Google SoC Winners for Nmap

[Fyodor <fyodor () insecure org>]

Hello everyone,

I am delighted to announce that Google has agreed to sponsor 10 Summer
Nmap developers as part of their 2006 Summer of Code program.
Considering that there were more than 100 good applications, these
winners demonstrated an impressive level of creativity and skill,
proposing projects which will greatly improve Nmap.  Their work will
be done in the open on the nmap-dev mailing list, where the whole Nmap
community is invited to watch their progress and contribute ideas,
help with testing, etc.  Help is especially appreciated since these
guys have some very ambitious projects to finish by August 21!  Please
join me in congratulating these talented students:

o One of the most ambitious projects is adding scripting support to
  Nmap.  Imagine if you could easily extend Nmap with a 10 line script
  to perform further discovery such as testing whether a service is an
  open proxy or maybe looking up extra information such as whois
  contact or AS number for target IPs.  Trinity could write an SSH
  CRC32 exploit so she never needs to leave Nmap when hacking the
  Matrix.  One of the biggest challenges is ensuring the high
  performance you expect from Nmap through parallel operation.  Diman
  Todorov has stepped up to the plate with a proposal for embedding
  the extensible LUA language within Nmap.  The project requirements
  document (PRD) for this project is at
  http://insecure.org/nmap/SoC/Scripting.html .  Diman recently
  graduated from the Technical University of Vienna in Austria and is
  now studying there toward a master's degree in Computational
  Intelligence.

o Some of you remember Doug Hoyte from last year's SoC program.
  He tripled the size of the version detection database and added
  significant new functionality to the system.  We are fortunate to
  have him back in what may be his last summer as a student.  The SoC
  program hasn't even officially started yet and he has already sent
  in a bunch of patches that you'll find in the next version of Nmap.
  Doug is a senior studying Computer Science at UBC-Okanagan in Canada.

o Adam Vartanian will be a "feature creeper", working on smaller
  projects throughout the Nmap codebase rather than one specific area.
  Examples might be adding parallel traceroute support to Nmap and
  adding support so people can specify a fixed packet sending rate
  (such as 50pps) for their scans.  Adam is studying toward a master's
  degree in Computer Science (Computer Security Track) at Columbia
  University in New York.  He has created several open source tools,
  including EclipsFE (http://gemstone.flooey.org/eclipsefe/)

o Paul DeGrandis is another "feature creeper".  He may work on writing
  a general scanning engine for abusing applications (SOCKS/http
  proxies, ftp servers, maybe Tor, etc.) for port scanning purposes,
  and also developing new version detection probes for services we
  aren't yet able to identify.  Paul is pursuing a dual BS/MS degree
  in software engineering from Drexel University in Philadelphia.
  Paul was project manager of the CollegeLinux distribution, and also
  worked on the open source GamesExtract, NDIS Wrapper, and Racer
  projects.

o Adriano Monteiro Marques was a SoC student last summer working on an
  advanced portable Nmap GUI and results viewer in PyGTK.  The result,
  UMIT, is now available for download at http://umit.sourceforge.net .
  He is quitting his current summer job to join us again and make even
  more improvements to UMIT.  The ultimate goal is for UMIT to replace
  NmapFE as the default GUI for Nmap on all platforms.  Obviously it
  isn't going to "replace" the command-line interface we all love.
  But once UMIT comes with Nmap, I hope to never again receive emails
  from confused Windows users saying "I clicked on Nmap.exe and some
  crazy black box appeared with some text, then disappeared
  again. WTF?!"  The PRD for this advanced results viewer project is
  at http://insecure.org/nmap/SoC/NmapFE.html .  Adrian is graduating
  this year from the Universidade Estadual de Goias in Brazil.

o Marek Majkowski has a passion for software quality and speed, so he
  will be working to make Nmap faster and improve the code base by
  eliminating dead code and such.  He has already started his
  profiling and valgrinding, and his application included a patch
  which rewrites the PortList class to use much less CPU time.  It has
  been integrated for the next version of Nmap, due out within a
  week.  He is a senior studying Robotics and Multi-Agent Systems at
  the Polish-Japanese Institute of Information in Warsaw.

o Edward Bell rounds out the feature creeper group with his extensive
  system programming and design skills.  He may write an application
  for comparing XML Nmap result files so you can see exactly what
  changed (newly open ports, machines gone offline, etc.)  He may also
  add a --reason feature to Nmap so you can see exactly why Nmap
  described a port as it did.  For example, a SYN scan will report
  "filtered" if an ICMP error is received or if there was no response
  at all.  But sometimes it is valuable to differentiate those cases.
  Edward is a junior studying Computer Science at Lancaster University
  in England.

o If Nmap is going to be called the Network Mapper, maybe it should
  actually generate a map of your network.  Cole Nevins is
  resolving that deficiency by creating an application which generates
  useful (and pretty!) network diagrams from Nmap XML output.  You can
  see some eye candy from his application and some similar programs in
  the PRD at http://insecure.org/nmap/SoC/NmapDiag.html .  Cole just
  Graduated on May 14 from Gonzaga University with a BS in Computer
  Science.  In the Fall he begins studying toward a master's degree in
  Computer Science (emphasis on Human-Computer Interaction) at
  Washington State University.

o Zhao Lei was a SoC student last year who helped design and implement
  a 2nd generation OS fingerprinting system for Nmap.  We have
  continued to work and improve on it since then.  I am pleased today
  to release a paper I wrote documenting the new system at
  http://insecure.org/nmap/osdetect/ .  As you can see, there are many
  great changes which will make the system even more valuable.  Now we
  just need to get it into Nmap proper, determine how the migration
  from the legacy system will work, and develop a new OS database from
  scratch.  Zhao is the best man to help with that.  He is a
  master's student studying Software Engineering at Tsinghua
  University in Beijing.

o Julien Delange is developing another cool project: A web hosted
  version of Nmap. It allows you to log in to schedule scans and have
  the results displayed in XHTML or emailed to you as soon as they
  finish.  You can also schedule repeating scans to notify you if
  anything changes.  This system will also be useful for scanning
  yourself from the outside to ensure your firewall is doing its job.
  I'd like to host this myself as a public service, though I'll have
  to see what my ISP thinks about the extra scanning activity and
  bandwidth.  Obviously security is a huge concern, and the app also
  supports privilege levels so you can restrict untrusted users from
  conducting intrusive scans across the whole Internet.  The PRD is
  available at http://insecure.org/nmap/SoC/HostedScan.html .  He
  plans to graduate with a master's degree this year from the
  University of Jussieu in Paris.  Julien is the co-founder and
  administrator of the free open source hosting service Tuxfamily.org,
  and also maintains several open source packages for Debian.

Congratulations once again to these guys.  After reading this, you can
tell why I'm so excited.  I'd also like to thank everyone who applied.
There were (as always) many more deserving applications than there
were stipends available.  I'm sorry you'll have to spend this summer
having fun on beaches and vacations while we're spending all our
waking hours in front of a screen :).  But seriously, while Google
decides how many stipends we may give out, we always welcome
development help and ideas from anybody on the dev list.  Most other
projects do too.  Anyway, I'm looking forward to a great summer
working with these guys, and I hope everyone here enjoys the new
features when they come out.

I would also like to thank Google, who sponsored 636 developers for
about 100 open source projects.  That is 50% more than last year, and
represents an investment of over $3,000,000.

Cheers,
Fyodor



_______________________________________________
Sent through the nmap-hackers mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-hackers