Nmap Development mailing list archives
Re: Nmap GSoC 2009 Report
From: Michael Pattrick <mpattrick () rhinovirus org>
Date: Fri, 23 Oct 2009 07:10:45 -0400
Congratulations are clearly in order, the students this year have churned out a lot of great code. And these contributions are all made the sweater by a 100% success rate. Kudos to you: Ithilgore, João, Josh, Luis, Patrick, and Venkat. -M On Fri, Oct 23, 2009 at 2:58 AM, Fyodor <fyodor () insecure org> wrote:
Hello everyone. Google SoC ended last month and things are starting to settle down, so it is time to look at the results. First, let's review the completion stats for previous years: 2005: Success rate 70% (7/10) Full report: http://slashdot.org/comments.pl?sid=183143&cid=15133184 2006: Success rate 80% (8/10) Full report: http://seclists.org/nmap-dev/2007/q1/235 2007: Success rate: 83% (5/6) Full report: http://seclists.org/nmap-dev/2007/q4/24 2008: Success rate: 86% (6/7) Full report: http://google-opensource.blogspot.com/2008/11/nmaps-fourth-gsoc-success-stories-and.html I'm proud that our success rate improved in each of those four years, and I'm delighted to announce that we set a new record for 2009! This year every single one of the students passed--a 100% success rate! I'd like to offer big congratulations to Patrick, Ithilgore, Luis, Josh, Venkat, and João, as well as my thanks to David for mentoring half of them. I'd also like to thank the Nmap community members who helped with testing, bug reports, and advice throughout the summer. Of course Google also deserves thanks for coordinating and bankrolling this whole thing! Now for the meat of this report: what did the students actually accomplish? Ithilgore spent the summer creating a new application from scratch: the high speed Ncrack network authentication cracker. This is a great tool for auditing your systems and devices for weak passwords. I demanded efficiency, but Ithilgore went way beyond the call of duty. For example he carefully analyzed the SSH protocol before hacking the OpenSSH library for optimal performance and then documenting that work at http://seclists.org/nmap-dev/2009/q3/428. Ncrack also handles http, https, ftp, and telnet protocols, with more on the way! An alpha release is already available in source format along with Windows and Mac OS X installers. Learn more or download Ncrack from http://nmap.org/ncrack/. Patrick Donnelly has been an active developer since SoC 2008. This year he was the Nmap Scripting Engine Infrastructure Manager, a natural choice given his deep knowledge of NSE. He designed and implemented a number of innovations including Boolean operators for the --script option and richer syntax for --script-args. Even more importantly, he fixed several bugs that caused mysterious hangs and crashes. He also sped up NSE by increasing parallelism, made the http module support caching, and added a system for detecting incorrect use of global variables. Patrick gave a presentation on NSE and his work at the Lua Workshop in Rio de Janeiro. Luis MartinGarcia created Nping, a multi-platform network probing utility. Think of it as Hping on steroids, allowing you send a wide variety of raw packets (TCP, UDP, ICMP, plain IP, IPv6, ARP, etc.) and analyze the responses. In the future we plan to add a special server mode which listens on the target system and reports back to the client for network trace reconstruction. Analyzing packets as received by the target will allow the user to detect network address translation, header field munging, and more. A beta release is already available in source format along with Windows and Mac OS X installers. Learn more or download Nping from http://nmap.org/nping/. Josh Marlow was a feature creeper focusing on Zenmap and the Nmap core. He developed a talent for performance measurement, speeding up Zenmap startup and results processing. His biggest user-visible improvement is Zenmap's new host filtering feature which allows you to narrow down scan results to just those hosts you are interested in. For example, you might scan a huge network then decide to drill down your view to only the Linux machines or only servers running Microsoft IIS 5.0. Josh presented the Zenmap filtering mechanism at NeighborCon in Knoxville and Las Vegas. Venkat Sanaka was a feature creeper with a specialization in Ncat. He became something of an OpenSSL expert and pioneered Ncat SSL support improvements including client certificate authentication, SSL fallbacks for SSLv3- and TLSv1-only servers, and wildcard certificate verification. Venkat made many non-SSL improvements as well. João Correa spent the summer writing scripts and libraries for the Nmap Scripting Engine, with a particular focus on HTTP. He improved open proxy detection (including adding a SOCKS proxy detection script), improved SSL support (for numerous protocols) with his comm.tryssl system, dramatically sped up many http requests by adding pipelining support, and he also added http cookies and post/head request support. He also overhauled the favicon DB and HTTP enumeration scripts. Check out http://nmap.org/nsedoc/ to see all the things NSE can do now! These are all just highlights of the great work these students performed over the summer. For more details, see the Nmap Changelog (http://nmap.org/changelog.html). Most of these improvements are already integrated in Nmap 5.00 (http://nmap.org/5/), and the rest are in our SVN repository version (http://nmap.org/book/install.html#inst-svn). A new release is expected in the next two weeks. Please join me in congratulating all these students for their excellent work! I'm particularly pleased that many of them have continued contributing even after the summer has ended. I'm looking forward to GSoC 2010 (assuming it is held again and Google invites us), but 2009 will be a tough year to top! Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Nmap GSoC 2009 Report Fyodor (Oct 23)
- Re: Nmap GSoC 2009 Report Michael Pattrick (Oct 23)