: Clear deadline + +### Providing Constructive Feedback + +**Feedback Framework**: + +1. **Acknowledge effort**: Recognize what they did well +2. **Identify issue**: Specific problem, not general criticism +3. **Explain why**: Context for why it matters +4. **Suggest solution**: Concrete improvement steps +5. **Offer resources**: Links, examples, documentation + +**Example**: +``` +❌ "This code is inefficient" + +✅ "Great work implementing the feature! I noticed the nested loops +here create O(n²) complexity. For large datasets, this could slow +things down significantly. Consider using a hashmap for O(n) lookup +instead. Here's an example from our codebase: [link]. + +Also, the PR description is very clear - nice job explaining your +approach!" +``` + +### Recognizing Warning Signs Early + +**Red Flags**: +- 🚩 No commits for 3+ days without explanation +- 🚩 Consistently missing self-set deadlines +- 🚩 Not responding to messages for 24+ hours +- 🚩 Code quality declining +- 🚩 Avoiding difficult parts of project +- 🚩 Making excuses instead of asking for help +- 🚩 Defensive about feedback + +**What to Do**: +1. **Reach out proactively**: "Haven't heard from you, is everything okay?" +2. **Have a direct conversation**: Express concerns clearly +3. **Identify root cause**: Technical blocker? Personal issue? Motivation? +4. **Create action plan**: Specific steps to get back on track +5. **Set checkpoints**: More frequent check-ins temporarily +6. **Escalate if needed**: Involve org admins if no improvement + +## Technical Guidance + +### Code Review Strategies + +**What to Focus On**: + +**Priority 1** - Must fix: +- Security vulnerabilities +- Breaking changes +- Test failures +- Critical bugs + +**Priority 2** - Should fix: +- Code style violations +- Missing tests +- Unclear variable names +- Missing documentation + +**Priority 3** - Nice to have: +- Minor optimizations +- Formatting nitpicks +- Subjective style preferences + +**Review Checklist**: +- [ ] Does code solve the problem? +- [ ] Are there tests with good coverage? +- [ ] Is code readable and maintainable? +- [ ] Are edge cases handled? +- [ ] Is documentation updated? +- [ ] Does it follow project conventions? +- [ ] Are there security concerns? +- [ ] Is performance acceptable? + +### Balancing Guidance vs. Independence + +**When to Guide More**: +- Early in the project +- Learning new concepts +- Complex architectural decisions +- Security-critical code +- Stuck for > 24 hours + +**When to Let Them Struggle**: +- Straightforward implementations +- Similar to past work +- Good learning opportunities +- Stuck for < 8 hours +- Would figure it out with time + +**Signs You're Too Hands-Off**: +- Contributor stuck for days +- Making same mistakes repeatedly +- Quality declining +- Losing motivation + +**Signs You're Too Hands-On**: +- Telling them exactly what to code +- Solving problems for them +- Not giving time to think +- Micromanaging implementation details + +### Teaching Moments + +Transform code review into learning: + +**Instead of**: "Change line 45 to X" +**Try**: "What do you think would happen if we used X here instead? Consider edge case Y." + +**Instead of**: "This is the wrong approach" +**Try**: "This works, but there's a tradeoff. Approach A is simpler but slower. Approach B is faster but more complex. For our use case, which do you think fits better and why?" + +## Common Challenges & Solutions + +### Challenge: Contributor Becomes Unresponsive + +**Early Warning Signs**: +- Delayed responses (24+ hours) +- Vague progress updates +- Decreasing commit frequency + +**Action Plan**: +1. **Day 1**: Send friendly check-in via Discord +2. **Day 2**: Follow up via email +3. **Day 3**: Mark as urgent, CC org admins +4. **Day 4-7**: Daily check-ins, document attempts +5. **Day 7+**: Escalate to org admins, discuss evaluation + +**Prevention**: +- Build rapport early +- Make yourself approachable +- Notice early signs of disengagement +- Regular, positive interactions + +### Challenge: Project Scope Too Ambitious + +**Signs**: +- Consistently behind timeline +- Milestones taking 2x estimated time +- Contributor feeling overwhelmed +- Quality declining due to rush + +**Solutions**: +1. **Assess realistically**: How much can be done? +2. **Prioritize ruthlessly**: What's essential vs. nice-to-have? +3. **Rescope project**: Cut features, not quality +4. **Adjust timeline**: Rebalance milestones +5. **Document changes**: Update proposal and timeline +6. **Reset expectations**: Communicate new goals + +**Prevention**: +- Review timeline carefully during community bonding +- Build in 20-30% buffer time +- Start with MVP, add features incrementally + +### Challenge: Code Quality Issues Despite Feedback + +**Patterns to Notice**: +- Same issues in every PR +- Not addressing review comments +- Tests added but don't actually test +- Documentation is placeholder text + +**Approach**: +1. **Understand why**: Lack of skill? Time pressure? Confusion? +2. **Be more explicit**: Show examples of what "good" looks like +3. **Pair program**: Work through one example together +4. **Set standards**: "This PR can't merge until tests pass and coverage is >75%" +5. **Escalate if needed**: If no improvement, discuss with org admins + +**Resources to Share**: +- Project style guide +- Example PRs from the codebase +- Testing best practices docs +- Pair programming sessions + +### Challenge: Technical Blockers + +**Types of Blockers**: +- **Knowledge gap**: Doesn't know how to approach problem +- **Tool/environment issues**: Setup problems +- **Dependency on others**: Waiting for external factors +- **Complexity**: Problem harder than expected + +**Resolution Strategies**: + +**For knowledge gaps**: +- Share relevant documentation +- Point to similar code in codebase +- Explain concepts with examples +- Pair program if needed + +**For tool issues**: +- Help debug setup +- Provide working examples +- Consider alternative tools +- Screen share to troubleshoot + +**For dependencies**: +- Identify workarounds +- Help remove blockers +- Adjust timeline if needed +- Work on parallel tasks + +**For complexity**: +- Break into smaller pieces +- Simplify approach +- Adjust scope if necessary +- Provide more guidance + +## Evaluation Guidelines + +### Midterm Evaluation + +**Pass Indicators**: +✅ 40-50% of project completed +✅ Regular communication maintained +✅ Code quality meets standards +✅ Demonstrated learning and growth +✅ On track to finish + +**Borderline - Discuss First**: +⚠️ 30-40% completed but good trajectory +⚠️ Some communication gaps but improving +⚠️ Code quality issues but responsive to feedback +⚠️ Behind schedule but has recovery plan + +**Likely Fail**: +❌ <30% completed with no clear path +❌ Unresponsive for extended periods +❌ Poor quality despite repeated feedback +❌ No evidence of independent work + +### Final Evaluation + +**Pass Indicators**: +✅ Core deliverables completed +✅ Code merged or ready to merge +✅ Tests passing with good coverage +✅ Documentation comprehensive +✅ Consistent engagement throughout + +**Success Beyond Completion**: +🌟 Exceeded expectations +🌟 Additional features implemented +🌟 Helped community members +🌟 Fixed bugs beyond project scope +🌟 Plans to continue contributing + +## External Resources + +**Google's GSoC Guides**: +- [Mentor Guide](https://google.github.io/gsocguides/mentor/) +- [Evaluations Guide](https://google.github.io/gsocguides/mentor/evaluations) +- [Communications Best Practices](https://google.github.io/gsocguides/mentor/communication) + +**Code Review Resources**: +- [Google's Code Review Guide](https://google.github.io/eng-practices/review/) +- [How to Review Code You Don't Like](https://mtlynch.io/code-review-love/) + +**Mentorship Resources**: +- [The Art of Mentoring](https://opensource.com/article/19/2/the-art-of-mentoring) +- [First-Time Mentor Guide](https://developers.google.com/open-source/gsoc/resources/guide) + +## Quick Reference + +### Weekly Checklist + +- [ ] 2+ check-ins with contributor +- [ ] Review all PRs within 48 hours +- [ ] Check progress against milestones +- [ ] Update in #mentors channel +- [ ] Help resolve any blockers + +### Evaluation Deadlines + +⚠️ **Submit 24-48 hours before GSoC deadline** +- Midterm: July 7-14 +- Final: September 1-8 + +### Emergency Contacts + +- Organization Admins: [To be specified] +- Discord: #mentors channel (private) +- GSoC Support: gsoc-support@google.com + +## Need Help? + +Mentoring is challenging! Don't hesitate to: +- Ask questions in #mentors channel +- Discuss concerns with org admins +- Reach out to fellow mentors +- Consult GSoC resources + +We're all here to support each other. 🤝 diff --git a/opensource/gsoc/2025/overview.mdx b/opensource/gsoc/2025/overview.mdx new file mode 100644 index 00000000..3b50d358 --- /dev/null +++ b/opensource/gsoc/2025/overview.mdx @@ -0,0 +1,188 @@ +--- +title: "GSoC 2025 Overview" +description: "ProjectDiscovery's participation in Google Summer of Code 2025" +sidebarTitle: "2025 Overview" +icon: "star" +--- + +# Google Summer of Code 2025 + +Welcome to ProjectDiscovery's Google Summer of Code 2025 program! We're excited to work with contributors from around the world to enhance our open source security tools. + +## About ProjectDiscovery + +ProjectDiscovery develops and maintains fast, simple-to-use open source security tools that help security professionals, bug bounty hunters, and organizations identify and remediate vulnerabilities. + +### Our Impact + + + + GitHub Stars across projects + + + Active Community Members + + + Open Source Tools + + + +Our tools are used daily by: +- Security researchers and penetration testers +- Bug bounty hunters on platforms like HackerOne and Bugcrowd +- Enterprise security teams +- Open source contributors worldwide + +## Why Contribute to ProjectDiscovery? + +### Real-World Impact + +Your contributions will directly impact security tools used in production by thousands of professionals worldwide. Work on meaningful projects that help make the internet more secure. + +### Learn Advanced Skills + +- **Security Expertise**: Deep dive into application security, vulnerability research, and exploit development +- **Go Programming**: Master Go by working on high-performance security tools +- **Open Source**: Learn best practices for open source development and community collaboration +- **Software Engineering**: Build scalable, production-grade software with comprehensive testing + +### Expert Mentorship + +Work with experienced security researchers and open source maintainers who are passionate about teaching and collaboration. Our mentors have: +- Years of experience in security research +- Deep knowledge of vulnerability discovery +- Proven track record in open source development +- Active involvement in the security community + +### Vibrant Community + +Join our active community on Discord with 20,000+ members: +- Get help from experienced contributors +- Participate in technical discussions +- Share your knowledge with others +- Network with security professionals + +## 2025 Program Details + + +**Application Timeline**: Applications open March 18 and close April 1, 2025 at 18:00 UTC. Don't miss the deadline! + + +### Key Dates + +| Date | Event | +|------|-------| +| March 18, 2025 | Applications Open | +| April 1, 2025 | Application Deadline (18:00 UTC) | +| May 1, 2025 | Selected Contributors Announced | +| May 1-26, 2025 | Community Bonding Period | +| May 27, 2025 | Coding Period Begins | +| July 7-14, 2025 | Midterm Evaluations | +| September 1-8, 2025 | Final Evaluations | + +[View full timeline →](/opensource/gsoc/2025/timeline) + +### Project Sizes + +Contributors can choose between two project sizes: + +**Medium (175 hours)** +- Approximately 12-14 weeks +- 12-15 hours per week +- Ideal for focused feature additions or improvements + +**Large (350 hours)** +- Approximately 12-14 weeks +- 25-30 hours per week +- Suitable for comprehensive projects or major features + +## Available Projects + +We have exciting projects across our tool ecosystem: + + + + Work on the most popular vulnerability scanner + + + Enhance our web crawling framework + + + Improve our HTTP toolkit + + + Propose your own project + + + +[View all project ideas →](/opensource/gsoc/2025/project-ideas) + +## Get Started + +Ready to apply? Follow these steps: + +1. **[Join Discord](https://projectdiscovery.io/community)** - Connect with mentors and community +2. **[Explore Tools](/opensource)** - Try our tools and understand how they work +3. **[Read Getting Started](/opensource/gsoc/2025/getting-started)** - Learn the application process +4. **[Make Contributions](https://github.com/projectdiscovery)** - Start contributing to our projects +5. **[Review Projects](/opensource/gsoc/2025/project-ideas)** - Choose a project that interests you +6. **[Submit Proposal](/opensource/gsoc/2025/application-process)** - Follow our proposal guidelines + + +**Pro Tip**: Start early! Contributors who engage with the community and make contributions before applying have a much higher acceptance rate. + + +## What We're Looking For + +### Ideal Contributors + +- Strong programming skills (especially in Go) +- Interest in security and vulnerability research +- Self-motivated and able to work independently +- Good communication skills +- Active participation in open source communities +- Willingness to learn and take feedback + +### Successful Contributors Will + +- Commit 12-30 hours per week (depending on project size) +- Communicate regularly with mentors (at least twice weekly) +- Submit quality code with tests and documentation +- Participate in code reviews +- Engage with the community +- Complete project milestones on time + +## Support and Resources + +### Communication Channels + +- **Discord**: Primary communication channel - [Join here](https://projectdiscovery.io/community) +- **GitHub**: Code, issues, and pull requests +- **Email**: For private communications with admins + +### Documentation + + + + How to apply and participate + + + Proposal guidelines and tips + + + Common questions answered + + + How to engage with us + + + +## Questions? + +Have questions about GSoC 2025 at ProjectDiscovery? + +- Check our [FAQ](/opensource/gsoc/2025/faq) +- Ask in our [Discord community](https://projectdiscovery.io/community) #gsoc channel +- Review the [official GSoC documentation](https://summerofcode.withgoogle.com/) + +We're here to help you succeed. Good luck with your application! diff --git a/opensource/gsoc/2025/project-ideas.mdx b/opensource/gsoc/2025/project-ideas.mdx new file mode 100644 index 00000000..60ad52c2 --- /dev/null +++ b/opensource/gsoc/2025/project-ideas.mdx @@ -0,0 +1,426 @@ +--- +title: "GSoC 2025 Project Ideas" +description: "Browse available projects for Google Summer of Code 2025 with ProjectDiscovery" +sidebarTitle: "Project Ideas" +icon: "lightbulb" +--- + +# GSoC 2025 Project Ideas + +Explore exciting projects across ProjectDiscovery's open source security tools. Choose a project that matches your interests and skills, or propose your own custom idea! + +## How to Use This Page + +1. **Browse projects** below to find ones that interest you +2. **Check required skills** to see if you're a good fit +3. **Read the tool documentation** linked in each project +4. **Try the tool** to understand how it works +5. **Discuss with mentors** on Discord before applying +6. **Review application process** when ready to apply + + +**Custom proposals welcome!** Have your own idea? Discuss it with mentors on [Discord](https://projectdiscovery.io/community) first to ensure it aligns with ProjectDiscovery's goals. + + +## Project Categories + +Our projects span different difficulty levels and time commitments: + +| Difficulty | Hours | Suitable For | +|------------|-------|--------------| +| **Easy-Medium** | 175 hours | First-time contributors, focused features | +| **Medium** | 350 hours | Moderate experience, substantial features | +| **Hard** | 350 hours | Experienced contributors, complex projects | + +## Available Projects + +### Project 1: Nuclei Template Performance Analyzer + + + **Tool**: Nuclei + **Difficulty**: Medium + **Size**: 350 hours + **Mentors**: To be assigned + + +#### Description + +Build a comprehensive performance analysis tool for Nuclei templates that helps template authors identify bottlenecks and optimize their templates for faster scanning. This project involves understanding Nuclei's template engine internals, implementing profiling hooks, collecting performance metrics, and creating visualizations to help users understand where time is spent during template execution. + +Currently, template authors have limited visibility into performance characteristics. This tool will provide detailed insights into execution time, network calls, matching operations, and resource usage, enabling data-driven optimization decisions. + +#### Goals & Deliverables + +- **Profiling Framework**: Implement hooks in Nuclei's template engine to collect timing and resource metrics +- **Metrics Collection**: Gather detailed data on: + - Template execution time breakdown + - Network request/response times + - Matcher evaluation performance + - Memory and CPU usage per template +- **CLI Analysis Tool**: Build command-line interface for: + - Running profiling sessions + - Generating performance reports + - Comparing template performance + - Identifying optimization opportunities +- **Web Dashboard**: Create visualization interface showing: + - Flame graphs for execution traces + - Timeline views of template execution + - Performance comparisons + - Bottleneck identification +- **Documentation**: Comprehensive guide for using the profiler and interpreting results +- **Test Coverage**: Unit and integration tests with 75%+ coverage + +#### Technical Skills Required + +**Required**: +- Strong Go programming skills +- Understanding of profiling and benchmarking concepts +- Experience with performance optimization +- Familiarity with data collection and analysis + +**Preferred**: +- Experience with Go profiling tools (pprof, trace) +- Web development (for dashboard - can use existing frameworks) +- Knowledge of Nuclei or similar scanning tools +- Database experience (for metrics storage) + +#### Skills You'll Learn + +- Nuclei template engine architecture and internals +- Go profiling tools and techniques (pprof, runtime/trace) +- Performance optimization strategies for high-throughput systems +- Building developer tools and CLIs +- Data visualization and dashboard creation +- Security scanner workflows and patterns + +#### Getting Started + +1. **Read Documentation**: + - [Nuclei Overview](/opensource/nuclei/overview) + - [Nuclei Templates](/templates/introduction) + +2. **Explore Nuclei**: + - Install Nuclei and run sample scans + - Study template structure and execution + - Profile current performance using Go tools + +3. **Understand Codebase**: + - Review Nuclei's template engine code + - Identify key execution paths + - Look at existing performance considerations + +4. **Make Contributions**: + - Fix "good-first-issue" bugs + - Improve documentation + - Add tests or examples + +5. **Discuss Your Approach**: + - Share your ideas in Discord #gsoc channel + - Get feedback from mentors + - Refine your proposal + +#### Related Links + +- [Nuclei GitHub](https://github.com/projectdiscovery/nuclei) +- [Nuclei Documentation](/opensource/nuclei) +- [Template Structure](/templates/structure) + +--- + +### Project 2: Katana JavaScript Rendering Enhancement + + + **Tool**: Katana + **Difficulty**: Hard + **Size**: 350 hours + **Mentors**: To be assigned + + +#### Description + +Enhance Katana's JavaScript rendering capabilities to better handle modern web applications, especially single-page applications (SPAs) that heavily rely on JavaScript for content rendering. This project involves implementing advanced browser automation features, improving JavaScript execution detection, and optimizing crawling strategies for dynamic web applications. + +Modern web applications use frameworks like React, Vue, and Angular that render content dynamically. Katana needs sophisticated strategies to properly crawl these applications, detect when JavaScript execution is complete, handle infinite scroll, and efficiently manage headless browser resources. + +#### Goals & Deliverables + +- **Advanced JS Detection**: Implement intelligent detection of: + - When JavaScript execution is complete + - Dynamic content loading (AJAX, fetch) + - Infinite scroll and lazy loading + - WebSocket connections + - Service worker activity + +- **SPA Crawling Strategies**: Develop specialized approaches for: + - React/Vue/Angular applications + - Client-side routing detection + - State management analysis + - Virtual DOM interactions + +- **Resource Optimization**: Optimize headless browser usage: + - Connection pooling and reuse + - Resource blocking (ads, trackers) + - Memory management + - Parallel execution strategies + +- **Configuration System**: Extensible configuration for: + - Wait strategies (network idle, DOM stable, custom) + - Timeout management + - Browser flags and options + - JavaScript injection hooks + +- **Comprehensive Testing**: Test suite covering: + - Various SPA frameworks + - Real-world web applications + - Edge cases and error handling + +- **Performance Benchmarks**: Measure and optimize: + - Crawl speed improvements + - Resource usage + - Accuracy of content discovery + +#### Technical Skills Required + +**Required**: +- Strong Go programming skills +- Experience with browser automation (Puppeteer, Playwright, or similar) +- Deep understanding of web technologies (HTML, CSS, JavaScript) +- Knowledge of how modern web frameworks work (React, Vue, Angular) +- Concurrent programming experience + +**Preferred**: +- Experience with headless browser libraries +- Performance optimization at scale +- Understanding of web application architecture +- Network protocol knowledge (HTTP/2, WebSocket) + +#### Skills You'll Learn + +- Web crawling architectures and algorithms +- Browser automation internals +- Modern web application frameworks +- Performance optimization for I/O-bound systems +- Concurrent programming patterns in Go +- Strategies for handling dynamic content + +#### Getting Started + +1. **Read Documentation**: + - [Katana Overview](/opensource/katana/overview) + - [Katana Usage](/opensource/katana/usage) + +2. **Experiment with Katana**: + - Crawl various types of websites + - Test on modern SPAs (try popular web apps) + - Identify current limitations with JS rendering + +3. **Study Modern Web Apps**: + - Analyze how React/Vue/Angular apps work + - Understand client-side routing + - Learn about dynamic content loading patterns + +4. **Analyze Codebase**: + - Review Katana's current JS rendering implementation + - Study browser automation integration + - Identify areas for improvement + +5. **Make Contributions**: + - Report bugs or suggest improvements + - Fix documentation + - Add test cases + +#### Related Links + +- [Katana GitHub](https://github.com/projectdiscovery/katana) +- [Katana Documentation](/opensource/katana) + +--- + +### Project 3: httpx Response Analysis Framework + + + **Tool**: httpx + **Difficulty**: Easy-Medium + **Size**: 175 hours + **Mentors**: To be assigned + + +#### Description + +Create an extensible plugin framework for analyzing HTTP responses beyond basic status codes and headers. This project will enable users to build custom analyzers for response content, implement advanced pattern matching, improve technology detection, and extend httpx's capabilities through a clean plugin architecture. + +Currently, httpx provides excellent HTTP probing capabilities but has limited built-in response analysis. This framework will allow users to easily add custom analyzers for their specific needs, from detecting custom technologies to analyzing response patterns for security issues. + +#### Goals & Deliverables + +- **Plugin Architecture**: Design and implement: + - Clean plugin interface for analyzers + - Plugin discovery and loading system + - Configuration management + - Result aggregation and reporting + +- **Built-in Analyzers** (implement 3-5): + - Advanced technology detection (frameworks, CMS, libraries) + - Content pattern matcher (regex-based analysis) + - Security header analyzer (missing/misconfigured headers) + - API endpoint detector (REST/GraphQL patterns) + - Error message analyzer (debug info leakage) + +- **Developer Tools**: + - Plugin template/boilerplate generator + - Testing framework for analyzers + - Documentation generator + - Example plugins + +- **Documentation**: + - Plugin development guide + - API reference + - Example use cases + - Migration guide for existing users + +- **Performance**: + - Benchmark framework for analyzers + - Optimization for large-scale scanning + - Parallel execution support + +- **Testing**: Comprehensive test suite with 80%+ coverage + +#### Technical Skills Required + +**Required**: +- Go programming experience (intermediate level) +- Understanding of HTTP protocol and headers +- Experience with regex and pattern matching +- Software architecture and design patterns + +**Preferred**: +- Plugin architecture design experience +- Web technology fingerprinting knowledge +- API design experience +- Experience with similar tools (httpx, curl, etc.) + +#### Skills You'll Learn + +- Plugin architecture design in Go +- HTTP response analysis techniques +- Web technology fingerprinting +- Building extensible systems +- API design for third-party developers +- Performance optimization for network tools + +#### Getting Started + +1. **Read Documentation**: + - [httpx Overview](/opensource/httpx/overview) + - [httpx Usage](/opensource/httpx/usage) + +2. **Experiment with httpx**: + - Run httpx against various websites + - Analyze different response types + - Understand current capabilities and limitations + +3. **Research Existing Solutions**: + - Study how other tools implement plugins + - Look at Go plugin systems + - Identify common patterns + +4. **Explore Codebase**: + - Review httpx's response handling code + - Understand the current architecture + - Identify integration points for plugins + +5. **Make Contributions**: + - Fix bugs or documentation issues + - Add feature suggestions + - Implement small improvements + +#### Related Links + +- [httpx GitHub](https://github.com/projectdiscovery/httpx) +- [httpx Documentation](/opensource/httpx) + +--- + +## Custom Project Proposals + +Have your own idea for improving ProjectDiscovery's tools? We welcome custom proposals! + +### Requirements for Custom Proposals + +1. **Discuss First**: Talk with mentors on Discord before applying +2. **Alignment**: Ensure it aligns with ProjectDiscovery's goals +3. **Scope**: Size appropriately for 175 or 350 hours +4. **Value**: Demonstrate clear benefit to users +5. **Feasibility**: Show it's technically achievable + +### Good Custom Project Ideas + +✅ New features for existing tools +✅ Performance improvements with measurable impact +✅ Integration between ProjectDiscovery tools +✅ Developer experience improvements +✅ Testing or CI/CD infrastructure + +### Ideas to Avoid + +❌ Complete rewrites of existing tools +❌ Projects requiring proprietary APIs +❌ Research-only projects without code deliverables +❌ Projects outside security/scanning domain + +### How to Propose + +1. **Join Discord** and share your idea in #gsoc +2. **Describe the problem** you want to solve +3. **Explain your approach** at a high level +4. **Get feedback** and refine your idea +5. **Follow proposal guidelines** when applying + +## Application Process + +Ready to apply for one of these projects? + + + + Learn how to write your proposal + + + Use our template + + + 6-step participation guide + + + Connect with mentors + + + +## Tips for Choosing a Project + +### Match Your Skills +- Choose a project where you have 60-70% of required skills +- You should be able to learn the remaining 30-40% +- Don't choose projects where you have 0% of skills + +### Consider Your Interests +- Pick something that excites you +- You'll spend 12-14 weeks on this +- Passion matters for motivation + +### Think About Impact +- Which project would help the most users? +- What aligns with your career goals? +- What showcases skills you want to develop? + +### Assess Difficulty Honestly +- Are you comfortable with the complexity? +- Do you have enough time? +- Can you complete it in the given timeframe? + +## Questions? + + +Have questions about any project? Join our [Discord community](https://projectdiscovery.io/community) and ask in the #gsoc channel. Mentors are available to help you understand projects and choose the right one! + + +Good luck choosing your project! 🚀 diff --git a/opensource/gsoc/2025/timeline.mdx b/opensource/gsoc/2025/timeline.mdx new file mode 100644 index 00000000..9a72e17c --- /dev/null +++ b/opensource/gsoc/2025/timeline.mdx @@ -0,0 +1,271 @@ +--- +title: "GSoC 2025 Timeline" +description: "Important dates and milestones for Google Summer of Code 2025" +sidebarTitle: "Timeline" +icon: "calendar-days" +--- + +# GSoC 2025 Timeline + +Stay on track with all important dates and deadlines for Google Summer of Code 2025. All times are in UTC. + + +For the official GSoC timeline, visit the [GSoC website](https://summerofcode.withgoogle.com/). Dates listed here are based on the standard GSoC schedule. + + +## Complete Timeline + +| Date | Milestone | Description | +|------|-----------|-------------| +| **January 22, 2025** | Organizations Announced | Google announces accepted organizations including ProjectDiscovery | +| **February 3 - March 18** | Pre-Application Period | Join Discord, explore tools, make contributions, discuss ideas | +| **March 18, 2025** | Applications Open | Begin submitting proposals via GSoC website | +| **April 1, 18:00 UTC** | ⚠️ Application Deadline | **Final deadline for proposal submissions** | +| **April - May** | Review Period | Mentors review and score proposals | +| **May 1, 2025** | Contributors Announced | Accepted contributors announced on GSoC website | +| **May 1-26, 2025** | Community Bonding | Get to know mentors, finalize project plans, setup environment | +| **May 27, 2025** | Coding Begins | Official start of coding period | +| **July 7-14, 2025** | Midterm Evaluation | Progress assessment, feedback from mentors | +| **September 1-8, 2025** | Final Evaluation | Project completion assessment | +| **September 15, 2025** | Results Announced | Final results and certificates published | + +## Key Deadlines + + +**Critical Deadlines** - Don't miss these! + + +### Application Deadline +**April 1, 2025 at 18:00 UTC** + +This is a hard deadline. Late submissions are **not accepted**. Submit early to avoid last-minute technical issues. + +### Midterm Evaluation +**July 7-14, 2025** + +Mentors evaluate your progress at the midpoint. You must demonstrate meaningful progress (typically 40-50% of project completion) to pass. + +### Final Evaluation +**September 1-8, 2025** + +Final assessment of your completed project. Must meet all core deliverables to pass. + +## Phase Breakdown + +### Pre-Application Phase (Feb 3 - March 18) + +**Your Goals**: +- Join the ProjectDiscovery Discord community +- Explore our tools and documentation +- Make initial contributions to build familiarity +- Identify projects that interest you +- Discuss ideas with mentors + +**Recommended Activities**: +- Install and try 2-3 ProjectDiscovery tools +- Fix "good first issues" on GitHub +- Participate in Discord discussions +- Ask questions and learn about the codebase +- Start drafting your proposal + + +**Pro Tip**: Contributors who start engaging 6-8 weeks before the deadline have much higher acceptance rates. + + +### Application Phase (March 18 - April 1) + +**Your Goals**: +- Finalize your proposal +- Get feedback from mentors +- Submit via GSoC website +- Continue making contributions + +**Timeline**: +- **March 18**: Applications open - submit your first draft +- **March 20-28**: Get feedback and iterate on your proposal +- **March 29-31**: Final review and polish +- **April 1**: Submit final version (don't wait until the last hour!) + + +Submit at least 24 hours before the deadline to account for potential technical issues. + + +### Selection Phase (April - May) + +**What Happens**: +- Mentors review all proposals using evaluation criteria +- Proposals are scored and ranked +- Project teams discuss and select top candidates +- Google allocates slots to organizations +- Final selections are made + +**Your Role**: +- Wait patiently (we know it's hard!) +- Continue contributing to ProjectDiscovery +- Be available for any follow-up questions +- Check your email and GSoC dashboard regularly + +**Results**: May 1, 2025 + +### Community Bonding (May 1-26) + +**Your Goals**: +- Get to know your mentors +- Finalize project implementation plan +- Set up development environment +- Establish communication routines +- Start familiarizing with code + +**Expected Activities**: +- Welcome meeting with mentors +- Detailed project planning +- Setup development tools and access +- Read relevant code and documentation +- Create detailed week-by-week schedule +- Establish check-in routine (Discord, meetings) + + +This period is **not** for coding the main project. Use it to prepare so you can hit the ground running on May 27. + + +### Coding Period (May 27 - August 31) + +**Your Goals**: +- Implement your project according to the timeline +- Communicate regularly with mentors +- Submit quality code with tests +- Document your work +- Pass midterm and final evaluations + +**Weekly Expectations**: +- Work 12-15 hours/week (175h projects) or 25-30 hours/week (350h projects) +- At least 2 check-ins with mentors per week +- Regular commits and pull requests +- Progress updates in Discord +- Respond to code review feedback + +**Milestone Schedule**: + +| Week | Focus | +|------|-------| +| 1-2 | Core foundation, basic implementation | +| 3-5 | Main feature development | +| 6-7 | **Midterm: 40-50% complete** | +| 8-10 | Complete remaining features | +| 11-12 | Testing, documentation, polish | +| 13 | **Final evaluation** | + +### Midterm Evaluation (July 7-14) + +**What's Evaluated**: +- Progress on project milestones +- Code quality and testing +- Communication with mentors +- Adherence to timeline +- Problem-solving approach + +**To Pass**: +- Complete 40-50% of project goals +- Demonstrate consistent communication +- Show problem-solving ability +- Have working code (even if incomplete) + + +**Success Strategy**: Stay ahead of schedule. Aim for 50-60% completion by midterm to have buffer for unexpected issues. + + +### Final Evaluation (September 1-8) + +**What's Evaluated**: +- Completion of project deliverables +- Code quality, tests, and documentation +- Overall contribution quality +- Communication throughout program +- Integration with existing codebase + +**To Pass**: +- Complete all core deliverables +- Comprehensive testing +- Full documentation +- Clean, maintainable code +- Responsive to feedback + +### Post-GSoC (September onwards) + +**After the program**: +- Receive certificate and recognition from Google +- Continue contributing to ProjectDiscovery +- Maintain and improve your project +- Help future contributors +- Join our community as a mentor + +Many GSoC contributors become long-term maintainers! + +## Recommended Applicant Timeline + +For best results, follow this personal timeline: + +### 6-8 Weeks Before Deadline +- ✅ Join Discord and introduce yourself +- ✅ Install and try ProjectDiscovery tools +- ✅ Read tool documentation +- ✅ Make first contribution (documentation or small bug fix) + +### 4-6 Weeks Before Deadline +- ✅ Make 2-3 more meaningful contributions +- ✅ Discuss project ideas with mentors on Discord +- ✅ Start drafting proposal outline +- ✅ Deep dive into relevant codebase + +### 3-4 Weeks Before Deadline +- ✅ Complete draft proposal +- ✅ Share draft with mentors for feedback +- ✅ Continue making contributions +- ✅ Refine understanding of project scope + +### 2-3 Weeks Before Deadline +- ✅ Incorporate mentor feedback +- ✅ Finalize technical approach +- ✅ Polish proposal formatting +- ✅ Add specific implementation details + +### 1 Week Before Deadline +- ✅ Final review and proofreading +- ✅ Submit proposal early +- ✅ Double-check all requirements +- ✅ Confirm submission was successful + +## Communication Expectations + +### During Application Period +- Response time from mentors: 24-48 hours +- Best channel: Discord #gsoc channel +- Mentor availability: Most active during UTC business hours + +### During Coding Period +- Check-ins: Minimum 2x per week +- Response time: 24 hours for blocking issues +- Weekly progress updates expected +- Immediate notification of any delays + +## Time Zone Considerations + + +All GSoC deadlines are in **UTC timezone**. Convert to your local time to avoid missing deadlines! + + +**Example: April 1, 18:00 UTC** +- US Pacific (PST/PDT): 10:00 AM / 11:00 AM +- US Eastern (EST/EDT): 1:00 PM / 2:00 PM +- India (IST): 11:30 PM +- Europe (CET/CEST): 7:00 PM / 8:00 PM + +Use a [time zone converter](https://www.timeanddate.com/worldclock/converter.html) to check your local time. + +## Questions About Timeline? + +- Check our [FAQ](/opensource/gsoc/2025/faq) +- Ask in [Discord](https://projectdiscovery.io/community) #gsoc channel +- Review [official GSoC timeline](https://summerofcode.withgoogle.com/) + +Stay organized and good luck! 📅 diff --git a/opensource/gsoc/index.mdx b/opensource/gsoc/index.mdx new file mode 100644 index 00000000..7ce15d80 --- /dev/null +++ b/opensource/gsoc/index.mdx @@ -0,0 +1,78 @@ +--- +title: "Google Summer of Code" +description: "Join ProjectDiscovery in Google Summer of Code - Contribute to open source security tools" +sidebarTitle: "GSoC Overview" +icon: "graduation-cap" +--- + +# Google Summer of Code at ProjectDiscovery + +ProjectDiscovery is excited to participate in Google Summer of Code, offering contributors the opportunity to work on cutting-edge open source security tools that are used by thousands of security professionals worldwide. + +## Current Program + + + Apply for ProjectDiscovery's 2025 program. Join our community and contribute to security tools used by researchers, bug bounty hunters, and security teams globally. + + +## Why Contribute to ProjectDiscovery? + +ProjectDiscovery maintains a suite of open source security tools that are actively used in production environments worldwide. By contributing to our projects, you'll: + + + + Your code will be used by security professionals, bug bounty hunters, and organizations worldwide to discover and remediate vulnerabilities. + + + Gain deep knowledge of application security, vulnerability research, and secure coding practices. + + + Work directly with experienced security researchers and open source maintainers. + + + Join a vibrant community of security enthusiasts on Discord and GitHub with 20,000+ members. + + + +## Our Tools + +ProjectDiscovery maintains popular open source security tools including: + +- **[Nuclei](/opensource/nuclei)**: Fast vulnerability scanner with 6,500+ community templates +- **[httpx](/opensource/httpx)**: Multi-purpose HTTP toolkit for security testing +- **[Katana](/opensource/katana)**: Next-generation web crawling framework +- **[Subfinder](/opensource/subfinder)**: Subdomain discovery tool +- **[Naabu](/opensource/naabu)**: Fast port scanner +- And many more security tools in our ecosystem + +## Get Started + +Ready to contribute? Here's how to get involved: + + + + Connect with our community and mentors + + + Try out our open source tools + + + Browse available project ideas + + + Learn how to apply + + + +## Community + + +Join our [Discord community](https://projectdiscovery.io/community) to connect with mentors, ask questions, and get started with your first contribution. We're here to help! + + +Explore our [GitHub organization](https://github.com/projectdiscovery) to see our projects and start contributing today. diff --git a/opensource/gsoc/resources/evaluation-criteria.mdx b/opensource/gsoc/resources/evaluation-criteria.mdx new file mode 100644 index 00000000..5d7c16a4 --- /dev/null +++ b/opensource/gsoc/resources/evaluation-criteria.mdx @@ -0,0 +1,343 @@ +--- +title: "Proposal Evaluation Criteria" +description: "How GSoC proposals are evaluated at ProjectDiscovery" +sidebarTitle: "Evaluation Criteria" +icon: "clipboard-check" +--- + +# Proposal Evaluation Criteria + +Understanding how proposals are evaluated helps you craft a competitive application. At ProjectDiscovery, we look for contributors who demonstrate technical skill, community engagement, and realistic planning. + +## Overview + +All proposals are reviewed by project mentors and organization administrators using a consistent evaluation rubric. The selection process is competitive, and we aim to choose contributors who will successfully complete their projects and continue contributing to the community. + +### Scoring System + +Proposals are scored across five categories, each weighted differently based on importance: + +| Category | Weight | Focus | +|----------|--------|-------| +| Technical Merit | 30% | Quality of the technical approach | +| Implementation Plan | 25% | Realism and detail of the timeline | +| Community Engagement | 20% | Prior contributions and involvement | +| Applicant Qualifications | 15% | Relevant skills and experience | +| Proposal Quality | 10% | Clarity and professionalism | + +## Evaluation Categories + +### 1. Technical Merit (30%) + +This evaluates the soundness and quality of your technical approach. + +**What We Look For**: +- Clear understanding of the problem you're solving +- Viable technical approach that addresses the problem +- Realistic architecture and design decisions +- Understanding of the relevant tools and codebase +- Awareness of potential technical challenges +- Appropriate choice of technologies and methods + + +**Strong proposals** demonstrate deep understanding of the existing codebase and provide specific technical details about implementation approach. + + +**Excellent** (27-30 points): +- Deep understanding of problem and existing code +- Novel or sophisticated technical approach +- Clear consideration of edge cases and challenges +- Specific implementation details with code examples +- Architecture aligns with project patterns + +**Good** (20-26 points): +- Solid understanding of problem +- Viable technical approach +- General understanding of codebase +- Reasonable implementation strategy +- Some consideration of challenges + +**Needs Improvement** (0-19 points): +- Vague or incomplete problem definition +- Unrealistic or unclear technical approach +- Limited understanding of existing code +- Missing technical details +- No consideration of challenges + +### 2. Implementation Plan (25%) + +This evaluates how well you've planned the actual work. + +**What We Look For**: +- Detailed, week-by-week milestones +- Realistic timeline that accounts for complexity +- Clear, measurable deliverables +- Appropriate scope for 175 or 350 hours +- Risk assessment and contingency plans +- Testing and documentation plans + + +**Strong proposals** break work into concrete milestones with specific, testable outcomes for each week. + + +**Excellent** (23-25 points): +- Highly detailed, week-by-week plan +- Milestones are specific and measurable +- Timeline accounts for testing and documentation +- Includes risk mitigation strategies +- Realistic buffer for unexpected issues +- Clear dependencies between milestones + +**Good** (18-22 points): +- Clear milestones for each phase +- Reasonable timeline +- Identifiable deliverables +- Some consideration of testing +- Generally realistic scope + +**Needs Improvement** (0-17 points): +- Vague or missing milestones +- Unrealistic timeline +- Overly ambitious or too limited scope +- No testing or documentation plans +- Missing important phases + +### 3. Community Engagement (20%) + +This evaluates your involvement with ProjectDiscovery and the open source community. + +**What We Look For**: +- Prior contributions to ProjectDiscovery projects +- Engagement on Discord or GitHub discussions +- Understanding of project goals and community norms +- Quality of interactions with mentors +- Early engagement (not just at application time) +- Helping other community members + + +Contributors who engage early and make contributions **before** applying have a significantly higher acceptance rate. + + +**Excellent** (18-20 points): +- Multiple meaningful code contributions (merged PRs) +- Active participation in Discord community +- Filed useful bug reports or feature requests +- Helped other community members +- Demonstrated understanding through discussions +- Early and consistent engagement + +**Good** (13-17 points): +- At least one meaningful contribution +- Participated in Discord or GitHub discussions +- Engaged with mentors about proposal +- Shows understanding of project +- Made effort to contribute before applying + +**Needs Improvement** (0-12 points): +- No prior contributions +- Limited or no community interaction +- Copy-paste proposals without customization +- Late engagement (only at application deadline) +- No understanding of project demonstrated + +### 4. Applicant Qualifications (15%) + +This evaluates whether you have the skills to complete the project. + +**What We Look For**: +- Proficiency in relevant programming languages (especially Go) +- Past projects demonstrating similar skills +- Relevant coursework or professional experience +- Learning ability and self-direction +- Communication skills +- Evidence of completing past projects + +**Excellent** (14-15 points): +- Strong proficiency in Go +- Completed similar projects in the past +- Relevant professional or academic experience +- Demonstrated learning ability +- Clear, professional communication +- Track record of finishing projects + +**Good** (11-13 points): +- Basic-to-intermediate Go skills +- Some relevant project experience +- Willingness to learn +- Adequate communication skills +- Has completed some projects + +**Needs Improvement** (0-10 points): +- Limited programming experience +- No relevant past projects +- Unclear communication +- No evidence of project completion ability + +### 5. Proposal Quality (10%) + +This evaluates how well the proposal itself is written and organized. + +**What We Look For**: +- Clear, professional writing +- Well-organized structure +- Complete information in all sections +- Proper grammar and spelling +- Appropriate length and detail +- Easy to understand + +**Excellent** (9-10 points): +- Exceptionally clear and well-written +- Professional presentation +- Perfect grammar and spelling +- Well-organized with clear sections +- Appropriate length and detail +- Easy to follow and understand + +**Good** (7-8 points): +- Clear writing +- Good organization +- Minor grammar/spelling issues +- All required sections complete +- Reasonable length + +**Needs Improvement** (0-6 points): +- Unclear or confusing writing +- Poor organization +- Many grammar/spelling errors +- Missing sections +- Too short or excessively long + +## What Makes a Strong Proposal + +Based on our evaluation criteria, here are the key elements of proposals that score well: + +### Technical Excellence +- Specific implementation details with code examples +- Understanding of existing architecture +- Consideration of edge cases and performance +- Appropriate technology choices + +### Realistic Planning +- Week-by-week breakdown with measurable milestones +- Buffer time for unexpected issues +- Testing and documentation included +- Scope matches available hours (175 or 350) + +### Community Connection +- Multiple contributions before applying +- Active Discord participation +- Understanding of project goals +- Professional interaction with mentors + +### Strong Communication +- Clear, concise writing +- Well-organized proposal +- Specific rather than vague +- Professional presentation + +## Common Pitfalls to Avoid + + +Avoid these common mistakes that hurt proposal scores: + + +### Too Ambitious +- Proposing to rewrite major components +- Planning 500+ hours of work in 350 hours +- Not accounting for learning curve +- Ignoring testing and documentation time + +### Too Vague +- "Implement features" without specifics +- "Make improvements" without concrete goals +- Missing technical details +- No clear deliverables + +### No Prior Engagement +- First interaction is submitting proposal +- No contributions to ProjectDiscovery +- Doesn't participate in Discord +- Hasn't tried using the tools + +### Copy-Paste Proposals +- Generic proposals that could apply to any organization +- Not customized to ProjectDiscovery +- Copied sections from other proposals +- No specific understanding demonstrated + +### Unrealistic Timeline +- All work in first few weeks +- No buffer for problems +- No time for code review iterations +- Ignores dependency chains + +### Missing Technical Details +- High-level overview without specifics +- No explanation of "how" +- Missing architecture discussion +- No consideration of challenges + +## Tips for Improvement + +Want to strengthen your proposal? Focus on these areas: + + + + Start contributing to ProjectDiscovery projects at least 4-6 weeks before the application deadline. + + + Replace vague descriptions with concrete examples, specific milestones, and technical details. + + + Share draft proposals with mentors on Discord and iterate based on their feedback. + + + Demonstrate deep understanding of the codebase through contributions and discussions. + + + +### Before Submitting + +Review your proposal against this checklist: + +- [ ] Have you made at least one merged code contribution? +- [ ] Did you discuss your idea with mentors on Discord? +- [ ] Is every week of your timeline filled with specific milestones? +- [ ] Have you included testing and documentation time? +- [ ] Are your technical details specific and realistic? +- [ ] Is your scope appropriate for the hours (175 or 350)? +- [ ] Have you proofread for grammar and clarity? +- [ ] Does your proposal demonstrate understanding of the tool/codebase? + +## Selection Process + +### Timeline + +1. **Application Period**: Proposals submitted via GSoC website +2. **Initial Review**: Mentors review all proposals for completeness +3. **Scoring**: Mentors score proposals using this rubric +4. **Discussion**: Mentors and admins discuss top candidates +5. **Selection**: Final decisions based on scores and slot availability +6. **Notification**: Selected contributors announced by GSoC + +### What Happens After Scoring + +- Proposals are ranked by total score +- Top-ranked proposals are prioritized for available slots +- Mentors consider workload and project dependencies +- Organization admins make final decisions +- All applicants are notified through GSoC platform + + +Even strong proposals may not be accepted if we have limited slots. We often receive more good proposals than we can accept. + + +## Questions? + +If you have questions about the evaluation process: + +- **Discord**: Ask in the #gsoc channel +- **GitHub**: Review existing project discussions +- **Documentation**: Read our [application process guide](/opensource/gsoc/2025/application-process) + +Good luck with your proposal! diff --git a/opensource/gsoc/resources/proposal-template.mdx b/opensource/gsoc/resources/proposal-template.mdx new file mode 100644 index 00000000..3b2ff92d --- /dev/null +++ b/opensource/gsoc/resources/proposal-template.mdx @@ -0,0 +1,274 @@ +--- +title: "GSoC Proposal Template" +description: "Template for writing your GSoC proposal for ProjectDiscovery" +sidebarTitle: "Proposal Template" +icon: "file-lines" +--- + +# GSoC Proposal Template + +Use this template as a starting point for your Google Summer of Code proposal. A well-structured proposal helps reviewers understand your approach and increases your chances of acceptance. + +## How to Use This Template + + +Copy the template below and fill in each section with your specific details. Be clear, concise, and specific about your plans. + + +### What to Include + +- **Personal Information**: Contact details and background +- **Project Description**: Clear explanation of what you'll build +- **Implementation Plan**: Detailed timeline with milestones +- **Qualifications**: Your relevant skills and experience +- **Community Engagement**: Prior contributions and involvement + +### Length Recommendations + +- **Total Length**: 5-10 pages +- **Project Description**: 1-2 pages +- **Implementation Plan**: 2-3 pages with detailed milestones +- **Qualifications**: 1-2 pages + + +Quality matters more than quantity. Focus on clear, specific plans rather than lengthy descriptions. + + +## Template + +Copy and customize the template below: + +```markdown +# GSoC 2025 Proposal: [Your Project Title] + +## Personal Information + +- **Name**: [Your Full Name] +- **Email**: [your.email@example.com] +- **GitHub**: [github.com/yourusername] +- **Discord**: [YourDiscord#1234] +- **University**: [Your University Name] +- **Major/Year**: [Your Major, Expected Graduation Year] +- **Time Zone**: [Your Time Zone] +- **Location**: [Country, City] + +## Abstract + +[Write a 2-3 sentence summary of your project. This should be a high-level overview that captures the essence of what you're proposing.] + +## Project Description + +### Background and Motivation + +[Explain the context of the problem you're solving. Why is this project important? What need does it address?] + +### Problem Statement + +[Clearly define the specific problem or gap your project will address. Be specific about current limitations.] + +### Proposed Solution + +[Describe your approach to solving the problem. What will you build or implement? How will it work?] + +### Technical Approach + +[Provide technical details about your implementation approach. What technologies, libraries, or frameworks will you use? What architecture or design patterns?] + +### Expected Outcomes + +[List the concrete deliverables and outcomes. What will exist at the end of the project that doesn't exist now?] + +## Implementation Plan + +### Phase 1: [Phase Name] (Weeks 1-4) + +**Goals**: +- [Primary goal 1] +- [Primary goal 2] + +**Milestones**: +- Week 1: [Specific milestone] +- Week 2: [Specific milestone] +- Week 3: [Specific milestone] +- Week 4: [Specific milestone] + +**Deliverables**: +- [Concrete deliverable 1] +- [Concrete deliverable 2] + +### Phase 2: [Phase Name] (Weeks 5-8) + +**Goals**: +- [Primary goal 1] +- [Primary goal 2] + +**Milestones**: +- Week 5: [Specific milestone] +- Week 6: [Specific milestone] +- Week 7: [Specific milestone] +- Week 8: [Specific milestone] + +**Deliverables**: +- [Concrete deliverable 1] +- [Concrete deliverable 2] + +### Phase 3: [Phase Name] (Weeks 9-12) + +**Goals**: +- [Primary goal 1] +- [Primary goal 2] + +**Milestones**: +- Week 9: [Specific milestone] +- Week 10: [Specific milestone] +- Week 11: [Specific milestone] +- Week 12: [Specific milestone] + +**Deliverables**: +- [Concrete deliverable 1] +- [Concrete deliverable 2] + +[Continue with additional phases as needed for 350-hour projects] + +### Testing Strategy + +[Describe how you'll test your implementation. What types of tests will you write? How will you ensure quality?] + +### Documentation Plan + +[Explain how you'll document your work. User guides? API documentation? Code comments?] + +### Potential Challenges and Mitigation + +| Challenge | Mitigation Strategy | +|-----------|-------------------| +| [Challenge 1] | [How you'll address it] | +| [Challenge 2] | [How you'll address it] | + +## Qualifications + +### Relevant Experience + +[Describe your background and experience relevant to this project. Programming experience, coursework, personal projects, etc.] + +### Technical Skills + +**Programming Languages**: +- [Language 1]: [Proficiency level - Beginner/Intermediate/Advanced] +- [Language 2]: [Proficiency level] +- Go: [Your Go experience level] + +**Tools and Technologies**: +- [Tool/Technology 1]: [Experience level] +- [Tool/Technology 2]: [Experience level] + +**Security Experience**: +[Describe any security-related experience or knowledge] + +### Contributions to ProjectDiscovery + +[List your contributions to ProjectDiscovery projects. Include PR links, issue reports, documentation improvements, etc.] + +- PR #XXX: [Brief description] - [Link] +- Issue #XXX: [Brief description] - [Link] +- [Other contributions] + +### Other Open Source Contributions + +[List relevant contributions to other open source projects, if any] + +- Project: [Contribution description] - [Link] + +### Past Projects + +[Describe 1-2 relevant past projects that demonstrate your ability to complete this work] + +**Project Name**: [Name] +- Description: [What you built] +- Technologies: [What you used] +- Link: [GitHub or demo link if available] + +## Availability and Time Commitment + +### Availability + +[Describe your availability during the GSoC period. Be honest about any commitments, exams, or conflicts.] + +- **Total Hours**: [175 or 350 hours over X weeks] +- **Weekly Commitment**: [X hours per week] +- **Peak Availability**: [When you're most available] +- **Limited Availability**: [Any known conflicts or reduced availability periods] + +### Communication Plan + +[Explain how you'll stay in touch with mentors] + +- **Weekly Sync**: [Proposed meeting schedule] +- **Daily Updates**: [How you'll provide progress updates] +- **Primary Channel**: [Discord, Email, etc.] +- **Response Time**: [Your expected response time] + +## Post-GSoC Plans + +[Explain how you plan to continue contributing after GSoC ends. Long-term maintenance? Additional features? Community involvement?] + +## Why ProjectDiscovery? + +[Explain why you want to work with ProjectDiscovery specifically. What attracts you to the organization and this project?] + +## References + +**Project Links**: +- [Relevant tool documentation] +- [Related GitHub issues] +- [Technical references] + +**External Resources**: +- [Papers, articles, or documentation you've researched] + +**Contact**: +- Best way to reach me: [Email/Discord/etc.] +- Preferred communication times: [Your timezone and available hours] +``` + +## Tips for a Strong Proposal + + + + Use concrete examples and specific milestones rather than vague descriptions. + + + Demonstrate understanding of the codebase and existing solutions. + + + Propose achievable goals within the timeframe. Quality over quantity. + + + Discuss your idea with mentors before submitting your final proposal. + + + +## Before You Submit + + +**Review Checklist**: +- [ ] All sections are complete and specific +- [ ] Timeline is realistic and detailed +- [ ] Technical approach is clear +- [ ] You've made prior contributions to ProjectDiscovery +- [ ] You've discussed your proposal with mentors +- [ ] Proposal is proofread for clarity and grammar +- [ ] Links work and references are accurate + + +## Next Steps + +1. **Copy this template** and fill in your details +2. **Discuss with mentors** on Discord before finalizing +3. **Review** the [evaluation criteria](/opensource/gsoc/resources/evaluation-criteria) +4. **Submit** via the official GSoC website +5. **Iterate** based on feedback + + +Need help? Join our [Discord community](https://projectdiscovery.io/community) and ask questions in the #gsoc channel. Mentors are here to help you succeed! + From b8d72b6761b9da69f86e2c14e7adb1b20b4e2789 Mon Sep 17 00:00:00 2001 From: knakul853 Date: Sat, 6 Dec 2025 22:43:45 +0530 Subject: [PATCH 2/5] fix: update the timeline and year --- mint.json | 20 +++--- .../{2025 => 2026}/application-process.mdx | 20 +++--- .../{2025 => 2026}/community-engagement.mdx | 8 +-- opensource/gsoc/{2025 => 2026}/faq.mdx | 12 ++-- .../gsoc/{2025 => 2026}/getting-started.mdx | 45 +++++++----- .../gsoc/{2025 => 2026}/mentor-guidelines.mdx | 2 +- .../gsoc/{2025 => 2026}/mentor-resources.mdx | 0 opensource/gsoc/{2025 => 2026}/overview.mdx | 64 ++++++++--------- .../gsoc/{2025 => 2026}/project-ideas.mdx | 16 ++--- opensource/gsoc/{2025 => 2026}/timeline.mdx | 70 ++++++++++--------- opensource/gsoc/index.mdx | 14 ++-- .../gsoc/resources/evaluation-criteria.mdx | 2 +- .../gsoc/resources/proposal-template.mdx | 4 +- 13 files changed, 143 insertions(+), 134 deletions(-) rename opensource/gsoc/{2025 => 2026}/application-process.mdx (94%) rename opensource/gsoc/{2025 => 2026}/community-engagement.mdx (98%) rename opensource/gsoc/{2025 => 2026}/faq.mdx (96%) rename opensource/gsoc/{2025 => 2026}/getting-started.mdx (83%) rename opensource/gsoc/{2025 => 2026}/mentor-guidelines.mdx (99%) rename opensource/gsoc/{2025 => 2026}/mentor-resources.mdx (100%) rename opensource/gsoc/{2025 => 2026}/overview.mdx (77%) rename opensource/gsoc/{2025 => 2026}/project-ideas.mdx (96%) rename opensource/gsoc/{2025 => 2026}/timeline.mdx (75%) diff --git a/mint.json b/mint.json index 1af2fc03..4955c0ee 100644 --- a/mint.json +++ b/mint.json @@ -112,24 +112,24 @@ "pages": [ "opensource/gsoc/index", { - "group": "GSoC 2025", + "group": "GSoC 2026", "icon": "calendar", "iconType": "solid", "pages": [ - "opensource/gsoc/2025/overview", - "opensource/gsoc/2025/getting-started", - "opensource/gsoc/2025/application-process", - "opensource/gsoc/2025/project-ideas", - "opensource/gsoc/2025/timeline", - "opensource/gsoc/2025/faq", - "opensource/gsoc/2025/community-engagement", + "opensource/gsoc/2026/overview", + "opensource/gsoc/2026/getting-started", + "opensource/gsoc/2026/application-process", + "opensource/gsoc/2026/project-ideas", + "opensource/gsoc/2026/timeline", + "opensource/gsoc/2026/faq", + "opensource/gsoc/2026/community-engagement", { "group": "For Mentors", "icon": "chalkboard-user", "iconType": "solid", "pages": [ - "opensource/gsoc/2025/mentor-guidelines", - "opensource/gsoc/2025/mentor-resources" + "opensource/gsoc/2026/mentor-guidelines", + "opensource/gsoc/2026/mentor-resources" ] } ] diff --git a/opensource/gsoc/2025/application-process.mdx b/opensource/gsoc/2026/application-process.mdx similarity index 94% rename from opensource/gsoc/2025/application-process.mdx rename to opensource/gsoc/2026/application-process.mdx index c1bd0644..2f041db4 100644 --- a/opensource/gsoc/2025/application-process.mdx +++ b/opensource/gsoc/2026/application-process.mdx @@ -13,16 +13,16 @@ Learn how to write a compelling GSoC proposal that stands out. A well-crafted pr | Date | Action | |------|--------| -| **March 18, 2025** | Applications open on GSoC website | -| **March 18-31** | Draft proposal, get mentor feedback, iterate | -| **April 1, 18:00 UTC** | ⚠️ **Application deadline** - Submit final proposal | -| **May 1, 2025** | Accepted contributors announced | +| **March 16, 2026** | Applications open on GSoC website | +| **March 16-30** | Draft proposal, get mentor feedback, iterate | +| **March 31, 18:00 UTC** | ⚠️ **Application deadline** - Submit final proposal | +| **April 30, 2026** | Accepted contributors announced | -**Deadline**: April 1, 2025 at 18:00 UTC. No late submissions are accepted. Submit early! +**Deadline**: March 31, 2026 at 18:00 UTC. No late submissions are accepted. Submit early! -[View full timeline →](/opensource/gsoc/2025/timeline) +[View full timeline →](/opensource/gsoc/2026/timeline) ## Before You Apply @@ -200,10 +200,10 @@ Showcase 1-2 relevant projects: Understand how proposals are scored - + Browse available projects - + Learn the basics @@ -299,7 +299,7 @@ Avoid these pitfalls that hurt proposals: - **Format**: PDF or Google Docs (preferred for easy updates) - **Length**: 5-10 pages typically (quality over quantity) -- **Filename**: `GSoC2025_YourName_ProjectTitle.pdf` +- **Filename**: `GSoC2026_YourName_ProjectTitle.pdf` - **Backup**: Keep a local copy - **Early submission**: You can update before deadline @@ -357,7 +357,7 @@ Your proposal will be evaluated by mentors based on: ## Need Help? - + Get help from mentors and community in #gsoc diff --git a/opensource/gsoc/2025/community-engagement.mdx b/opensource/gsoc/2026/community-engagement.mdx similarity index 98% rename from opensource/gsoc/2025/community-engagement.mdx rename to opensource/gsoc/2026/community-engagement.mdx index cad87da5..a6f9de81 100644 --- a/opensource/gsoc/2025/community-engagement.mdx +++ b/opensource/gsoc/2026/community-engagement.mdx @@ -15,7 +15,7 @@ Learn how to effectively engage with ProjectDiscovery's community, make contribu Our main hub for community interaction: - + Join 20,000+ security enthusiasts in our community @@ -315,16 +315,16 @@ If you encounter issues: ## Resources - + Join our community Browse our code - + GSoC participation guide - + Common questions diff --git a/opensource/gsoc/2025/faq.mdx b/opensource/gsoc/2026/faq.mdx similarity index 96% rename from opensource/gsoc/2025/faq.mdx rename to opensource/gsoc/2026/faq.mdx index 7be9d5ca..6c40e3b6 100644 --- a/opensource/gsoc/2025/faq.mdx +++ b/opensource/gsoc/2026/faq.mdx @@ -39,7 +39,7 @@ Absolutely! We're looking for strong programmers who are interested in learning ### When should I start my application? -Start engaging with the community 6-8 weeks before the application deadline (April 1, 2025). This gives you time to: +Start engaging with the community 6-8 weeks before the application deadline (April 1, 2026). This gives you time to: - Understand our tools and codebase - Make meaningful contributions - Discuss your ideas with mentors @@ -210,7 +210,7 @@ At minimum: 9. Update based on feedback 10. Merge when approved -[Learn more about our workflow →](/opensource/gsoc/2025/community-engagement) +[Learn more about our workflow →](/opensource/gsoc/2026/community-engagement) ### How do I set up my development environment? @@ -329,20 +329,20 @@ Yes! GSoC is fully remote. Work from wherever you're comfortable. Just ensure yo ## Still Have Questions? - + Join our community and ask in #gsoc Google's GSoC FAQ - + Read our application guide - + Browse available projects -Can't find your answer? Join our [Discord community](https://projectdiscovery.io/community) and ask in the #gsoc channel. We're here to help! +Can't find your answer? Join our [Discord community](https://discord.com/invite/projectdiscovery) and ask in the #gsoc channel. We're here to help! diff --git a/opensource/gsoc/2025/getting-started.mdx b/opensource/gsoc/2026/getting-started.mdx similarity index 83% rename from opensource/gsoc/2025/getting-started.mdx rename to opensource/gsoc/2026/getting-started.mdx index a84a29c6..bd906036 100644 --- a/opensource/gsoc/2025/getting-started.mdx +++ b/opensource/gsoc/2026/getting-started.mdx @@ -1,11 +1,11 @@ --- title: "Getting Started with GSoC" -description: "Everything you need to know to participate in Google Summer of Code 2025 with ProjectDiscovery" +description: "Everything you need to know to participate in Google Summer of Code 2026 with ProjectDiscovery" sidebarTitle: "Getting Started" icon: "rocket" --- -# Getting Started with GSoC 2025 +# Getting Started with GSoC 2026 Ready to contribute to ProjectDiscovery through Google Summer of Code? This guide will walk you through everything you need to know to apply and succeed. @@ -27,25 +27,32 @@ Learn more about GSoC on the [official website](https://summerofcode.withgoogle. ## Eligibility Requirements -To participate in GSoC 2025, you must: +To participate in GSoC 2026, you must meet **all** of these criteria: -- **Age**: Be at least 18 years old -- **Status**: Be a student, recent graduate, or open source beginner +- **Age**: Be at least 18 years old when you register +- **Status**: Be either: + - A student (enrolled in an accredited institution), OR + - An open source beginner (someone with minimal open source experience - personal projects, class projects, or only a few PRs/issues) +- **GSoC History**: Not have been accepted as a GSoC Contributor more than once before - **Availability**: Commit 175 or 350 hours over 12-14 weeks -- **Work Authorization**: Be able to legally work during the program period -- **Location**: Residents of most countries are eligible (check [GSoC eligibility](https://summerofcode.withgoogle.com/rules)) +- **Work Authorization**: Be eligible to work in your country of residence during the program +- **Location**: Not reside in a country currently embargoed by the United States (check [GSoC rules](https://summerofcode.withgoogle.com/rules)) -**Important**: You can only participate in ONE GSoC project per year across all organizations. +**Geographic Restrictions for 2026**: GSoC 2026 is not accepting participants from Russia, Belarus, or the so-called Donetsk People's Republic ("DNR") and Luhansk People's Republic ("LNR"). + +**What qualifies as "open source beginner"?** This includes people whose open source experience is limited to personal/class projects, projects used at a single institution, or opening a small number of issues or pull requests. See [GSoC FAQ](https://developers.google.com/open-source/gsoc/faq) for details. + + ## How to Participate: 6 Steps ### 1. Join the Community Connect with ProjectDiscovery's community on Discord: - + Join our 20,000+ member community to connect with mentors and contributors @@ -83,8 +90,8 @@ Get hands-on experience with our security tools: Browse available projects and find one that matches your interests and skills: - - Browse 2025 project ideas across our tool ecosystem + + Browse 2026 project ideas across our tool ecosystem **What to do**: @@ -119,7 +126,7 @@ Start contributing to ProjectDiscovery projects **before** applying: Write a detailed proposal following our guidelines: - + Detailed proposal guidelines @@ -142,7 +149,7 @@ Write a detailed proposal following our guidelines: Submit your proposal through the official GSoC website: -**Application Period**: March 18 - April 1, 2025 (18:00 UTC) +**Application Period**: March 18 - April 1, 2026 (18:00 UTC) Submit your proposal on the official GSoC platform @@ -211,7 +218,7 @@ Each tool has specific setup instructions: 7. Push and create a pull request 8. Respond to code review feedback -[Learn more about contributing →](/opensource/gsoc/2025/community-engagement) +[Learn more about contributing →](/opensource/gsoc/2026/community-engagement) ## Timeline for Success @@ -295,21 +302,21 @@ While not strictly required, contributors with prior meaningful contributions ha Yes! Custom proposals are welcome, but discuss your idea with mentors first to ensure it aligns with ProjectDiscovery's goals. -[More FAQs →](/opensource/gsoc/2025/faq) +[More FAQs →](/opensource/gsoc/2026/faq) ## Next Steps - + Start here: introduce yourself - + Find a project you like - + Learn how to apply - + Important dates diff --git a/opensource/gsoc/2025/mentor-guidelines.mdx b/opensource/gsoc/2026/mentor-guidelines.mdx similarity index 99% rename from opensource/gsoc/2025/mentor-guidelines.mdx rename to opensource/gsoc/2026/mentor-guidelines.mdx index 74e062d8..7646f183 100644 --- a/opensource/gsoc/2025/mentor-guidelines.mdx +++ b/opensource/gsoc/2026/mentor-guidelines.mdx @@ -293,7 +293,7 @@ Contact organization admins if: - [GSoC Help Center](https://developers.google.com/open-source/gsoc/help) **ProjectDiscovery Resources**: -- [Mentor Resources](/opensource/gsoc/2025/mentor-resources) - Best practices and tips +- [Mentor Resources](/opensource/gsoc/2026/mentor-resources) - Best practices and tips - Discord #mentors channel (private) - Weekly mentor sync meetings diff --git a/opensource/gsoc/2025/mentor-resources.mdx b/opensource/gsoc/2026/mentor-resources.mdx similarity index 100% rename from opensource/gsoc/2025/mentor-resources.mdx rename to opensource/gsoc/2026/mentor-resources.mdx diff --git a/opensource/gsoc/2025/overview.mdx b/opensource/gsoc/2026/overview.mdx similarity index 77% rename from opensource/gsoc/2025/overview.mdx rename to opensource/gsoc/2026/overview.mdx index 3b50d358..cbac5c22 100644 --- a/opensource/gsoc/2025/overview.mdx +++ b/opensource/gsoc/2026/overview.mdx @@ -1,13 +1,13 @@ --- -title: "GSoC 2025 Overview" -description: "ProjectDiscovery's participation in Google Summer of Code 2025" -sidebarTitle: "2025 Overview" +title: "GSoC 2026 Overview" +description: "ProjectDiscovery's participation in Google Summer of Code 2026" +sidebarTitle: "2026 Overview" icon: "star" --- -# Google Summer of Code 2025 +# Google Summer of Code 2026 -Welcome to ProjectDiscovery's Google Summer of Code 2025 program! We're excited to work with contributors from around the world to enhance our open source security tools. +Welcome to ProjectDiscovery's Google Summer of Code 2026 program! We're excited to work with contributors from around the world to enhance our open source security tools. ## About ProjectDiscovery @@ -62,25 +62,25 @@ Join our active community on Discord with 20,000+ members: - Share your knowledge with others - Network with security professionals -## 2025 Program Details +## 2026 Program Details -**Application Timeline**: Applications open March 18 and close April 1, 2025 at 18:00 UTC. Don't miss the deadline! +**Application Timeline**: Applications open March 18 and close April 1, 2026 at 18:00 UTC. Don't miss the deadline! ### Key Dates | Date | Event | |------|-------| -| March 18, 2025 | Applications Open | -| April 1, 2025 | Application Deadline (18:00 UTC) | -| May 1, 2025 | Selected Contributors Announced | -| May 1-26, 2025 | Community Bonding Period | -| May 27, 2025 | Coding Period Begins | -| July 7-14, 2025 | Midterm Evaluations | -| September 1-8, 2025 | Final Evaluations | +| March 18, 2026 | Applications Open | +| April 1, 2026 | Application Deadline (18:00 UTC) | +| May 1, 2026 | Selected Contributors Announced | +| May 1-26, 2026 | Community Bonding Period | +| May 27, 2026 | Coding Period Begins | +| July 7-14, 2026 | Midterm Evaluations | +| September 1-8, 2026 | Final Evaluations | -[View full timeline →](/opensource/gsoc/2025/timeline) +[View full timeline →](/opensource/gsoc/2026/timeline) ### Project Sizes @@ -101,32 +101,32 @@ Contributors can choose between two project sizes: We have exciting projects across our tool ecosystem: - + Work on the most popular vulnerability scanner - + Enhance our web crawling framework - + Improve our HTTP toolkit - + Propose your own project -[View all project ideas →](/opensource/gsoc/2025/project-ideas) +[View all project ideas →](/opensource/gsoc/2026/project-ideas) ## Get Started Ready to apply? Follow these steps: -1. **[Join Discord](https://projectdiscovery.io/community)** - Connect with mentors and community +1. **[Join Discord](https://discord.com/invite/projectdiscovery)** - Connect with mentors and community 2. **[Explore Tools](/opensource)** - Try our tools and understand how they work -3. **[Read Getting Started](/opensource/gsoc/2025/getting-started)** - Learn the application process +3. **[Read Getting Started](/opensource/gsoc/2026/getting-started)** - Learn the application process 4. **[Make Contributions](https://github.com/projectdiscovery)** - Start contributing to our projects -5. **[Review Projects](/opensource/gsoc/2025/project-ideas)** - Choose a project that interests you -6. **[Submit Proposal](/opensource/gsoc/2025/application-process)** - Follow our proposal guidelines +5. **[Review Projects](/opensource/gsoc/2026/project-ideas)** - Choose a project that interests you +6. **[Submit Proposal](/opensource/gsoc/2026/application-process)** - Follow our proposal guidelines **Pro Tip**: Start early! Contributors who engage with the community and make contributions before applying have a much higher acceptance rate. @@ -156,33 +156,33 @@ Ready to apply? Follow these steps: ### Communication Channels -- **Discord**: Primary communication channel - [Join here](https://projectdiscovery.io/community) +- **Discord**: Primary communication channel - [Join here](https://discord.com/invite/projectdiscovery) - **GitHub**: Code, issues, and pull requests - **Email**: For private communications with admins ### Documentation - + How to apply and participate - + Proposal guidelines and tips - + Common questions answered - + How to engage with us ## Questions? -Have questions about GSoC 2025 at ProjectDiscovery? +Have questions about GSoC 2026 at ProjectDiscovery? -- Check our [FAQ](/opensource/gsoc/2025/faq) -- Ask in our [Discord community](https://projectdiscovery.io/community) #gsoc channel +- Check our [FAQ](/opensource/gsoc/2026/faq) +- Ask in our [Discord community](https://discord.com/invite/projectdiscovery) #gsoc channel - Review the [official GSoC documentation](https://summerofcode.withgoogle.com/) We're here to help you succeed. Good luck with your application! diff --git a/opensource/gsoc/2025/project-ideas.mdx b/opensource/gsoc/2026/project-ideas.mdx similarity index 96% rename from opensource/gsoc/2025/project-ideas.mdx rename to opensource/gsoc/2026/project-ideas.mdx index 60ad52c2..e5b5ccf6 100644 --- a/opensource/gsoc/2025/project-ideas.mdx +++ b/opensource/gsoc/2026/project-ideas.mdx @@ -1,11 +1,11 @@ --- -title: "GSoC 2025 Project Ideas" -description: "Browse available projects for Google Summer of Code 2025 with ProjectDiscovery" +title: "GSoC 2026 Project Ideas" +description: "Browse available projects for Google Summer of Code 2026 with ProjectDiscovery" sidebarTitle: "Project Ideas" icon: "lightbulb" --- -# GSoC 2025 Project Ideas +# GSoC 2026 Project Ideas Explore exciting projects across ProjectDiscovery's open source security tools. Choose a project that matches your interests and skills, or propose your own custom idea! @@ -19,7 +19,7 @@ Explore exciting projects across ProjectDiscovery's open source security tools. 6. **Review application process** when ready to apply -**Custom proposals welcome!** Have your own idea? Discuss it with mentors on [Discord](https://projectdiscovery.io/community) first to ensure it aligns with ProjectDiscovery's goals. +**Custom proposals welcome!** Have your own idea? Discuss it with mentors on [Discord](https://discord.com/invite/projectdiscovery) first to ensure it aligns with ProjectDiscovery's goals. ## Project Categories @@ -381,16 +381,16 @@ Have your own idea for improving ProjectDiscovery's tools? We welcome custom pro Ready to apply for one of these projects? - + Learn how to write your proposal Use our template - + 6-step participation guide - + Connect with mentors @@ -420,7 +420,7 @@ Ready to apply for one of these projects? ## Questions? -Have questions about any project? Join our [Discord community](https://projectdiscovery.io/community) and ask in the #gsoc channel. Mentors are available to help you understand projects and choose the right one! +Have questions about any project? Join our [Discord community](https://discord.com/invite/projectdiscovery) and ask in the #gsoc channel. Mentors are available to help you understand projects and choose the right one! Good luck choosing your project! 🚀 diff --git a/opensource/gsoc/2025/timeline.mdx b/opensource/gsoc/2026/timeline.mdx similarity index 75% rename from opensource/gsoc/2025/timeline.mdx rename to opensource/gsoc/2026/timeline.mdx index 9a72e17c..60520be1 100644 --- a/opensource/gsoc/2025/timeline.mdx +++ b/opensource/gsoc/2026/timeline.mdx @@ -1,13 +1,13 @@ --- -title: "GSoC 2025 Timeline" -description: "Important dates and milestones for Google Summer of Code 2025" +title: "GSoC 2026 Timeline" +description: "Important dates and milestones for Google Summer of Code 2026" sidebarTitle: "Timeline" icon: "calendar-days" --- -# GSoC 2025 Timeline +# GSoC 2026 Timeline -Stay on track with all important dates and deadlines for Google Summer of Code 2025. All times are in UTC. +Stay on track with all important dates and deadlines for Google Summer of Code 2026. All times are in UTC. For the official GSoC timeline, visit the [GSoC website](https://summerofcode.withgoogle.com/). Dates listed here are based on the standard GSoC schedule. @@ -17,17 +17,19 @@ For the official GSoC timeline, visit the [GSoC website](https://summerofcode.wi | Date | Milestone | Description | |------|-----------|-------------| -| **January 22, 2025** | Organizations Announced | Google announces accepted organizations including ProjectDiscovery | -| **February 3 - March 18** | Pre-Application Period | Join Discord, explore tools, make contributions, discuss ideas | -| **March 18, 2025** | Applications Open | Begin submitting proposals via GSoC website | -| **April 1, 18:00 UTC** | ⚠️ Application Deadline | **Final deadline for proposal submissions** | -| **April - May** | Review Period | Mentors review and score proposals | -| **May 1, 2025** | Contributors Announced | Accepted contributors announced on GSoC website | -| **May 1-26, 2025** | Community Bonding | Get to know mentors, finalize project plans, setup environment | -| **May 27, 2025** | Coding Begins | Official start of coding period | -| **July 7-14, 2025** | Midterm Evaluation | Progress assessment, feedback from mentors | -| **September 1-8, 2025** | Final Evaluation | Project completion assessment | -| **September 15, 2025** | Results Announced | Final results and certificates published | +| **February 19, 2026** | Organizations Announced | Google announces accepted organizations including ProjectDiscovery | +| **February 19 - March 15** | Pre-Application Period | Join Discord, explore tools, make contributions, discuss ideas | +| **March 16, 2026** | Applications Open | Contributor application period begins | +| **March 31, 18:00 UTC** | ⚠️ Application Deadline | **Final deadline for proposal submissions** | +| **April - April 21** | Review Period | Mentors review and score proposals | +| **April 30, 18:00 UTC** | Contributors Announced | Accepted contributors announced on GSoC website | +| **May 1-24, 2026** | Community Bonding | Get to know mentors, finalize project plans, setup environment | +| **May 25, 2026** | Coding Begins | Official start of coding period | +| **July 6-10, 2026** | Midterm Evaluation | Progress assessment (Deadline: July 10, 18:00 UTC) | +| **August 17-24, 2026** | Final Submission | Contributors submit final work (Deadline: August 24, 18:00 UTC) | +| **August 24-31, 2026** | Final Evaluation | Mentors complete evaluations (Deadline: August 31, 18:00 UTC) | +| **August 24 - November 2** | Extended Timeline | Extended timeline projects continue | +| **November 2, 18:00 UTC** | Extended Projects Deadline | Final submission for extended projects | ## Key Deadlines @@ -36,23 +38,23 @@ For the official GSoC timeline, visit the [GSoC website](https://summerofcode.wi ### Application Deadline -**April 1, 2025 at 18:00 UTC** +**March 31, 2026 at 18:00 UTC** This is a hard deadline. Late submissions are **not accepted**. Submit early to avoid last-minute technical issues. ### Midterm Evaluation -**July 7-14, 2025** +**July 10, 2026 at 18:00 UTC** Mentors evaluate your progress at the midpoint. You must demonstrate meaningful progress (typically 40-50% of project completion) to pass. ### Final Evaluation -**September 1-8, 2025** +**August 31, 2026 at 18:00 UTC** Final assessment of your completed project. Must meet all core deliverables to pass. ## Phase Breakdown -### Pre-Application Phase (Feb 3 - March 18) +### Pre-Application Phase (Feb 19 - March 15) **Your Goals**: - Join the ProjectDiscovery Discord community @@ -72,7 +74,7 @@ Final assessment of your completed project. Must meet all core deliverables to p **Pro Tip**: Contributors who start engaging 6-8 weeks before the deadline have much higher acceptance rates. -### Application Phase (March 18 - April 1) +### Application Phase (March 16 - March 31) **Your Goals**: - Finalize your proposal @@ -81,16 +83,16 @@ Final assessment of your completed project. Must meet all core deliverables to p - Continue making contributions **Timeline**: -- **March 18**: Applications open - submit your first draft -- **March 20-28**: Get feedback and iterate on your proposal -- **March 29-31**: Final review and polish -- **April 1**: Submit final version (don't wait until the last hour!) +- **March 16**: Applications open - submit your first draft +- **March 18-28**: Get feedback and iterate on your proposal +- **March 29-30**: Final review and polish +- **March 31**: Submit final version (don't wait until the last hour!) Submit at least 24 hours before the deadline to account for potential technical issues. -### Selection Phase (April - May) +### Selection Phase (April - April 30) **What Happens**: - Mentors review all proposals using evaluation criteria @@ -105,9 +107,9 @@ Submit at least 24 hours before the deadline to account for potential technical - Be available for any follow-up questions - Check your email and GSoC dashboard regularly -**Results**: May 1, 2025 +**Results**: April 30, 2026 -### Community Bonding (May 1-26) +### Community Bonding (May 1-24) **Your Goals**: - Get to know your mentors @@ -125,10 +127,10 @@ Submit at least 24 hours before the deadline to account for potential technical - Establish check-in routine (Discord, meetings) -This period is **not** for coding the main project. Use it to prepare so you can hit the ground running on May 27. +This period is **not** for coding the main project. Use it to prepare so you can hit the ground running on May 25. -### Coding Period (May 27 - August 31) +### Coding Period (May 25 - August 24) **Your Goals**: - Implement your project according to the timeline @@ -155,7 +157,7 @@ This period is **not** for coding the main project. Use it to prepare so you can | 11-12 | Testing, documentation, polish | | 13 | **Final evaluation** | -### Midterm Evaluation (July 7-14) +### Midterm Evaluation (July 6-10) **What's Evaluated**: - Progress on project milestones @@ -174,7 +176,7 @@ This period is **not** for coding the main project. Use it to prepare so you can **Success Strategy**: Stay ahead of schedule. Aim for 50-60% completion by midterm to have buffer for unexpected issues. -### Final Evaluation (September 1-8) +### Final Evaluation (August 24-31) **What's Evaluated**: - Completion of project deliverables @@ -254,7 +256,7 @@ For best results, follow this personal timeline: All GSoC deadlines are in **UTC timezone**. Convert to your local time to avoid missing deadlines! -**Example: April 1, 18:00 UTC** +**Example: March 31, 18:00 UTC** - US Pacific (PST/PDT): 10:00 AM / 11:00 AM - US Eastern (EST/EDT): 1:00 PM / 2:00 PM - India (IST): 11:30 PM @@ -264,8 +266,8 @@ Use a [time zone converter](https://www.timeanddate.com/worldclock/converter.htm ## Questions About Timeline? -- Check our [FAQ](/opensource/gsoc/2025/faq) -- Ask in [Discord](https://projectdiscovery.io/community) #gsoc channel +- Check our [FAQ](/opensource/gsoc/2026/faq) +- Ask in [Discord](https://discord.com/invite/projectdiscovery) #gsoc channel - Review [official GSoC timeline](https://summerofcode.withgoogle.com/) Stay organized and good luck! 📅 diff --git a/opensource/gsoc/index.mdx b/opensource/gsoc/index.mdx index 7ce15d80..18c4c713 100644 --- a/opensource/gsoc/index.mdx +++ b/opensource/gsoc/index.mdx @@ -12,12 +12,12 @@ ProjectDiscovery is excited to participate in Google Summer of Code, offering co ## Current Program - Apply for ProjectDiscovery's 2025 program. Join our community and contribute to security tools used by researchers, bug bounty hunters, and security teams globally. + Apply for ProjectDiscovery's 2026 program. Join our community and contribute to security tools used by researchers, bug bounty hunters, and security teams globally. ## Why Contribute to ProjectDiscovery? @@ -55,16 +55,16 @@ ProjectDiscovery maintains popular open source security tools including: Ready to contribute? Here's how to get involved: - + Connect with our community and mentors Try out our open source tools - + Browse available project ideas - + Learn how to apply @@ -72,7 +72,7 @@ Ready to contribute? Here's how to get involved: ## Community -Join our [Discord community](https://projectdiscovery.io/community) to connect with mentors, ask questions, and get started with your first contribution. We're here to help! +Join our [Discord community](https://discord.com/invite/projectdiscovery) to connect with mentors, ask questions, and get started with your first contribution. We're here to help! Explore our [GitHub organization](https://github.com/projectdiscovery) to see our projects and start contributing today. diff --git a/opensource/gsoc/resources/evaluation-criteria.mdx b/opensource/gsoc/resources/evaluation-criteria.mdx index 5d7c16a4..6693d487 100644 --- a/opensource/gsoc/resources/evaluation-criteria.mdx +++ b/opensource/gsoc/resources/evaluation-criteria.mdx @@ -338,6 +338,6 @@ If you have questions about the evaluation process: - **Discord**: Ask in the #gsoc channel - **GitHub**: Review existing project discussions -- **Documentation**: Read our [application process guide](/opensource/gsoc/2025/application-process) +- **Documentation**: Read our [application process guide](/opensource/gsoc/2026/application-process) Good luck with your proposal! diff --git a/opensource/gsoc/resources/proposal-template.mdx b/opensource/gsoc/resources/proposal-template.mdx index 3b2ff92d..45317908 100644 --- a/opensource/gsoc/resources/proposal-template.mdx +++ b/opensource/gsoc/resources/proposal-template.mdx @@ -39,7 +39,7 @@ Quality matters more than quantity. Focus on clear, specific plans rather than l Copy and customize the template below: ```markdown -# GSoC 2025 Proposal: [Your Project Title] +# GSoC 2026 Proposal: [Your Project Title] ## Personal Information @@ -270,5 +270,5 @@ Copy and customize the template below: 5. **Iterate** based on feedback -Need help? Join our [Discord community](https://projectdiscovery.io/community) and ask questions in the #gsoc channel. Mentors are here to help you succeed! +Need help? Join our [Discord community](https://discord.com/invite/projectdiscovery) and ask questions in the #gsoc channel. Mentors are here to help you succeed! From 1ca8db7f1a29ac1fee8d5a3e4e88aae4ab1a1cf3 Mon Sep 17 00:00:00 2001 From: knakul853 Date: Sat, 6 Dec 2025 23:52:33 +0530 Subject: [PATCH 3/5] refactor: enhance GSoC documentation with updated project descriptions, community engagement details, and improved proposal template for clarity and usability --- opensource/gsoc/2026/community-engagement.mdx | 6 +- opensource/gsoc/2026/getting-started.mdx | 33 ++- opensource/gsoc/2026/overview.mdx | 57 +++-- opensource/gsoc/2026/project-ideas.mdx | 229 +++++++++++++++++- opensource/gsoc/index.mdx | 14 +- .../gsoc/resources/proposal-template.mdx | 218 ++++------------- 6 files changed, 343 insertions(+), 214 deletions(-) diff --git a/opensource/gsoc/2026/community-engagement.mdx b/opensource/gsoc/2026/community-engagement.mdx index a6f9de81..ddfe5b2d 100644 --- a/opensource/gsoc/2026/community-engagement.mdx +++ b/opensource/gsoc/2026/community-engagement.mdx @@ -22,9 +22,9 @@ Our main hub for community interaction: **Key Channels for GSoC**: - **#gsoc**: GSoC-specific discussions, questions, and announcements - **#introductions**: Introduce yourself to the community -- **#nuclei**, **#httpx**, **#katana**: Tool-specific technical discussions -- **#general**: General conversations -- **#help**: Get help with our tools +- **#general**: General conversations and technical discussions +- **#help**: Get help with our tools and projects +- **#contributor-chat**: Collaborate with other contributors **When to Use Discord**: - Asking questions about projects or proposals diff --git a/opensource/gsoc/2026/getting-started.mdx b/opensource/gsoc/2026/getting-started.mdx index bd906036..b2867be1 100644 --- a/opensource/gsoc/2026/getting-started.mdx +++ b/opensource/gsoc/2026/getting-started.mdx @@ -15,11 +15,13 @@ Google Summer of Code (GSoC) is a global program that connects new contributors ### Program Benefits -- **💰 Stipend**: Receive payment from Google for your work -- **👨‍🏫 Mentorship**: Learn from experienced security researchers +- **💰 Stipend**: Receive payment from Google for your work (up to $3,000 USD for 350-hour projects) +- **👨‍🏫 Mentorship**: Learn from experienced software engineers and open source maintainers +- **💻 Software Development Skills**: Build production-quality code used by thousands worldwide - **🎓 Experience**: Gain real-world open source development experience -- **🌐 Network**: Connect with the global security community -- **📜 Recognition**: GSoC certificate and achievement on your resume +- **🌐 Network**: Connect with the global developer and security community +- **🏆 Recognition**: GSoC certificate, contributor credit in releases, and portfolio-building projects +- **📈 Career Growth**: Boost your resume with recognized open source contributions Learn more about GSoC on the [official website](https://summerofcode.withgoogle.com/). @@ -59,32 +61,39 @@ Connect with ProjectDiscovery's community on Discord: **What to do**: - Introduce yourself in the #introductions channel - Join the #gsoc channel for program-specific discussions -- Explore tool-specific channels (#nuclei, #httpx, #katana, etc.) +- Ask questions in #general and #help channels ### 2. Explore ProjectDiscovery Tools -Get hands-on experience with our security tools: +Get hands-on experience with our security tools. **Start with simpler tools** to get familiar with our codebase: - - Fast vulnerability scanner + + Subdomain discovery - Great starting point! - Multi-purpose HTTP toolkit + HTTP probing toolkit - Beginner-friendly + + + DNS toolkit - Easy to understand + + + Vulnerability scanner - More advanced - Web crawling framework + Web crawler - More complex - Browse all our tools + Browse all 15+ tools **What to do**: +- **Beginners**: Start with Subfinder or httpx - simpler codebases, easier to contribute - Install and try at least 2-3 tools - Read the documentation - Run examples and understand functionality -- Identify areas for improvement +- Look for areas you could improve or learn from ### 3. Review Project Ideas diff --git a/opensource/gsoc/2026/overview.mdx b/opensource/gsoc/2026/overview.mdx index cbac5c22..2baf4c35 100644 --- a/opensource/gsoc/2026/overview.mdx +++ b/opensource/gsoc/2026/overview.mdx @@ -16,7 +16,7 @@ ProjectDiscovery develops and maintains fast, simple-to-use open source security ### Our Impact - + GitHub Stars across projects @@ -41,18 +41,20 @@ Your contributions will directly impact security tools used in production by tho ### Learn Advanced Skills -- **Security Expertise**: Deep dive into application security, vulnerability research, and exploit development -- **Go Programming**: Master Go by working on high-performance security tools -- **Open Source**: Learn best practices for open source development and community collaboration -- **Software Engineering**: Build scalable, production-grade software with comprehensive testing +- **Software Engineering**: Build scalable, production-grade software with comprehensive testing and code review +- **Go Programming**: Master Go by working on high-performance tools processing millions of requests +- **System Design**: Learn distributed systems, concurrency patterns, and performance optimization +- **Open Source Best Practices**: Contribute to widely-used projects following industry standards +- **Security Knowledge**: Gain understanding of application security and vulnerability discovery ### Expert Mentorship -Work with experienced security researchers and open source maintainers who are passionate about teaching and collaboration. Our mentors have: -- Years of experience in security research -- Deep knowledge of vulnerability discovery -- Proven track record in open source development -- Active involvement in the security community +Work with experienced software engineers and open source maintainers who build tools used globally. Our mentors have: +- Years of experience building production systems at scale +- Deep expertise in Go, distributed systems, and performance engineering +- Proven track record maintaining popular open source projects +- Active involvement in the developer and security communities +- Passion for teaching and helping contributors grow ### Vibrant Community @@ -132,25 +134,30 @@ Ready to apply? Follow these steps: **Pro Tip**: Start early! Contributors who engage with the community and make contributions before applying have a much higher acceptance rate. -## What We're Looking For +## What Helps You Succeed -### Ideal Contributors +We welcome contributors from all backgrounds! Here's what helps ensure a successful GSoC experience: -- Strong programming skills (especially in Go) -- Interest in security and vulnerability research -- Self-motivated and able to work independently -- Good communication skills -- Active participation in open source communities -- Willingness to learn and take feedback +### Skills That Help -### Successful Contributors Will +- **Programming experience** - Comfortable with at least one language (Go experience is great but not required!) +- **Curiosity and eagerness to learn** - We'll teach you what you need to know +- **Good communication** - Able to ask questions, share progress, and collaborate +- **Self-direction** - Can work independently with guidance +- **Openness to feedback** - Willing to learn from code reviews -- Commit 12-30 hours per week (depending on project size) -- Communicate regularly with mentors (at least twice weekly) -- Submit quality code with tests and documentation -- Participate in code reviews -- Engage with the community -- Complete project milestones on time + +**Don't have all these?** That's okay! GSoC is about learning. If you're excited about the project and willing to put in the effort, we encourage you to apply! + + +### What We Hope You'll Do + +- Commit the agreed hours per week (12-15 for 175h projects, 25-30 for 350h projects) +- Check in with your mentor at least twice weekly +- Write code with tests and documentation (we'll help you learn how!) +- Participate in code reviews (great learning opportunity!) +- Engage with the community on Discord +- Make steady progress on your milestones ## Support and Resources diff --git a/opensource/gsoc/2026/project-ideas.mdx b/opensource/gsoc/2026/project-ideas.mdx index e5b5ccf6..cd8b8a7a 100644 --- a/opensource/gsoc/2026/project-ideas.mdx +++ b/opensource/gsoc/2026/project-ideas.mdx @@ -34,7 +34,230 @@ Our projects span different difficulty levels and time commitments: ## Available Projects -### Project 1: Nuclei Template Performance Analyzer + +**New to open source or security tools?** Start with **Project 1 (Subfinder)** or **Project 2 (httpx Testing)** - they're beginner-friendly and focus on software development skills like CLI design, testing, and CI/CD! + + +### Project 1: Subfinder Output Formatting & Export System + + + **Tool**: Subfinder + **Difficulty**: Easy + **Size**: 175 hours + **Mentors**: To be assigned + + +#### Description + +Improve Subfinder's output formatting capabilities and build a flexible export system that allows users to customize how subdomain results are displayed and exported. This beginner-friendly project focuses on developer experience, output formatting, and data export functionality - perfect for contributors new to security tools. + +Subfinder currently supports basic output formats, but users often need custom formatting for integration with other tools, pipelines, or reporting systems. This project will create a flexible output template system and add multiple export formats. + +#### Goals & Deliverables + +- **Output Template System**: Implement customizable output templates: + - User-defined format strings (similar to printf) + - Support for all subdomain data fields + - Color-coded terminal output + - Column alignment and formatting + +- **Export Formats**: Add support for multiple formats: + - CSV with customizable columns + - Markdown tables for reports + - HTML with styling options + - SQLite database export + - Excel (XLSX) format + +- **CLI Enhancements**: Improve command-line experience: + - Interactive mode for selecting export options + - Progress bars with statistics + - Summary reports (total domains, sources, timing) + - Filtering and sorting options + +- **Configuration**: Template and format configuration: + - Saved templates for reuse + - Configuration file support + - Example templates for common use cases + +- **Documentation**: User guides and examples showing: + - How to create custom templates + - Integration with other tools + - Common formatting patterns + +- **Testing**: Unit tests with 80%+ coverage + +#### Technical Skills Required + +**Required**: +- Go programming (beginner to intermediate level) +- Understanding of file formats (JSON, CSV, etc.) +- Basic CLI application experience + +**Preferred**: +- Experience with Go template libraries +- Familiarity with terminal output formatting +- Experience with data export libraries + +#### Skills You'll Learn + +- Go programming best practices +- Working with Go's text/template package +- File format generation (CSV, Excel, SQLite) +- CLI design and user experience +- Testing Go applications +- Working with a popular open source tool + +#### Getting Started + +1. **Read Documentation**: + - [Subfinder Overview](/opensource/subfinder/overview) + - [Subfinder Usage](/opensource/subfinder/usage) + +2. **Experiment with Subfinder**: + - Install and run Subfinder + - Test different output formats + - Try piping output to other tools + - Identify formatting limitations + +3. **Explore Codebase**: + - Review Subfinder's output handling code + - Understand current format implementation + - Look at how other Go tools handle templates + +4. **Make Contributions**: + - Fix documentation issues + - Add tests + - Report bugs or suggest improvements + +5. **Research Similar Tools**: + - Study how tools like jq, awk handle formatting + - Look at template systems in other Go CLI tools + - Identify best practices + +#### Related Links + +- [Subfinder GitHub](https://github.com/projectdiscovery/subfinder) +- [Subfinder Documentation](/opensource/subfinder) + +--- + +### Project 2: httpx Testing & CI/CD Infrastructure + + + **Tool**: httpx + **Difficulty**: Easy-Medium + **Size**: 175 hours + **Mentors**: To be assigned + + +#### Description + +Enhance httpx's testing infrastructure and CI/CD pipeline to improve code quality, catch bugs earlier, and make it easier for contributors to add features with confidence. This project focuses on developer tooling and testing - great for someone interested in software quality and DevOps. + +While httpx has basic tests, there's significant room for improvement in test coverage, integration testing, and automated quality checks. This project will build a comprehensive testing framework and improve the contributor experience. + +#### Goals & Deliverables + +- **Integration Test Suite**: Create comprehensive integration tests: + - Test server/mock infrastructure for HTTP testing + - Tests for various HTTP scenarios (redirects, timeouts, errors) + - Tests for different server technologies + - Tests for edge cases and error handling + - Performance regression tests + +- **Test Coverage Improvements**: Increase test coverage to 75%+: + - Identify untested code paths + - Add unit tests for core functionality + - Add tests for CLI flags and options + - Document testing guidelines + +- **CI/CD Enhancements**: Improve GitHub Actions workflows: + - Add automated code quality checks (linting, formatting) + - Implement security scanning (gosec, etc.) + - Add performance benchmarking in CI + - Create release automation + - Add dependency update checks + +- **Developer Tools**: Build tools for contributors: + - Local development environment setup scripts + - Test helpers and utilities + - Code generation for repetitive tasks + - Pre-commit hooks for quality checks + +- **Documentation**: Create contributor guides: + - Testing best practices + - How to run tests locally + - CI/CD architecture documentation + - Contributing guidelines improvements + +- **Monitoring**: Add observability: + - Code coverage reporting and badges + - Test execution time tracking + - Flaky test detection + +#### Technical Skills Required + +**Required**: +- Go programming (intermediate level) +- Understanding of testing concepts (unit, integration, e2e) +- Basic CI/CD knowledge (GitHub Actions or similar) +- Git and GitHub workflow + +**Preferred**: +- Experience with Go testing frameworks +- Docker knowledge (for test containers) +- CI/CD pipeline experience +- Experience with code quality tools + +#### Skills You'll Learn + +- Go testing best practices and patterns +- Integration testing strategies +- CI/CD pipeline design and implementation +- Code quality automation +- Developer experience optimization +- Working with GitHub Actions +- Test infrastructure design + +#### Getting Started + +1. **Read Documentation**: + - [httpx Overview](/opensource/httpx/overview) + - [httpx Usage](/opensource/httpx/usage) + +2. **Analyze Current State**: + - Run existing tests: `go test ./...` + - Check test coverage: `go test -cover ./...` + - Review CI/CD workflows in `.github/workflows/` + - Identify gaps in test coverage + +3. **Research Best Practices**: + - Study Go testing patterns + - Look at well-tested Go projects + - Research integration testing approaches + - Study CI/CD best practices + +4. **Explore Codebase**: + - Review httpx's architecture + - Understand core functionality + - Identify critical paths needing tests + - Look at existing test structure + +5. **Make Contributions**: + - Add tests for uncovered code + - Fix failing or flaky tests + - Improve test documentation + - Suggest CI improvements + +#### Related Links + +- [httpx GitHub](https://github.com/projectdiscovery/httpx) +- [httpx Documentation](/opensource/httpx) +- [Go Testing](https://go.dev/doc/tutorial/add-a-test) + +--- + +### Project 3: Nuclei Template Performance Analyzer **Tool**: Nuclei @@ -127,7 +350,7 @@ Currently, template authors have limited visibility into performance characteris --- -### Project 2: Katana JavaScript Rendering Enhancement +### Project 4: Katana JavaScript Rendering Enhancement **Tool**: Katana @@ -236,7 +459,7 @@ Modern web applications use frameworks like React, Vue, and Angular that render --- -### Project 3: httpx Response Analysis Framework +### Project 5: httpx Response Analysis Framework **Tool**: httpx diff --git a/opensource/gsoc/index.mdx b/opensource/gsoc/index.mdx index 18c4c713..e9005497 100644 --- a/opensource/gsoc/index.mdx +++ b/opensource/gsoc/index.mdx @@ -28,14 +28,20 @@ ProjectDiscovery maintains a suite of open source security tools that are active Your code will be used by security professionals, bug bounty hunters, and organizations worldwide to discover and remediate vulnerabilities. - - Gain deep knowledge of application security, vulnerability research, and secure coding practices. + + Develop production-quality Go code for high-performance security tools used in real-world environments. - Work directly with experienced security researchers and open source maintainers. + Work directly with experienced software engineers and open source maintainers who build tools at scale. + + + Earn GSoC certificate, contributor credits, and build an impressive portfolio of open source work. - Join a vibrant community of security enthusiasts on Discord and GitHub with 20,000+ members. + Join a vibrant community on Discord and GitHub with 20,000+ members and 100,000+ GitHub stars. + + + Gain knowledge in application security, performance optimization, and distributed systems while building real tools. diff --git a/opensource/gsoc/resources/proposal-template.mdx b/opensource/gsoc/resources/proposal-template.mdx index 45317908..6a891473 100644 --- a/opensource/gsoc/resources/proposal-template.mdx +++ b/opensource/gsoc/resources/proposal-template.mdx @@ -12,26 +12,11 @@ Use this template as a starting point for your Google Summer of Code proposal. A ## How to Use This Template -Copy the template below and fill in each section with your specific details. Be clear, concise, and specific about your plans. +Copy the template below and fill in each section with your specific details. Be clear, concise, and specific about your plans. Focus on quality over quantity - a concise, well-thought-out proposal is better than a lengthy one. -### What to Include - -- **Personal Information**: Contact details and background -- **Project Description**: Clear explanation of what you'll build -- **Implementation Plan**: Detailed timeline with milestones -- **Qualifications**: Your relevant skills and experience -- **Community Engagement**: Prior contributions and involvement - -### Length Recommendations - -- **Total Length**: 5-10 pages -- **Project Description**: 1-2 pages -- **Implementation Plan**: 2-3 pages with detailed milestones -- **Qualifications**: 1-2 pages - -Quality matters more than quantity. Focus on clear, specific plans rather than lengthy descriptions. +**Keep it focused**: Aim for 5-7 pages total. Reviewers value clarity and specificity over length. ## Template @@ -47,188 +32,86 @@ Copy and customize the template below: - **Email**: [your.email@example.com] - **GitHub**: [github.com/yourusername] - **Discord**: [YourDiscord#1234] -- **University**: [Your University Name] -- **Major/Year**: [Your Major, Expected Graduation Year] - **Time Zone**: [Your Time Zone] -- **Location**: [Country, City] +- **Expected Hours**: [175 or 350 hours] ## Abstract -[Write a 2-3 sentence summary of your project. This should be a high-level overview that captures the essence of what you're proposing.] +[Write 2-3 sentences summarizing what you'll build, how, and why it matters.] ## Project Description -### Background and Motivation - -[Explain the context of the problem you're solving. Why is this project important? What need does it address?] +### What Problem Are You Solving? -### Problem Statement +[Describe the current limitation or gap. Why does this matter?] -[Clearly define the specific problem or gap your project will address. Be specific about current limitations.] +### Your Solution -### Proposed Solution +[Explain what you'll build and how it will work. Include key technical approaches.] -[Describe your approach to solving the problem. What will you build or implement? How will it work?] +### Expected Outcome -### Technical Approach +[List concrete deliverables - what will exist at the end that doesn't exist now?] -[Provide technical details about your implementation approach. What technologies, libraries, or frameworks will you use? What architecture or design patterns?] +## Timeline -### Expected Outcomes +Break your project into phases with weekly milestones: -[List the concrete deliverables and outcomes. What will exist at the end of the project that doesn't exist now?] - -## Implementation Plan - -### Phase 1: [Phase Name] (Weeks 1-4) - -**Goals**: -- [Primary goal 1] -- [Primary goal 2] - -**Milestones**: +### Weeks 1-4: [Phase Name] - Week 1: [Specific milestone] - Week 2: [Specific milestone] - Week 3: [Specific milestone] - Week 4: [Specific milestone] -**Deliverables**: -- [Concrete deliverable 1] -- [Concrete deliverable 2] - -### Phase 2: [Phase Name] (Weeks 5-8) - -**Goals**: -- [Primary goal 1] -- [Primary goal 2] - -**Milestones**: +### Weeks 5-8: [Phase Name] - Week 5: [Specific milestone] - Week 6: [Specific milestone] - Week 7: [Specific milestone] - Week 8: [Specific milestone] -**Deliverables**: -- [Concrete deliverable 1] -- [Concrete deliverable 2] - -### Phase 3: [Phase Name] (Weeks 9-12) - -**Goals**: -- [Primary goal 1] -- [Primary goal 2] - -**Milestones**: +### Weeks 9-12: [Phase Name] - Week 9: [Specific milestone] - Week 10: [Specific milestone] -- Week 11: [Specific milestone] -- Week 12: [Specific milestone] - -**Deliverables**: -- [Concrete deliverable 1] -- [Concrete deliverable 2] - -[Continue with additional phases as needed for 350-hour projects] - -### Testing Strategy - -[Describe how you'll test your implementation. What types of tests will you write? How will you ensure quality?] - -### Documentation Plan +- Week 11: [Testing and documentation] +- Week 12: [Final polish and documentation] -[Explain how you'll document your work. User guides? API documentation? Code comments?] +[Add more weeks for 350-hour projects] -### Potential Challenges and Mitigation +### Testing & Documentation -| Challenge | Mitigation Strategy | -|-----------|-------------------| -| [Challenge 1] | [How you'll address it] | -| [Challenge 2] | [How you'll address it] | +**Testing**: [How you'll test - unit tests, integration tests, benchmarks] -## Qualifications +**Documentation**: [What docs you'll create - README updates, code comments, user guides] -### Relevant Experience +## Your Background -[Describe your background and experience relevant to this project. Programming experience, coursework, personal projects, etc.] +### Skills & Experience -### Technical Skills +**Go Experience**: [Describe your Go programming experience] -**Programming Languages**: -- [Language 1]: [Proficiency level - Beginner/Intermediate/Advanced] -- [Language 2]: [Proficiency level] -- Go: [Your Go experience level] +**Relevant Skills**: [List 3-5 key skills relevant to this project] -**Tools and Technologies**: -- [Tool/Technology 1]: [Experience level] -- [Tool/Technology 2]: [Experience level] - -**Security Experience**: -[Describe any security-related experience or knowledge] +**Past Projects**: [Briefly describe 1-2 relevant projects you've built] ### Contributions to ProjectDiscovery -[List your contributions to ProjectDiscovery projects. Include PR links, issue reports, documentation improvements, etc.] +[List your contributions with links. This is important!] -- PR #XXX: [Brief description] - [Link] -- Issue #XXX: [Brief description] - [Link] +- PR #XXX: [Description] - [Link] +- Issue #XXX: [Description] - [Link] - [Other contributions] -### Other Open Source Contributions - -[List relevant contributions to other open source projects, if any] - -- Project: [Contribution description] - [Link] - -### Past Projects - -[Describe 1-2 relevant past projects that demonstrate your ability to complete this work] - -**Project Name**: [Name] -- Description: [What you built] -- Technologies: [What you used] -- Link: [GitHub or demo link if available] - -## Availability and Time Commitment - -### Availability - -[Describe your availability during the GSoC period. Be honest about any commitments, exams, or conflicts.] - -- **Total Hours**: [175 or 350 hours over X weeks] -- **Weekly Commitment**: [X hours per week] -- **Peak Availability**: [When you're most available] -- **Limited Availability**: [Any known conflicts or reduced availability periods] +## Availability -### Communication Plan +[Be honest about your schedule] -[Explain how you'll stay in touch with mentors] +- **Weekly Hours**: [12-15 hours for 175h projects, 25-30 hours for 350h projects] +- **Any Conflicts**: [Exams, travel, other commitments?] +- **Communication**: [How often you'll check in - suggest 2x weekly minimum] -- **Weekly Sync**: [Proposed meeting schedule] -- **Daily Updates**: [How you'll provide progress updates] -- **Primary Channel**: [Discord, Email, etc.] -- **Response Time**: [Your expected response time] +## Why This Project? -## Post-GSoC Plans - -[Explain how you plan to continue contributing after GSoC ends. Long-term maintenance? Additional features? Community involvement?] - -## Why ProjectDiscovery? - -[Explain why you want to work with ProjectDiscovery specifically. What attracts you to the organization and this project?] - -## References - -**Project Links**: -- [Relevant tool documentation] -- [Related GitHub issues] -- [Technical references] - -**External Resources**: -- [Papers, articles, or documentation you've researched] - -**Contact**: -- Best way to reach me: [Email/Discord/etc.] -- Preferred communication times: [Your timezone and available hours] +[Briefly explain why you're interested in this project and ProjectDiscovery] ``` ## Tips for a Strong Proposal @@ -251,24 +134,25 @@ Copy and customize the template below: ## Before You Submit -**Review Checklist**: -- [ ] All sections are complete and specific -- [ ] Timeline is realistic and detailed -- [ ] Technical approach is clear -- [ ] You've made prior contributions to ProjectDiscovery -- [ ] You've discussed your proposal with mentors -- [ ] Proposal is proofread for clarity and grammar -- [ ] Links work and references are accurate +**Quick Checklist**: +- [ ] Timeline has specific weekly milestones (not vague goals) +- [ ] You've made prior contributions to ProjectDiscovery (critical!) +- [ ] You've discussed your idea with mentors on Discord +- [ ] Proposal is proofread and links work +- [ ] You're being realistic about scope and time ## Next Steps -1. **Copy this template** and fill in your details -2. **Discuss with mentors** on Discord before finalizing -3. **Review** the [evaluation criteria](/opensource/gsoc/resources/evaluation-criteria) -4. **Submit** via the official GSoC website -5. **Iterate** based on feedback +1. **Fill out the template** above with your specific details +2. **Share a draft** with mentors on Discord (#gsoc channel) +3. **Incorporate feedback** and iterate +4. **Submit** via the [GSoC website](https://summerofcode.withgoogle.com/) + + +**Pro Tip**: Start early and get feedback! Mentors can help refine your approach before you submit. + -Need help? Join our [Discord community](https://discord.com/invite/projectdiscovery) and ask questions in the #gsoc channel. Mentors are here to help you succeed! +Questions? Join our [Discord community](https://discord.com/invite/projectdiscovery) and ask in the #gsoc channel. We're here to help! From fd5f05723a799bf1193523b327ab69e0f3dc1a52 Mon Sep 17 00:00:00 2001 From: knakul853 Date: Fri, 23 Jan 2026 17:01:09 +0530 Subject: [PATCH 4/5] fix: updated idea list --- opensource/gsoc/2026/overview.mdx | 16 +- opensource/gsoc/2026/project-ideas.mdx | 986 ++++++++++++++++--------- 2 files changed, 633 insertions(+), 369 deletions(-) diff --git a/opensource/gsoc/2026/overview.mdx b/opensource/gsoc/2026/overview.mdx index 2baf4c35..438a72fa 100644 --- a/opensource/gsoc/2026/overview.mdx +++ b/opensource/gsoc/2026/overview.mdx @@ -67,20 +67,20 @@ Join our active community on Discord with 20,000+ members: ## 2026 Program Details -**Application Timeline**: Applications open March 18 and close April 1, 2026 at 18:00 UTC. Don't miss the deadline! +**Application Timeline**: Applications open March 16 and close March 31, 2026 at 18:00 UTC. Don't miss the deadline! ### Key Dates | Date | Event | |------|-------| -| March 18, 2026 | Applications Open | -| April 1, 2026 | Application Deadline (18:00 UTC) | -| May 1, 2026 | Selected Contributors Announced | -| May 1-26, 2026 | Community Bonding Period | -| May 27, 2026 | Coding Period Begins | -| July 7-14, 2026 | Midterm Evaluations | -| September 1-8, 2026 | Final Evaluations | +| March 16, 2026 | Applications Open | +| March 31, 2026 | Application Deadline (18:00 UTC) | +| April 30, 2026 | Selected Contributors Announced | +| May 1-24, 2026 | Community Bonding Period | +| May 25, 2026 | Coding Period Begins | +| July 6-10, 2026 | Midterm Evaluations | +| August 24-31, 2026 | Final Evaluations | [View full timeline →](/opensource/gsoc/2026/timeline) diff --git a/opensource/gsoc/2026/project-ideas.mdx b/opensource/gsoc/2026/project-ideas.mdx index cd8b8a7a..307b2f81 100644 --- a/opensource/gsoc/2026/project-ideas.mdx +++ b/opensource/gsoc/2026/project-ideas.mdx @@ -28,539 +28,805 @@ Our projects span different difficulty levels and time commitments: | Difficulty | Hours | Suitable For | |------------|-------|--------------| -| **Easy-Medium** | 175 hours | First-time contributors, focused features | -| **Medium** | 350 hours | Moderate experience, substantial features | +| **Easy** | 175 hours | First-time contributors, focused features | +| **Medium** | 175-350 hours | Moderate experience, substantial features | | **Hard** | 350 hours | Experienced contributors, complex projects | +### Projects by Difficulty + +| Category | Projects | +|----------|----------| +| **Beginner-Friendly** | Project 5 (Wappalyzer Detection) | +| **Intermediate** | Projects 2, 3, 4, 7 (GraphQL, XSS Analyzer, Honeypot, SDK) | +| **Advanced** | Projects 1, 6, 8 (DAST Engine, Auth Support, TLS Fingerprinting) | + ## Available Projects -**New to open source or security tools?** Start with **Project 1 (Subfinder)** or **Project 2 (httpx Testing)** - they're beginner-friendly and focus on software development skills like CLI design, testing, and CI/CD! +**This year's focus**: Most projects center on **Nuclei**, our flagship vulnerability scanner. We're looking for contributors to enhance its core scanning capabilities, authentication support, and integration features. -### Project 1: Subfinder Output Formatting & Export System +--- + +### Project 1: Proxy-Driven DAST Engine + + +**Community Contribution** - This project idea was proposed by community member [xhzeem](https://github.com/xhzeem) in [Discussion #6782](https://github.com/orgs/projectdiscovery/discussions/6782). We welcome and credit community-proposed ideas! + - **Tool**: Subfinder - **Difficulty**: Easy - **Size**: 175 hours + **Tool**: Nuclei + **Difficulty**: Hard + **Size**: 350 hours **Mentors**: To be assigned + **Reference**: [Discussion #6782](https://github.com/orgs/projectdiscovery/discussions/6782) #### Description -Improve Subfinder's output formatting capabilities and build a flexible export system that allows users to customize how subdomain results are displayed and exported. This beginner-friendly project focuses on developer experience, output formatting, and data export functionality - perfect for contributors new to security tools. +Build a proxy-based Dynamic Application Security Testing (DAST) engine for Nuclei that bridges the gap between stateless template scanning and complex authenticated web application testing. This project implements traffic interception with session tracking, enabling Nuclei to test applications that require multi-step authentication flows, CSRF tokens, and stateful session handling. -Subfinder currently supports basic output formats, but users often need custom formatting for integration with other tools, pipelines, or reporting systems. This project will create a flexible output template system and add multiple export formats. +Currently, Nuclei excels at stateless vulnerability detection but struggles with modern web applications that require maintaining session state across requests. This DAST engine will intercept live traffic, track sessions, and apply template-driven attacks while preserving application state. #### Goals & Deliverables -- **Output Template System**: Implement customizable output templates: - - User-defined format strings (similar to printf) - - Support for all subdomain data fields - - Color-coded terminal output - - Column alignment and formatting - -- **Export Formats**: Add support for multiple formats: - - CSV with customizable columns - - Markdown tables for reports - - HTML with styling options - - SQLite database export - - Excel (XLSX) format - -- **CLI Enhancements**: Improve command-line experience: - - Interactive mode for selecting export options - - Progress bars with statistics - - Summary reports (total domains, sources, timing) - - Filtering and sorting options - -- **Configuration**: Template and format configuration: - - Saved templates for reuse - - Configuration file support - - Example templates for common use cases - -- **Documentation**: User guides and examples showing: - - How to create custom templates - - Integration with other tools - - Common formatting patterns - -- **Testing**: Unit tests with 80%+ coverage +- **Proxy Infrastructure**: Implement MITM proxy for traffic interception: + - HTTP/HTTPS traffic interception + - WebSocket support + - Certificate generation and management + - Request/response modification hooks + +- **Dual Operation Modes**: + - **Target Mode**: Automated crawling with session preservation + - **Proxy Mode**: Live traffic interception during manual browsing + +- **Session Management**: + - Cookie and token tracking across requests + - CSRF token extraction and replay + - Authentication state preservation + - Session invalidation detection + +- **Template Integration**: + - DSL extensions for session-aware attacks + - Stateful matcher and extractor support + - Template chaining for multi-step attacks + - Context injection from captured traffic + +- **Documentation**: Architecture docs, usage guides, and example templates +- **Testing**: Comprehensive test suite with mock applications #### Technical Skills Required **Required**: -- Go programming (beginner to intermediate level) -- Understanding of file formats (JSON, CSV, etc.) -- Basic CLI application experience +- Strong Go programming skills +- Deep understanding of HTTP/HTTPS protocols +- Experience with proxy/MITM concepts +- Knowledge of web authentication mechanisms **Preferred**: -- Experience with Go template libraries -- Familiarity with terminal output formatting -- Experience with data export libraries +- Experience with tools like Burp Suite, mitmproxy, or ZAP +- Understanding of CSRF, session management vulnerabilities +- Familiarity with Nuclei's template DSL +- TLS/certificate handling experience #### Skills You'll Learn -- Go programming best practices -- Working with Go's text/template package -- File format generation (CSV, Excel, SQLite) -- CLI design and user experience -- Testing Go applications -- Working with a popular open source tool +- Building MITM proxy infrastructure +- Web application security testing methodologies +- Session management and authentication flows +- Nuclei's internal architecture and DSL +- DAST tooling design patterns +- Complex state management in security tools #### Getting Started 1. **Read Documentation**: - - [Subfinder Overview](/opensource/subfinder/overview) - - [Subfinder Usage](/opensource/subfinder/usage) + - [Nuclei Overview](/opensource/nuclei/overview) + - [Nuclei Templates](/templates/introduction) + - Review the [original discussion](https://github.com/orgs/projectdiscovery/discussions/6782) -2. **Experiment with Subfinder**: - - Install and run Subfinder - - Test different output formats - - Try piping output to other tools - - Identify formatting limitations +2. **Study DAST Tools**: + - Understand how Burp Suite and ZAP handle sessions + - Learn about MITM proxy architecture + - Study authentication flow testing 3. **Explore Codebase**: - - Review Subfinder's output handling code - - Understand current format implementation - - Look at how other Go tools handle templates + - Review Nuclei's HTTP protocol implementation + - Understand template execution flow + - Look at existing session handling code 4. **Make Contributions**: - - Fix documentation issues - - Add tests - - Report bugs or suggest improvements - -5. **Research Similar Tools**: - - Study how tools like jq, awk handle formatting - - Look at template systems in other Go CLI tools - - Identify best practices + - Fix "good-first-issue" bugs in Nuclei + - Add tests or documentation + - Contribute to discussions on the feature #### Related Links -- [Subfinder GitHub](https://github.com/projectdiscovery/subfinder) -- [Subfinder Documentation](/opensource/subfinder) +- [Original Discussion by xhzeem](https://github.com/orgs/projectdiscovery/discussions/6782) +- [Nuclei GitHub](https://github.com/projectdiscovery/nuclei) +- [Nuclei Documentation](/opensource/nuclei) --- -### Project 2: httpx Testing & CI/CD Infrastructure +### Project 2: GraphQL Fuzzing Support - **Tool**: httpx - **Difficulty**: Easy-Medium - **Size**: 175 hours + **Tool**: Nuclei + **Difficulty**: Medium + **Size**: 350 hours **Mentors**: To be assigned + **Reference**: [Issue #5717](https://github.com/projectdiscovery/nuclei/issues/5717) #### Description -Enhance httpx's testing infrastructure and CI/CD pipeline to improve code quality, catch bugs earlier, and make it easier for contributors to add features with confidence. This project focuses on developer tooling and testing - great for someone interested in software quality and DevOps. +Implement comprehensive GraphQL security testing capabilities in Nuclei, including schema introspection, field-level injection testing, and GraphQL-specific attack patterns. GraphQL APIs are increasingly common but have unique security considerations that differ from REST APIs. -While httpx has basic tests, there's significant room for improvement in test coverage, integration testing, and automated quality checks. This project will build a comprehensive testing framework and improve the contributor experience. +Many organizations are adopting GraphQL, but security testing tools haven't kept pace. This project will add native GraphQL support to Nuclei, enabling security professionals to test GraphQL endpoints with the same ease as HTTP endpoints. #### Goals & Deliverables -- **Integration Test Suite**: Create comprehensive integration tests: - - Test server/mock infrastructure for HTTP testing - - Tests for various HTTP scenarios (redirects, timeouts, errors) - - Tests for different server technologies - - Tests for edge cases and error handling - - Performance regression tests - -- **Test Coverage Improvements**: Increase test coverage to 75%+: - - Identify untested code paths - - Add unit tests for core functionality - - Add tests for CLI flags and options - - Document testing guidelines - -- **CI/CD Enhancements**: Improve GitHub Actions workflows: - - Add automated code quality checks (linting, formatting) - - Implement security scanning (gosec, etc.) - - Add performance benchmarking in CI - - Create release automation - - Add dependency update checks - -- **Developer Tools**: Build tools for contributors: - - Local development environment setup scripts - - Test helpers and utilities - - Code generation for repetitive tasks - - Pre-commit hooks for quality checks - -- **Documentation**: Create contributor guides: - - Testing best practices - - How to run tests locally - - CI/CD architecture documentation - - Contributing guidelines improvements - -- **Monitoring**: Add observability: - - Code coverage reporting and badges - - Test execution time tracking - - Flaky test detection +- **Schema Discovery**: + - GraphQL introspection query support + - Schema parsing and analysis + - Type and field enumeration + - Deprecated field detection + +- **Injection Testing**: + - Field-level SQL injection testing + - NoSQL injection in resolvers + - IDOR through object references + - Input validation bypass + +- **GraphQL-Specific Attacks**: + - Query depth attacks (DoS) + - Batch query attacks + - Alias-based rate limit bypass + - Field duplication attacks + - Circular fragment attacks + +- **Template DSL Extensions**: + - GraphQL query builders + - Schema-aware payload generation + - Response parsing helpers + - Mutation testing support + +- **Built-in Templates**: Security templates for common GraphQL vulnerabilities +- **Documentation**: Usage guides and template examples #### Technical Skills Required **Required**: - Go programming (intermediate level) -- Understanding of testing concepts (unit, integration, e2e) -- Basic CI/CD knowledge (GitHub Actions or similar) -- Git and GitHub workflow +- Strong understanding of GraphQL specification +- HTTP protocol knowledge +- Experience with API security testing **Preferred**: -- Experience with Go testing frameworks -- Docker knowledge (for test containers) -- CI/CD pipeline experience -- Experience with code quality tools +- GraphQL server implementation experience +- Knowledge of common GraphQL vulnerabilities +- Familiarity with Nuclei templates +- Experience with other GraphQL security tools #### Skills You'll Learn -- Go testing best practices and patterns -- Integration testing strategies -- CI/CD pipeline design and implementation -- Code quality automation -- Developer experience optimization -- Working with GitHub Actions -- Test infrastructure design +- GraphQL protocol internals +- API security testing methodologies +- Nuclei template DSL development +- Security scanner architecture +- Building protocol-specific testing modules #### Getting Started 1. **Read Documentation**: - - [httpx Overview](/opensource/httpx/overview) - - [httpx Usage](/opensource/httpx/usage) - -2. **Analyze Current State**: - - Run existing tests: `go test ./...` - - Check test coverage: `go test -cover ./...` - - Review CI/CD workflows in `.github/workflows/` - - Identify gaps in test coverage - -3. **Research Best Practices**: - - Study Go testing patterns - - Look at well-tested Go projects - - Research integration testing approaches - - Study CI/CD best practices - -4. **Explore Codebase**: - - Review httpx's architecture - - Understand core functionality - - Identify critical paths needing tests - - Look at existing test structure - -5. **Make Contributions**: - - Add tests for uncovered code - - Fix failing or flaky tests - - Improve test documentation - - Suggest CI improvements + - [Nuclei Overview](/opensource/nuclei/overview) + - [GraphQL Specification](https://graphql.org/learn/) + - Review [Issue #5717](https://github.com/projectdiscovery/nuclei/issues/5717) + +2. **Learn GraphQL Security**: + - Study common GraphQL vulnerabilities + - Practice with vulnerable GraphQL apps (DVGA, etc.) + - Understand introspection and schema analysis + +3. **Explore Nuclei Codebase**: + - Review protocol implementations (HTTP, DNS, etc.) + - Understand how new protocols are added + - Look at existing request/response handling + +4. **Make Contributions**: + - Fix issues in Nuclei + - Write GraphQL security templates (manual for now) + - Document GraphQL testing approaches #### Related Links -- [httpx GitHub](https://github.com/projectdiscovery/httpx) -- [httpx Documentation](/opensource/httpx) -- [Go Testing](https://go.dev/doc/tutorial/add-a-test) +- [GitHub Issue #5717](https://github.com/projectdiscovery/nuclei/issues/5717) +- [Nuclei GitHub](https://github.com/projectdiscovery/nuclei) +- [GraphQL Security Resources](https://graphql.org/learn/best-practices/) --- -### Project 3: Nuclei Template Performance Analyzer +### Project 3: XSS Context Analyzer **Tool**: Nuclei **Difficulty**: Medium **Size**: 350 hours **Mentors**: To be assigned + **Reference**: [Issue #5838](https://github.com/projectdiscovery/nuclei/issues/5838) #### Description -Build a comprehensive performance analysis tool for Nuclei templates that helps template authors identify bottlenecks and optimize their templates for faster scanning. This project involves understanding Nuclei's template engine internals, implementing profiling hooks, collecting performance metrics, and creating visualizations to help users understand where time is spent during template execution. +Build an intelligent XSS context analyzer for Nuclei that detects injection contexts and generates context-aware payloads. Instead of blindly throwing XSS payloads, this system will analyze where user input appears in the response and craft appropriate payloads for that specific context. -Currently, template authors have limited visibility into performance characteristics. This tool will provide detailed insights into execution time, network calls, matching operations, and resource usage, enabling data-driven optimization decisions. +Current XSS testing often relies on large payload lists that may not work in specific contexts. This analyzer will identify whether input lands in HTML content, JavaScript, attributes, URLs, or CSS, then suggest or generate payloads optimized for that context. #### Goals & Deliverables -- **Profiling Framework**: Implement hooks in Nuclei's template engine to collect timing and resource metrics -- **Metrics Collection**: Gather detailed data on: - - Template execution time breakdown - - Network request/response times - - Matcher evaluation performance - - Memory and CPU usage per template -- **CLI Analysis Tool**: Build command-line interface for: - - Running profiling sessions - - Generating performance reports - - Comparing template performance - - Identifying optimization opportunities -- **Web Dashboard**: Create visualization interface showing: - - Flame graphs for execution traces - - Timeline views of template execution - - Performance comparisons - - Bottleneck identification -- **Documentation**: Comprehensive guide for using the profiler and interpreting results -- **Test Coverage**: Unit and integration tests with 75%+ coverage +- **Context Detection**: + - HTML body context + - HTML attribute context (quoted/unquoted) + - JavaScript context (string, template literal, code) + - URL context (href, src, etc.) + - CSS context (style attributes, stylesheets) + - Event handler context + +- **Payload Generation**: + - Context-specific payload selection + - Encoding-aware payload generation + - Filter bypass suggestions + - Payload mutation for WAF evasion + +- **Template DSL Functions**: + - `xss_context()` - detect injection context + - `xss_payload()` - generate appropriate payload + - `xss_encode()` - context-aware encoding + - Filter detection and bypass helpers + +- **Analysis Features**: + - Reflection point identification + - Character filtering detection + - Encoding transformation analysis + - Confidence scoring for contexts + +- **Built-in Templates**: Context-aware XSS detection templates +- **Documentation**: Context analysis guide and examples #### Technical Skills Required **Required**: -- Strong Go programming skills -- Understanding of profiling and benchmarking concepts -- Experience with performance optimization -- Familiarity with data collection and analysis +- Go programming (intermediate level) +- Deep understanding of XSS vulnerabilities +- HTML/JavaScript parsing knowledge +- Web security testing experience **Preferred**: -- Experience with Go profiling tools (pprof, trace) -- Web development (for dashboard - can use existing frameworks) -- Knowledge of Nuclei or similar scanning tools -- Database experience (for metrics storage) +- Experience with XSS filter bypass techniques +- Knowledge of browser parsing quirks +- Familiarity with Nuclei's DSL +- HTML parsing library experience #### Skills You'll Learn -- Nuclei template engine architecture and internals -- Go profiling tools and techniques (pprof, runtime/trace) -- Performance optimization strategies for high-throughput systems -- Building developer tools and CLIs -- Data visualization and dashboard creation -- Security scanner workflows and patterns +- Advanced XSS attack techniques +- HTML/JavaScript parsing internals +- Context-aware security testing +- Nuclei DSL extension development +- Browser security model understanding #### Getting Started 1. **Read Documentation**: - [Nuclei Overview](/opensource/nuclei/overview) - - [Nuclei Templates](/templates/introduction) + - Review [Issue #5838](https://github.com/projectdiscovery/nuclei/issues/5838) -2. **Explore Nuclei**: - - Install Nuclei and run sample scans - - Study template structure and execution - - Profile current performance using Go tools +2. **Study XSS Contexts**: + - Learn about different injection contexts + - Practice identifying contexts manually + - Study XSS filter bypass techniques -3. **Understand Codebase**: - - Review Nuclei's template engine code - - Identify key execution paths - - Look at existing performance considerations +3. **Explore Codebase**: + - Review Nuclei's matcher and extractor code + - Understand DSL function implementation + - Look at existing helper functions 4. **Make Contributions**: - - Fix "good-first-issue" bugs - - Improve documentation - - Add tests or examples + - Write XSS detection templates + - Improve existing templates + - Document XSS testing approaches + +#### Related Links + +- [GitHub Issue #5838](https://github.com/projectdiscovery/nuclei/issues/5838) +- [Nuclei GitHub](https://github.com/projectdiscovery/nuclei) +- [XSS Filter Evasion Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.html) + +--- -5. **Discuss Your Approach**: - - Share your ideas in Discord #gsoc channel - - Get feedback from mentors - - Refine your proposal +### Project 4: Honeypot Detection System + + + **Tool**: Nuclei + **Difficulty**: Medium + **Size**: 175 hours + **Mentors**: To be assigned + **Reference**: [Issue #6403](https://github.com/projectdiscovery/nuclei/issues/6403) + + +#### Description + +Implement a honeypot and tarpit detection system for Nuclei to reduce false positives and avoid wasting resources on decoy systems. Security scanners often encounter honeypots (like Shodan's decoys) that respond positively to everything, generating misleading results. + +Honeypots can skew scan results and waste time during security assessments. This detection system will identify likely honeypots through behavioral analysis and response anomalies, allowing users to skip or tag suspicious targets. + +#### Goals & Deliverables + +- **Detection Techniques**: + - Response anomaly detection (too many open ports) + - Banner inconsistency analysis + - Service fingerprint mismatches + - Suspicious response patterns + - Known honeypot signatures + +- **Scoring System**: + - Configurable confidence threshold + - Multiple indicator aggregation + - Weighted scoring algorithm + - Confidence level reporting + +- **Integration Options**: + - Pre-scan detection phase + - Runtime detection during scanning + - Post-scan result filtering + - Tag-based result categorization + +- **User Controls**: + - Skip honeypots automatically + - Tag results for manual review + - Configurable sensitivity levels + - Whitelist/blacklist support + +- **Detection Templates**: Templates for common honeypot types +- **Documentation**: Detection methodology and configuration guide + +#### Technical Skills Required + +**Required**: +- Go programming (intermediate level) +- Understanding of network protocols +- Knowledge of how honeypots work +- Basic statistics for anomaly detection + +**Preferred**: +- Experience with honeypot systems +- Network fingerprinting knowledge +- Familiarity with Nuclei internals +- Security scanning experience + +#### Skills You'll Learn + +- Honeypot detection methodologies +- Network fingerprinting techniques +- Anomaly detection algorithms +- Nuclei's scanning pipeline +- False positive reduction strategies + +#### Getting Started + +1. **Read Documentation**: + - [Nuclei Overview](/opensource/nuclei/overview) + - Review [Issue #6403](https://github.com/projectdiscovery/nuclei/issues/6403) + +2. **Study Honeypots**: + - Learn about common honeypot types + - Understand detection techniques + - Research existing honeypot detection tools + +3. **Explore Codebase**: + - Review Nuclei's target handling + - Understand the scanning pipeline + - Look at result processing code + +4. **Make Contributions**: + - Document honeypot detection approaches + - Create detection templates + - Report false positives from honeypots #### Related Links +- [GitHub Issue #6403](https://github.com/projectdiscovery/nuclei/issues/6403) - [Nuclei GitHub](https://github.com/projectdiscovery/nuclei) -- [Nuclei Documentation](/opensource/nuclei) -- [Template Structure](/templates/structure) --- -### Project 4: Katana JavaScript Rendering Enhancement +### Project 5: Wappalyzer Technology Detection - **Tool**: Katana + **Tool**: Nuclei + **Difficulty**: Easy + **Size**: 175 hours + **Mentors**: To be assigned + **Reference**: [Issue #6336](https://github.com/projectdiscovery/nuclei/issues/6336) + + +#### Description + +Integrate the wappalyzergo library into Nuclei for technology fingerprinting, enabling conditional template execution based on detected technologies. This allows templates to run only when relevant technologies are present, improving scan efficiency and accuracy. + +Currently, Nuclei runs all matching templates regardless of target technology. With Wappalyzer integration, WordPress-specific templates would only run on WordPress sites, reducing noise and improving performance. + +#### Goals & Deliverables + +- **Wappalyzer Integration**: + - Integrate wappalyzergo library + - Technology detection during scanning + - Version detection where possible + - Category-based grouping + +- **Template DSL Extensions**: + - `tech_detected("wordpress")` - check for technology + - `tech_version("php")` - get detected version + - `tech_category("cms")` - check technology category + - Boolean operators for complex conditions + +- **Conditional Execution**: + - Skip templates for non-matching technologies + - Technology-based template chains + - Automatic template selection + - Technology metadata in results + +- **Performance Optimization**: + - Cache detection results per target + - Minimize additional requests + - Efficient fingerprint matching + +- **Documentation**: Usage guide and template examples +- **Testing**: Unit tests for detection and DSL functions + +#### Technical Skills Required + +**Required**: +- Go programming (beginner to intermediate) +- Understanding of HTTP responses +- Basic web technology knowledge +- Familiarity with fingerprinting concepts + +**Preferred**: +- Experience with wappalyzergo or similar +- Knowledge of Nuclei's DSL +- Web application experience +- Regex proficiency + +#### Skills You'll Learn + +- Technology fingerprinting techniques +- Nuclei DSL development +- Library integration in Go +- Performance optimization +- Conditional execution patterns + +#### Getting Started + +1. **Read Documentation**: + - [Nuclei Overview](/opensource/nuclei/overview) + - Review [Issue #6336](https://github.com/projectdiscovery/nuclei/issues/6336) + - [wappalyzergo documentation](https://github.com/projectdiscovery/wappalyzergo) + +2. **Understand Technology Detection**: + - Study how Wappalyzer works + - Learn about fingerprinting techniques + - Test wappalyzergo standalone + +3. **Explore Codebase**: + - Review Nuclei's DSL implementation + - Understand template execution flow + - Look at existing helper functions + +4. **Make Contributions**: + - Write technology-specific templates + - Improve documentation + - Fix beginner-friendly issues + +#### Related Links + +- [GitHub Issue #6336](https://github.com/projectdiscovery/nuclei/issues/6336) +- [Nuclei GitHub](https://github.com/projectdiscovery/nuclei) +- [wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) + +--- + +### Project 6: Complete Auth Support for Protected Targets + + + **Tool**: Nuclei **Difficulty**: Hard **Size**: 350 hours **Mentors**: To be assigned + **Reference**: [Issue #4793](https://github.com/projectdiscovery/nuclei/issues/4793) #### Description -Enhance Katana's JavaScript rendering capabilities to better handle modern web applications, especially single-page applications (SPAs) that heavily rely on JavaScript for content rendering. This project involves implementing advanced browser automation features, improving JavaScript execution detection, and optimizing crawling strategies for dynamic web applications. +Implement comprehensive authentication support in Nuclei for scanning protected targets. This includes static credentials (API keys, tokens), dynamic authentication (login flows, token refresh), and integration with secrets management systems like HashiCorp Vault. -Modern web applications use frameworks like React, Vue, and Angular that render content dynamically. Katana needs sophisticated strategies to properly crawl these applications, detect when JavaScript execution is complete, handle infinite scroll, and efficiently manage headless browser resources. +Many real-world security assessments require scanning authenticated portions of applications. This project will enable Nuclei to handle various authentication mechanisms, from simple API keys to complex OAuth flows with token refresh. #### Goals & Deliverables -- **Advanced JS Detection**: Implement intelligent detection of: - - When JavaScript execution is complete - - Dynamic content loading (AJAX, fetch) - - Infinite scroll and lazy loading - - WebSocket connections - - Service worker activity - -- **SPA Crawling Strategies**: Develop specialized approaches for: - - React/Vue/Angular applications - - Client-side routing detection - - State management analysis - - Virtual DOM interactions - -- **Resource Optimization**: Optimize headless browser usage: - - Connection pooling and reuse - - Resource blocking (ads, trackers) - - Memory management - - Parallel execution strategies - -- **Configuration System**: Extensible configuration for: - - Wait strategies (network idle, DOM stable, custom) - - Timeout management - - Browser flags and options - - JavaScript injection hooks - -- **Comprehensive Testing**: Test suite covering: - - Various SPA frameworks - - Real-world web applications - - Edge cases and error handling - -- **Performance Benchmarks**: Measure and optimize: - - Crawl speed improvements - - Resource usage - - Accuracy of content discovery +- **Static Authentication**: + - Per-target credential configuration + - API key injection (header, query, body) + - Bearer token support + - Basic/Digest authentication + - Custom header authentication + +- **Dynamic Authentication**: + - Login flow templates + - Token extraction and reuse + - Automatic token refresh + - Session cookie management + - OAuth2 flow support + +- **Secrets Management Integration**: + - HashiCorp Vault integration + - 1Password integration + - Environment variable support + - Encrypted credential storage + - Credential rotation handling + +- **Configuration**: + - Per-host credential mapping + - Credential scope (template/global) + - Credential priority rules + - Secure credential storage + +- **Documentation**: Configuration guides and examples +- **Testing**: Security tests for credential handling #### Technical Skills Required **Required**: - Strong Go programming skills -- Experience with browser automation (Puppeteer, Playwright, or similar) -- Deep understanding of web technologies (HTML, CSS, JavaScript) -- Knowledge of how modern web frameworks work (React, Vue, Angular) -- Concurrent programming experience +- Deep understanding of authentication mechanisms +- Security-conscious development practices +- API design experience **Preferred**: -- Experience with headless browser libraries -- Performance optimization at scale -- Understanding of web application architecture -- Network protocol knowledge (HTTP/2, WebSocket) +- Experience with OAuth2/OIDC +- Knowledge of secrets management tools +- Familiarity with Nuclei internals +- Enterprise security experience #### Skills You'll Learn -- Web crawling architectures and algorithms -- Browser automation internals -- Modern web application frameworks -- Performance optimization for I/O-bound systems -- Concurrent programming patterns in Go -- Strategies for handling dynamic content +- Authentication protocol implementation +- Secrets management integration +- Secure credential handling +- Nuclei's request pipeline +- Enterprise security patterns #### Getting Started 1. **Read Documentation**: - - [Katana Overview](/opensource/katana/overview) - - [Katana Usage](/opensource/katana/usage) + - [Nuclei Overview](/opensource/nuclei/overview) + - Review [Issue #4793](https://github.com/projectdiscovery/nuclei/issues/4793) + +2. **Study Authentication**: + - Learn about various auth mechanisms + - Understand OAuth2 flows + - Study secrets management systems -2. **Experiment with Katana**: - - Crawl various types of websites - - Test on modern SPAs (try popular web apps) - - Identify current limitations with JS rendering +3. **Explore Codebase**: + - Review Nuclei's HTTP request handling + - Understand current auth support + - Look at configuration systems -3. **Study Modern Web Apps**: - - Analyze how React/Vue/Angular apps work - - Understand client-side routing - - Learn about dynamic content loading patterns +4. **Make Contributions**: + - Improve existing auth documentation + - Fix auth-related issues + - Write authenticated templates -4. **Analyze Codebase**: - - Review Katana's current JS rendering implementation - - Study browser automation integration - - Identify areas for improvement +#### Related Links -5. **Make Contributions**: - - Report bugs or suggest improvements - - Fix documentation - - Add test cases +- [GitHub Issue #4793](https://github.com/projectdiscovery/nuclei/issues/4793) +- [Nuclei GitHub](https://github.com/projectdiscovery/nuclei) +- [HashiCorp Vault](https://www.vaultproject.io/) + +--- + +### Project 7: Nuclei SDK & Concurrency Improvements + + + **Tool**: Nuclei + **Difficulty**: Medium + **Size**: 175 hours + **Mentors**: To be assigned + **Reference**: [Issue #5651](https://github.com/projectdiscovery/nuclei/issues/5651) + [PR #6322](https://github.com/projectdiscovery/nuclei/pull/6322) + + +#### Description + +Improve Nuclei's SDK to support better concurrency, per-execution callbacks, and reliable engine reuse. This enables developers building on Nuclei to run multiple scan engines concurrently, receive real-time results, and avoid memory leaks when reusing engines. + +As Nuclei is increasingly used as a library, the SDK needs improvements for production use cases. This project focuses on making Nuclei reliable and efficient when embedded in other applications. + +#### Goals & Deliverables + +- **Concurrency Support**: + - Multiple concurrent Nuclei engines in same process + - Thread-safe template parsing + - Isolated scan contexts + - Resource sharing optimization + +- **Callback System**: + - Per-execution result callbacks + - Progress callbacks + - Error callbacks + - Streaming results support + +- **Memory Management**: + - Fix memory leaks on engine reuse + - Proper resource cleanup + - Connection pool management + - Template cache optimization + +- **SDK Improvements**: + - Better error handling + - Context cancellation support + - Configuration validation + - API documentation + +- **Documentation**: SDK usage guide with examples +- **Testing**: Concurrent execution tests, leak detection + +#### Technical Skills Required + +**Required**: +- Strong Go programming skills +- Concurrent programming experience +- Memory management understanding +- API design skills + +**Preferred**: +- Experience with Go profiling tools +- Library/SDK development experience +- Familiarity with Nuclei codebase +- Testing concurrent systems + +#### Skills You'll Learn + +- Go concurrency patterns +- Memory profiling and leak detection +- SDK/library design +- Nuclei internals +- Building reusable components + +#### Getting Started + +1. **Read Documentation**: + - [Nuclei Overview](/opensource/nuclei/overview) + - Review [Issue #5651](https://github.com/projectdiscovery/nuclei/issues/5651) + - Review [PR #6322](https://github.com/projectdiscovery/nuclei/pull/6322) + +2. **Understand Current SDK**: + - Use Nuclei as a library + - Identify current limitations + - Test concurrent execution + +3. **Explore Codebase**: + - Review SDK implementation + - Understand engine lifecycle + - Identify shared state + +4. **Make Contributions**: + - Fix SDK-related issues + - Add SDK tests + - Improve documentation #### Related Links -- [Katana GitHub](https://github.com/projectdiscovery/katana) -- [Katana Documentation](/opensource/katana) +- [GitHub Issue #5651](https://github.com/projectdiscovery/nuclei/issues/5651) +- [Related PR #6322](https://github.com/projectdiscovery/nuclei/pull/6322) +- [Nuclei GitHub](https://github.com/projectdiscovery/nuclei) --- -### Project 5: httpx Response Analysis Framework +### Project 8: Browser TLS Fingerprint Impersonation **Tool**: httpx - **Difficulty**: Easy-Medium - **Size**: 175 hours + **Difficulty**: Hard + **Size**: 350 hours **Mentors**: To be assigned + **Reference**: [Issue #2044](https://github.com/projectdiscovery/httpx/issues/2044) #### Description -Create an extensible plugin framework for analyzing HTTP responses beyond basic status codes and headers. This project will enable users to build custom analyzers for response content, implement advanced pattern matching, improve technology detection, and extend httpx's capabilities through a clean plugin architecture. +Implement browser TLS fingerprint impersonation in httpx to bypass WAF and bot detection systems that fingerprint TLS connections. This includes JA3/JA4 fingerprint spoofing and HTTP/2 fingerprinting to make httpx requests appear as legitimate browser traffic. -Currently, httpx provides excellent HTTP probing capabilities but has limited built-in response analysis. This framework will allow users to easily add custom analyzers for their specific needs, from detecting custom technologies to analyzing response patterns for security issues. +Modern bot detection systems fingerprint TLS handshakes (JA3/JA4) and HTTP/2 settings to distinguish automated tools from real browsers. This project will allow httpx to impersonate Chrome, Firefox, Safari, and Edge fingerprints. #### Goals & Deliverables -- **Plugin Architecture**: Design and implement: - - Clean plugin interface for analyzers - - Plugin discovery and loading system - - Configuration management - - Result aggregation and reporting - -- **Built-in Analyzers** (implement 3-5): - - Advanced technology detection (frameworks, CMS, libraries) - - Content pattern matcher (regex-based analysis) - - Security header analyzer (missing/misconfigured headers) - - API endpoint detector (REST/GraphQL patterns) - - Error message analyzer (debug info leakage) - -- **Developer Tools**: - - Plugin template/boilerplate generator - - Testing framework for analyzers - - Documentation generator - - Example plugins - -- **Documentation**: - - Plugin development guide - - API reference - - Example use cases - - Migration guide for existing users - -- **Performance**: - - Benchmark framework for analyzers - - Optimization for large-scale scanning - - Parallel execution support - -- **Testing**: Comprehensive test suite with 80%+ coverage +- **TLS Fingerprint Impersonation**: + - JA3 fingerprint spoofing + - JA4 fingerprint spoofing + - Cipher suite ordering + - TLS extension configuration + - ALPN protocol ordering + +- **Browser Profiles**: + - Chrome (multiple versions) + - Firefox (multiple versions) + - Safari + - Edge + - Custom profile support + +- **HTTP/2 Fingerprinting**: + - SETTINGS frame configuration + - Header priority ordering + - Window update behavior + - Stream handling patterns + +- **CLI Integration**: + - Browser profile selection flag + - Custom fingerprint configuration + - Fingerprint randomization option + - Profile listing and info + +- **Documentation**: Usage guide and profile documentation +- **Testing**: Fingerprint verification tests #### Technical Skills Required **Required**: -- Go programming experience (intermediate level) -- Understanding of HTTP protocol and headers -- Experience with regex and pattern matching -- Software architecture and design patterns +- Strong Go programming skills +- Deep understanding of TLS protocol +- HTTP/2 protocol knowledge +- Network programming experience **Preferred**: -- Plugin architecture design experience -- Web technology fingerprinting knowledge -- API design experience -- Experience with similar tools (httpx, curl, etc.) +- Experience with TLS fingerprinting +- Knowledge of bot detection systems +- Low-level networking experience +- Familiarity with httpx codebase #### Skills You'll Learn -- Plugin architecture design in Go -- HTTP response analysis techniques -- Web technology fingerprinting -- Building extensible systems -- API design for third-party developers -- Performance optimization for network tools +- TLS protocol internals +- Browser fingerprinting techniques +- HTTP/2 protocol details +- Bot detection evasion (for legitimate testing) +- Low-level Go networking #### Getting Started 1. **Read Documentation**: - [httpx Overview](/opensource/httpx/overview) - - [httpx Usage](/opensource/httpx/usage) - -2. **Experiment with httpx**: - - Run httpx against various websites - - Analyze different response types - - Understand current capabilities and limitations + - Review [Issue #2044](https://github.com/projectdiscovery/httpx/issues/2044) -3. **Research Existing Solutions**: - - Study how other tools implement plugins - - Look at Go plugin systems - - Identify common patterns +2. **Study TLS Fingerprinting**: + - Learn about JA3/JA4 fingerprints + - Understand how fingerprinting works + - Study browser TLS configurations -4. **Explore Codebase**: - - Review httpx's response handling code - - Understand the current architecture - - Identify integration points for plugins +3. **Explore Codebase**: + - Review httpx's TLS configuration + - Understand HTTP client setup + - Look at existing connection handling -5. **Make Contributions**: - - Fix bugs or documentation issues - - Add feature suggestions - - Implement small improvements +4. **Make Contributions**: + - Fix httpx issues + - Improve documentation + - Add tests #### Related Links +- [GitHub Issue #2044](https://github.com/projectdiscovery/httpx/issues/2044) - [httpx GitHub](https://github.com/projectdiscovery/httpx) -- [httpx Documentation](/opensource/httpx) +- [JA3 Fingerprinting](https://github.com/salesforce/ja3) --- @@ -578,18 +844,18 @@ Have your own idea for improving ProjectDiscovery's tools? We welcome custom pro ### Good Custom Project Ideas -✅ New features for existing tools -✅ Performance improvements with measurable impact -✅ Integration between ProjectDiscovery tools -✅ Developer experience improvements -✅ Testing or CI/CD infrastructure +- New features for existing tools +- Performance improvements with measurable impact +- Integration between ProjectDiscovery tools +- Developer experience improvements +- Testing or CI/CD infrastructure ### Ideas to Avoid -❌ Complete rewrites of existing tools -❌ Projects requiring proprietary APIs -❌ Research-only projects without code deliverables -❌ Projects outside security/scanning domain +- Complete rewrites of existing tools +- Projects requiring proprietary APIs +- Research-only projects without code deliverables +- Projects outside security/scanning domain ### How to Propose @@ -645,5 +911,3 @@ Ready to apply for one of these projects? Have questions about any project? Join our [Discord community](https://discord.com/invite/projectdiscovery) and ask in the #gsoc channel. Mentors are available to help you understand projects and choose the right one! - -Good luck choosing your project! 🚀 From d1d8fc7e6fb9a403583da463575d9c0e2a4503b3 Mon Sep 17 00:00:00 2001 From: knakul853 Date: Fri, 23 Jan 2026 17:15:23 +0530 Subject: [PATCH 5/5] fix: remove already implemted idea lists --- opensource/gsoc/2026/project-ideas.mdx | 116 ++----------------------- 1 file changed, 9 insertions(+), 107 deletions(-) diff --git a/opensource/gsoc/2026/project-ideas.mdx b/opensource/gsoc/2026/project-ideas.mdx index 307b2f81..e710deea 100644 --- a/opensource/gsoc/2026/project-ideas.mdx +++ b/opensource/gsoc/2026/project-ideas.mdx @@ -36,9 +36,9 @@ Our projects span different difficulty levels and time commitments: | Category | Projects | |----------|----------| -| **Beginner-Friendly** | Project 5 (Wappalyzer Detection) | -| **Intermediate** | Projects 2, 3, 4, 7 (GraphQL, XSS Analyzer, Honeypot, SDK) | -| **Advanced** | Projects 1, 6, 8 (DAST Engine, Auth Support, TLS Fingerprinting) | +| **Beginner-Friendly** | Project 4 (Wappalyzer Detection) | +| **Intermediate** | Projects 2, 3, 6 (XSS Analyzer, Honeypot, SDK) | +| **Advanced** | Projects 1, 5, 7 (DAST Engine, Auth Support, TLS Fingerprinting) | ## Available Projects @@ -148,105 +148,7 @@ Currently, Nuclei excels at stateless vulnerability detection but struggles with --- -### Project 2: GraphQL Fuzzing Support - - - **Tool**: Nuclei - **Difficulty**: Medium - **Size**: 350 hours - **Mentors**: To be assigned - **Reference**: [Issue #5717](https://github.com/projectdiscovery/nuclei/issues/5717) - - -#### Description - -Implement comprehensive GraphQL security testing capabilities in Nuclei, including schema introspection, field-level injection testing, and GraphQL-specific attack patterns. GraphQL APIs are increasingly common but have unique security considerations that differ from REST APIs. - -Many organizations are adopting GraphQL, but security testing tools haven't kept pace. This project will add native GraphQL support to Nuclei, enabling security professionals to test GraphQL endpoints with the same ease as HTTP endpoints. - -#### Goals & Deliverables - -- **Schema Discovery**: - - GraphQL introspection query support - - Schema parsing and analysis - - Type and field enumeration - - Deprecated field detection - -- **Injection Testing**: - - Field-level SQL injection testing - - NoSQL injection in resolvers - - IDOR through object references - - Input validation bypass - -- **GraphQL-Specific Attacks**: - - Query depth attacks (DoS) - - Batch query attacks - - Alias-based rate limit bypass - - Field duplication attacks - - Circular fragment attacks - -- **Template DSL Extensions**: - - GraphQL query builders - - Schema-aware payload generation - - Response parsing helpers - - Mutation testing support - -- **Built-in Templates**: Security templates for common GraphQL vulnerabilities -- **Documentation**: Usage guides and template examples - -#### Technical Skills Required - -**Required**: -- Go programming (intermediate level) -- Strong understanding of GraphQL specification -- HTTP protocol knowledge -- Experience with API security testing - -**Preferred**: -- GraphQL server implementation experience -- Knowledge of common GraphQL vulnerabilities -- Familiarity with Nuclei templates -- Experience with other GraphQL security tools - -#### Skills You'll Learn - -- GraphQL protocol internals -- API security testing methodologies -- Nuclei template DSL development -- Security scanner architecture -- Building protocol-specific testing modules - -#### Getting Started - -1. **Read Documentation**: - - [Nuclei Overview](/opensource/nuclei/overview) - - [GraphQL Specification](https://graphql.org/learn/) - - Review [Issue #5717](https://github.com/projectdiscovery/nuclei/issues/5717) - -2. **Learn GraphQL Security**: - - Study common GraphQL vulnerabilities - - Practice with vulnerable GraphQL apps (DVGA, etc.) - - Understand introspection and schema analysis - -3. **Explore Nuclei Codebase**: - - Review protocol implementations (HTTP, DNS, etc.) - - Understand how new protocols are added - - Look at existing request/response handling - -4. **Make Contributions**: - - Fix issues in Nuclei - - Write GraphQL security templates (manual for now) - - Document GraphQL testing approaches - -#### Related Links - -- [GitHub Issue #5717](https://github.com/projectdiscovery/nuclei/issues/5717) -- [Nuclei GitHub](https://github.com/projectdiscovery/nuclei) -- [GraphQL Security Resources](https://graphql.org/learn/best-practices/) - ---- - -### Project 3: XSS Context Analyzer +### Project 2: XSS Context Analyzer **Tool**: Nuclei @@ -344,7 +246,7 @@ Current XSS testing often relies on large payload lists that may not work in spe --- -### Project 4: Honeypot Detection System +### Project 3: Honeypot Detection System **Tool**: Nuclei @@ -440,7 +342,7 @@ Honeypots can skew scan results and waste time during security assessments. This --- -### Project 5: Wappalyzer Technology Detection +### Project 4: Wappalyzer Technology Detection **Tool**: Nuclei @@ -536,7 +438,7 @@ Currently, Nuclei runs all matching templates regardless of target technology. W --- -### Project 6: Complete Auth Support for Protected Targets +### Project 5: Complete Auth Support for Protected Targets **Tool**: Nuclei @@ -635,7 +537,7 @@ Many real-world security assessments require scanning authenticated portions of --- -### Project 7: Nuclei SDK & Concurrency Improvements +### Project 6: Nuclei SDK & Concurrency Improvements **Tool**: Nuclei @@ -732,7 +634,7 @@ As Nuclei is increasingly used as a library, the SDK needs improvements for prod --- -### Project 8: Browser TLS Fingerprint Impersonation +### Project 7: Browser TLS Fingerprint Impersonation **Tool**: httpx