Introducing the 2017 Nmap/Google Summer of Code Team!

[Fyodor <fyodor () nmap org>]

Nmap community:

Thanks for all of your applications and referrals of talented students to
the Summer of Code program.  Google has agreed to sponsor four students to
spend this summer enhancing the Nmap Security Scanner and I'm proud to
introduce our 2017 team!  We normally mentor coders working all over the
Nmap/Zenmap/Ncat/Nping spectrum, but this year we're doubling down on the
Nmap Scripting Engine component.  All four of our students will be
enhancing NSE, with some of Nmap's most prolific NSE developers serving as
their mentors.  In fact, all of this year's mentors were previous GSoC
participants (students or mentors) themselves.  Let's see what we can do
for one of Nmap's most flexible and powerful subsystems which already has
nearly 600 scripts and 125 protocol libraries!  Even though our overall
focus will be NSE, we do have some smaller side projects planned which were
too good to pass up.  So, without further ado, here is the team:

*Evangelos Deirmentzoglou* is a PhD student in information security at the
University of Piraeus in Greece.  He has many great ideas for improving
Nmap, and one of the ones I'm most excited about is adding ssh support to
NSE.  Nmap is almost exclusively focused on unauthenticated remote
discovery and security scanning right now, but SSH support will enable
simple scripts to log in and perform local checks or run administrative
commands. It will also allow Nmap to test a remote systems SSH password
security using our brute force subsystem.  And speaking of password
auditing, Evangel is also planning to add further brute force modules to
NSE and to our dedicated Ncrack auditing tool (https://nmap.org/ncrack/).
Password security may sound like "old news" to some, but it continues as a
major weakness and struggle for large and small organizations.  Evangel
will be working with Ncrack author Fotis "Ithilgore" Chantzis, who has been
both a successful GSoC student and mentor in the past.

*Rewanth Cool* is a 3rd year student pursuing a Bachelor's in Computer
Engineering at NIT Kurukshetra in India.  He has already contributed some
code to Nmap in recent months and has a lot more planned for the summer.
He'll be working with Nmap co-maintainer Dan Miller on TLS/SSL
enhancements, improving RPC support, and also some more general (non-NSE)
Nmap improvements. Dan has already mentored 5 successful GSoC studence
since 2014 and I can't wait to see what they accomplish this year!

*Vinamra Bhatia* is a sophomore computer science student at the Birla
Institute of Technology and Science in Pilani, India. He will be working on
NSE improvements with Nmap developer Paulino Calderon, who literally wrote
the book on NSE ("Mastering the Nmap Scripting Engine", 2015).  Paulino
also made recent headlines with his new NSE script for remotely detecting
the MS17-010 vulnerability exploited by WannaCry (
http://seclists.org/nmap-dev/2017/q2/79).  Paulino and Vinamra are planning
to focus on SMB and HTTP scripts and infrastructure, with other
enhancements thrown in for good measure.  In fact Vinamra already has
several pull requests pending on the Nmap Github repo.  They will be
assisted by longtime Nmap developer Ron Bowes, who single-handedly wrote
much of Nmap's current SMB implementation.

*Wong Wai Tuck* is finishing his sophomore year at the Singapore Management
University, then he is headed to the U.S. to complete his studies in
information security at Carnegie Mellon University.  He will be working
with former Nmap GSoC student George "Sophron" Chatzisofroniou on improving
NSE for pen-testers.  This may include a password profiling system (
http://seclists.org/nmap-dev/2016/q2/46), better automation and
enhancements of security scanning methods, and new exploitation scripts for
big bugs like last week's Windows Defender vuln (
https://www.engadget.com/2017/05/08/microsoft-windows-malwa
re-protection-engine-rce/).

Nmap is one of just seven organizations who have now participated in all
thirteen Google Summers of Code.  If you enjoy the Zenmap GUI, Ncat, Ndiff,
Nping, Ncrack, or the Nmap Scripting Engine, you're using features
developed in a large part by previous Summer of Code students.  And with a
team like this, we can't help but expect more great things!  Full-time
coding starts May 30, but we have already started project brainstorming and
planning.  Some participants may use this community bonding period to get
an early start on coding, while others will focus on testing Nmap and
reading the code and documentation.

Please join us in welcoming this new team of Nmap GSoC students!  Most of
the development will be done on the Nmap dev list (
http://seclists.org/nmap-dev/), where everybody is encouraged to
participate in coding, suggesting ideas, testing, etc.

We had 52 applications this year and most were excellent.  I regret that we
could only accept 8% of them, but I'd like to thank everyone who applied!
Please try again next year, if you can. We've had several cases in the past
where we couldn't find room for someone one year, but were able to accept
them the next. I'd also like to offer big thanks to Google for sponsoring
another 1,318 students over all projects this year and putting millions of
dollars into open source development!

Cheers,
Fyodor
_______________________________________________
Sent through the announce mailing list
https://nmap.org/mailman/listinfo/announce
Archived at http://seclists.org/nmap-hackers/