Re: Introducing the 2011 Nmap/Google Summer of Code Team

[Shinnok <admin () shinnok com>]

Hi,

I am honored to be accepted as part of the GSoC team to hack on Nmap to
bring it to new horizons and make it more solid and kick ass of a tool
then ever.

Regards,
Shinnok

On Mon, 25 Apr 2011 15:02:24 -0700, Fyodor <fyodor () insecure org> wrote:
> Hello everyone.  The Nmap Project received a spectacular bunch of
> Summer of Code proposals this year, and I'm happy to report that
> Google has agreed to sponsor seven of them to spend this summer
> enhancing the Nmap Security Scanner!  In previous summers we have
> sponsored students to develop related tools such as Ncat, Nping, and
> Ncrack, but this year we're focused on Nmap proper.  We have three
> students working on the Nmap Scripting Engine, two on IPv6, and two
> general feature creepers and bug wranglers.  I'm delighted to
> introduce the 2011 team!
>
> ==Nmap Scripting Engine==
>
> The Nmap Scripting Engine, first created with GSoC student Diman
> Todorov in 2006, has become one of Nmap's most powerful and popular
> features.  It allows users to write (and share) simple scripts to
> automate a wide variety of networking tasks. We now have almost 200
> scripts, all documented at the NSEDoc Reference Portal
> (http://nmap.org/nsedoc/).  A main focus of previous years has been
> improving the NSE engine and infrastructure, but this year we're going
> all-out with script creation!  We have chosen three SoC students to
> assist with the task:
>
> *Djalal Harouni* was a SoC student last year, and we're delighted to
> have him back!  He previously added important NSE features such as
> prerule/postrule support and the target library (which allows newly
> discovered hosts to be added by NSE scripts to Nmap's scan queue).
> Djalal (AKA tixxdz) also wrote a number of valuable scripts, including
> nfs-ls and nfs-statfs.  This summer he will be focusing on
> vulnerability and exploitation scripts to help administrators discover
> weaknesses in their networks before the bad guys do.  Djalal is
> pursuing a PhD in Computer Science at Mentouri University in
> Constantine, Algeria.  He will be mentored by Henri Doreau, who has
> written many great NSE scripts himself.
>
> *Gorjan Petrovski* will be working on discovery (and miscellaneous)
> NSE scripts.  He is rather new to Nmap and NSE, but has already done
> some great work.  In particular, we have already integrated his
> backorifice-info script, which provides detailed information about any
> discovered instances of the backorifice backdoor.  Gorjan is hoping to
> graduate this year from Ss. Cyril & Methodius University in Skopje,
> Macedonia with a BSc in Computer Systems Engineering and Automation.
> He will be mentored by Lua expert Patrick Donnelly, who was himself a
> GSoC student in '08 and '09.
>
> *Paulino Calderon* will spend the summer improving Nmap's web scanning
> support.  Nmap already offers many http/https scripts, but there is
> much room for improvement.  The web has grown to dominate the
> Internet, so it is critical that Nmap help keep people's web sites
> secure.  Paulino is pursuing a BSc in computer science at Canada's
> University of Victoria.  He has written open source web scanning
> software such as the web discovery tool PHP-spdr, and has also had
> code accepted into the Metasploit framework.  As a penetration tester,
> he has used Nmap extensively.  He will be mentored by Fyodor.
>
> All the NSE students will also have the support of NSE script
> developer Mak Kolybabi as backup mentor.
>
> ==IPv6==
>
> The IANA has run out of IPv4 addresses to allocate and the regional
> registries are expected to deplete their reserves within months. The
> competition for scarce IPv4 addresses is already heating up. Various
> hacky techniques (NAT, SSL SNI, name-based hosting, etc.) have been
> developed to conserve IPv4 addresses, but IPv6 is the only practical
> solution for fundamentally expanding the address space. Nmap was an
> early IPv6 adopter, with initial support added in August 2002. But
> there is a lot more Nmap could do in this regard, and Google has
> sponsored two Summer of Code students to help us get there.  Their
> primary projects will be researching and implementing OS detection and
> advanced host discovery techniques for IPv6.  Nmap co-maintainer and
> IPv6 expert David Fifield will be mentoring both of them:
>
> *Luis MartinGarcia* did a great job implementing the Nping packet
> generation and response analysis tool (http://nmap.org/nping/) as a
> SoC student in 2009 and 2010, and we're happy to have him back this
> year.  He has already been researching IPv6 as a masters/PhD student
> at the Polytechnic University of Madrid, and has come up with some
> great ideas for host discovery.
>
> *Xu Weilin* is an IPv6 expert in China who helped write an open source
> IPv6 NAT project and has already come up with some great IPv6 Nmap OS
> detection ideas.  He is pursuing a BSc in Computer Science at Beijing
> University of Posts and Telecommunications.
>
> ==Feature Creepers and Bug Wranglers==
>
> There are many Nmap bugs and desired features which are quite
> important but take much less than a whole summer to implement. Some
> may only take hours, while others could take weeks or even a
> month. The feature creeper and bug wranglers handle many such tasks
> during the summer. This lets them explore and contribute to a wide
> variety of the Nmap code base rather than spending the whole summer
> working on just one subsystem.  I'm happy to report that we have two
> excellent SoC students (both to be mentored by David Fifield) filling
> those shoes:
>
> *Colin Rice* is an Eagle Scout and National Merit Scholar attending
> Rensselaer Polytechnic Institute in Troy, New York.  He is
> particularly proficient in C++ and Python, which is perfect for Nmap
> and Zenmap work.  His previous work includes a zombie invasion
> simulator, so I'm glad we have him on the team just in case.
>
> *Shinnok* is an experienced open source developer whose recent
> projects include a Netcat GUI (http://shinnok.com/projects.php).  He
> has also discovered numerous vulnerabilities and written quite a few
> exploits.  He is pursuing a BSc in Computer Science at A. I. Cuza
> University in Iasi, Romania.
>
> This is the Nmap Project's seventh year participating in the Google
> Summer of Code.  If you enjoy the Zenmap GUI, Ncat, Ndiff, Nping,
> Ncrack, or the Nmap Scripting Engine, you're using features developed
> in a large part by previous Summer of Code students.  Full-time coding
> starts May 23, but we have already started project brainstorming and
> planning.  Some participants may use this community bonding period to
> get an early start on coding, while others will focus on testing Nmap
> and reading the code and documentation.
>
> Please join us in welcoming this new team of Nmap SoC students!  Most
> of the development will be done on the nmap-dev list, where everybody
> is encouraged to participate in coding, suggesting ideas, testing,
> etc. With a team like this, we can't help but expect great things for
> the summer of 2011!
>
> I'd also like to offer big thanks to Google for putting another six
> million dollars (over all projects) into open source development this
> summer!  You can read about all the other organizations and their
> accepted students from http://bit.ly/gsocall.
>
> Cheers,
> Fyodor
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/

-- 
Shinnok <http://shinnok.com>
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/