Nmap Announce mailing list archives
Google SoC Winners for Nmap
From: Fyodor <fyodor () insecure org>
Date: Wed, 24 May 2006 11:48:17 -0700
Hello everyone, I am delighted to announce that Google has agreed to sponsor 10 Summer Nmap developers as part of their 2006 Summer of Code program. Considering that there were more than 100 good applications, these winners demonstrated an impressive level of creativity and skill, proposing projects which will greatly improve Nmap. Their work will be done in the open on the nmap-dev mailing list, where the whole Nmap community is invited to watch their progress and contribute ideas, help with testing, etc. Help is especially appreciated since these guys have some very ambitious projects to finish by August 21! Please join me in congratulating these talented students: o One of the most ambitious projects is adding scripting support to Nmap. Imagine if you could easily extend Nmap with a 10 line script to perform further discovery such as testing whether a service is an open proxy or maybe looking up extra information such as whois contact or AS number for target IPs. Trinity could write an SSH CRC32 exploit so she never needs to leave Nmap when hacking the Matrix. One of the biggest challenges is ensuring the high performance you expect from Nmap through parallel operation. Diman Todorov has stepped up to the plate with a proposal for embedding the extensible LUA language within Nmap. The project requirements document (PRD) for this project is at http://insecure.org/nmap/SoC/Scripting.html . Diman recently graduated from the Technical University of Vienna in Austria and is now studying there toward a master's degree in Computational Intelligence. o Some of you remember Doug Hoyte from last year's SoC program. He tripled the size of the version detection database and added significant new functionality to the system. We are fortunate to have him back in what may be his last summer as a student. The SoC program hasn't even officially started yet and he has already sent in a bunch of patches that you'll find in the next version of Nmap. Doug is a senior studying Computer Science at UBC-Okanagan in Canada. o Adam Vartanian will be a "feature creeper", working on smaller projects throughout the Nmap codebase rather than one specific area. Examples might be adding parallel traceroute support to Nmap and adding support so people can specify a fixed packet sending rate (such as 50pps) for their scans. Adam is studying toward a master's degree in Computer Science (Computer Security Track) at Columbia University in New York. He has created several open source tools, including EclipsFE (http://gemstone.flooey.org/eclipsefe/) o Paul DeGrandis is another "feature creeper". He may work on writing a general scanning engine for abusing applications (SOCKS/http proxies, ftp servers, maybe Tor, etc.) for port scanning purposes, and also developing new version detection probes for services we aren't yet able to identify. Paul is pursuing a dual BS/MS degree in software engineering from Drexel University in Philadelphia. Paul was project manager of the CollegeLinux distribution, and also worked on the open source GamesExtract, NDIS Wrapper, and Racer projects. o Adriano Monteiro Marques was a SoC student last summer working on an advanced portable Nmap GUI and results viewer in PyGTK. The result, UMIT, is now available for download at http://umit.sourceforge.net . He is quitting his current summer job to join us again and make even more improvements to UMIT. The ultimate goal is for UMIT to replace NmapFE as the default GUI for Nmap on all platforms. Obviously it isn't going to "replace" the command-line interface we all love. But once UMIT comes with Nmap, I hope to never again receive emails from confused Windows users saying "I clicked on Nmap.exe and some crazy black box appeared with some text, then disappeared again. WTF?!" The PRD for this advanced results viewer project is at http://insecure.org/nmap/SoC/NmapFE.html . Adrian is graduating this year from the Universidade Estadual de Goias in Brazil. o Marek Majkowski has a passion for software quality and speed, so he will be working to make Nmap faster and improve the code base by eliminating dead code and such. He has already started his profiling and valgrinding, and his application included a patch which rewrites the PortList class to use much less CPU time. It has been integrated for the next version of Nmap, due out within a week. He is a senior studying Robotics and Multi-Agent Systems at the Polish-Japanese Institute of Information in Warsaw. o Edward Bell rounds out the feature creeper group with his extensive system programming and design skills. He may write an application for comparing XML Nmap result files so you can see exactly what changed (newly open ports, machines gone offline, etc.) He may also add a --reason feature to Nmap so you can see exactly why Nmap described a port as it did. For example, a SYN scan will report "filtered" if an ICMP error is received or if there was no response at all. But sometimes it is valuable to differentiate those cases. Edward is a junior studying Computer Science at Lancaster University in England. o If Nmap is going to be called the Network Mapper, maybe it should actually generate a map of your network. Cole Nevins is resolving that deficiency by creating an application which generates useful (and pretty!) network diagrams from Nmap XML output. You can see some eye candy from his application and some similar programs in the PRD at http://insecure.org/nmap/SoC/NmapDiag.html . Cole just Graduated on May 14 from Gonzaga University with a BS in Computer Science. In the Fall he begins studying toward a master's degree in Computer Science (emphasis on Human-Computer Interaction) at Washington State University. o Zhao Lei was a SoC student last year who helped design and implement a 2nd generation OS fingerprinting system for Nmap. We have continued to work and improve on it since then. I am pleased today to release a paper I wrote documenting the new system at http://insecure.org/nmap/osdetect/ . As you can see, there are many great changes which will make the system even more valuable. Now we just need to get it into Nmap proper, determine how the migration from the legacy system will work, and develop a new OS database from scratch. Zhao is the best man to help with that. He is a master's student studying Software Engineering at Tsinghua University in Beijing. o Julien Delange is developing another cool project: A web hosted version of Nmap. It allows you to log in to schedule scans and have the results displayed in XHTML or emailed to you as soon as they finish. You can also schedule repeating scans to notify you if anything changes. This system will also be useful for scanning yourself from the outside to ensure your firewall is doing its job. I'd like to host this myself as a public service, though I'll have to see what my ISP thinks about the extra scanning activity and bandwidth. Obviously security is a huge concern, and the app also supports privilege levels so you can restrict untrusted users from conducting intrusive scans across the whole Internet. The PRD is available at http://insecure.org/nmap/SoC/HostedScan.html . He plans to graduate with a master's degree this year from the University of Jussieu in Paris. Julien is the co-founder and administrator of the free open source hosting service Tuxfamily.org, and also maintains several open source packages for Debian. Congratulations once again to these guys. After reading this, you can tell why I'm so excited. I'd also like to thank everyone who applied. There were (as always) many more deserving applications than there were stipends available. I'm sorry you'll have to spend this summer having fun on beaches and vacations while we're spending all our waking hours in front of a screen :). But seriously, while Google decides how many stipends we may give out, we always welcome development help and ideas from anybody on the dev list. Most other projects do too. Anyway, I'm looking forward to a great summer working with these guys, and I hope everyone here enjoys the new features when they come out. I would also like to thank Google, who sponsored 636 developers for about 100 open source projects. That is 50% more than last year, and represents an investment of over $3,000,000. Cheers, Fyodor _______________________________________________ Sent through the nmap-hackers mailing list http://cgi.insecure.org/mailman/listinfo/nmap-hackers
Current thread:
- Google SoC Winners for Nmap Fyodor (May 24)