Nmap Development mailing list archives
Nmap GSoC 2011 Success Report
From: Fyodor <fyodor () insecure org>
Date: Fri, 9 Mar 2012 14:54:18 -0800
Hi Folks. I'm happy to report that our 7th Google Summer of Code (2011) was a great success! We had 7 students, and they all passed! They wrote copious amounts of good code too, and pretty much all of it is now integrated in today's release of Nmap 5.61TEST5 (http://seclists.org/nmap-hackers/2012/0). I'd like to give a big shout out to these folks for doing such a wonderful job! Let's look at their accomplishments individually: *Colin Rice* was a free range fixer and bug hunter, resolving issues all over the Nmap codebase. He made fixes to Nmap, Ncat, Nping, and Zenmap. He also made some IPv6 improvements, including making the --exclude and --excludefile options suppport IPv6 netmasks. *Djalal Harouni* has been a long-time Nmap contributor and did a super job in his second Nmap SoC. His focus was on Nmap NSE (http://nmap.org/book/nse.html), with a particular emphasis on vulnerability detection scripts. Not only did he write many of those, he created a whole new framework for vulnerability detection in Nmap (the vulns library). *Gorjan Petrovski* was focused on NSE script writing and he did that with aplomb. He wrote 10 scripts, including IP geolocation, bittorrent discovery, and Link Layer Topology Discovery scripts. He also wrote mac-geolocation which would query Google for the exact street address of wireless access points worldwide based on their MAC (BSSID) address. Apparently Google wasn't comfortable with giving out this much information, and they disable the service. *Luis MartinGarcia* came back as a third time Nmap SoC student and performed some phenomenal work. He spent the whole summer working with David on IPv6 OS detection, and you now see the results with a command like "nmap -6 -O scanme.nmap.org". The new system is even more advanced than our IPv4 system (it uses machine learning rather than our hand-edited IPv4 fingerprints) and it benefits from the extensive empirical research Luis did to discover which IPv6 protocol tests are valuable and which ones are a waste of time to implement. *Paulino Calderon* was our third NSE guy, and his focus was on Nmap's web scanning capability. The Internet coninues to grow more and more web-centric, and Nmap needs to shift with it. Paulino wrote 12 scripts, including some clever ones for web application firewall detection, querying Google's malware/phishing DBs, and auditing Wordpress blogs. He also added many hundreds of signatures to our HTTP enumeration scripts for finding common web applications. Finally, he wrote a proof of concept for our current HTTP crawling/spidering system. *Shinnok* was our second overall feature creeper and bug hunter. Here are some of his top improvements from the summer: o Created a protable version of ncat.exe that you can just drop onto an MS Windows system without having to run any installer or copy extra library files. See http://nmap.org/ncat/. o Nmap now defers options parsing until it has read through all the command line arguments. This removes the few remaining cases where option order mattered (for example, IPv6 users previously had to specify -6 before -S). o Ncat no longer blocks while an ssl handshake is taking place or waiting to complete. This could make listening Ncat instances unavailable to other clients because one client was taking too long to complete the SSL handshake. Our public Ncat chat server is now much more reliable (connect with: ncat --ssl -v chat.nmap.org). *Xu Weilin* focused on IPv6 with David this summer, with a particular emphasis on advanced IPv6 host discovery. I actually had no idea that a printer on my network was listening on IPv6 until I found it using one of his discovery techniques. To find and list the IPv6 systems on your local network, try this command with Nmap 5.61TEST5: nmap -v -n -sn --script targets-ipv6-\* In addition to my shout out to the students, I'd like to thank my fellow mentors David Fifield and Patrick Donnelly for supporting these efforts and always being there to help. Needless to say, we have applied again to participate in GSoC! We've done it every year since Google started the program in 2005, and it has brought us a ton of great features and (even more importantly) developers. Many of Nmap's current top contributors started out as SoC students. Last year, all of our mentors except myself were former SoC students. Cheers, Fyodor PS: For those who are interested, here are our previous success (pass) rates and wrap-up reports: 2010 (8/8 - 100%!): http://seclists.org/nmap-dev/2011/q1/708 2009 (6/6 - 100%!): http://seclists.org/nmap-dev/2009/q4/148 2008 (6/7 - 86%): http://google-opensource.blogspot.com/2008/11/nmaps-fourth-gsoc-success-stories-and.html 2007 (5/6 - 83%): http://seclists.org/nmap-dev/2007/q4/24 2006 (8/10 - 80%): http://seclists.org/nmap-dev/2007/q1/235 2005 (7/10 - 70%): http://slashdot.org/comments.pl?sid=183143&cid=15133184 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Nmap GSoC 2011 Success Report Fyodor (Mar 09)
- Re: Nmap GSoC 2011 Success Report Fyodor (Mar 09)
- Re: Nmap GSoC 2011 Success Report Djalal Harouni (Mar 09)
- Re: Nmap GSoC 2011 Success Report Fyodor (Mar 09)