Nmap Development mailing list archives
Nmap GSoC 2010 Success Report
From: Fyodor <fyodor () insecure org>
Date: Tue, 8 Mar 2011 02:09:30 -0800
Hi folks! GSoC 2010 ended last August and it was another huge success! So much so that it took us until January 28 of this year to get all the code integrated into a stable Nmap release (5.50). We're about to embark on GSoC 2011 idea brainstorming, but first I want to give a big shout out to the 2010 participants who did such a wonderful job! We had 8 students in 2010 and, for only the second time in our 6 years of GSoC, all of them passed! Let's take a look at their accomplishments individually: *Alexandru Totolici* created Rainmap, a web application allowing users to create, configure and run Nmap scans from within their browser. You can install it on your server and then schedule regular scans to keep an eye on your infrastructure. It is still in an early stage of development, but it does work and you can download it from http://nmap.org/rainmap/. He was mentored by Fyodor (me). *Djalal Harouni* spent the whole summer working on the Nmap Scripting Engine. One of the coolest features he added is the target library, which allows scripts to add newly discovered targets to Nmap's scan queue. He also added the prerule and postrule scan phases, allowing for scripts like broadcast-upnp-info that only need to run once per Nmap scan rather than against discovered hosts or open ports. Djalal also wrote the handy nfs-ls and nfs-statfs scripts. He was mentored by Patrick Donnelly. *Dražen Popović* spent the summer working on SMB and MS-RPC. First he added checks for the MS06-025 and MS07-029 vulnerabilities to smb-check-vulns, then he embarked on a large project to better handle the NDR serialization format used by MS-RPC. He built a testing environment to find serialization errors and also made progress towards creating a program to automatically generate Lua libraries from a machine-readable protocol description (IDL). The library was not completely finished but it is available from svn://svn.insecure.org/nmap-exp/drazen. David Fifield was his mentor. *Ithilgore* developed Ncrack as a 2009 SoC student and spent 2010 enhancing it further. During the summer he added support for cracking two extremely difficult protocols: RDP and SMB. Ncrack also supports high speed ssh, http(s), ftp, telnet, and pop3(s) cracking. You can download Ncrack from http://nmap.org/ncrack/. Ithilgore was mentored by Fyodor again. *Kirubakaran Sampath* designed and implemented Zenmap's new NSE script selection interface. Choosing scripts in Zenmap used to be much like the command line in that you have to know exactly what you want. Now you're presented with a list of all scripts available, including script documentation and an editable list of arguments specific to each script. Click the "Scripting" tab in the Zenmap Profile editor to see this new system in action! Kirubakaran was mentored by David. *Luis MartinGarcia* wrote Nping as a 2009 SoC student and we were delighted to have him back in 2010 to further improve this excellent packet probing tool, which is now included with Nmap proper. He spent the first part of the summer working to improve the codebase. He wrote a test program with hundreds of tests and eliminated about 2,700 duplicated (between Nmap and Nping) lines by creating the libnetutil library. Luis then spent the second half of the summer creating Nping echo mode. This is a novel technique for discovering how packets are changed (or dropped) in transit between the host they originated on and a target machine. It can detect network address translation, packet filtering, routing anomalies, and more. See http://nmap.org/book/nping-man-echo-mode.html or read up on Nping in general at http://nmap.org/nping/. Luis was mentored by David and Fyodor. In addition to these six students working on Nmap proper, we agreed to accept two students to work on the UMIT project. UMIT is an Nmap GUI that started out as an Nmap SoC project in 2005 and formed the basis of Zenmap. UMIT Founder Adriano Marques has continued to develop the tool as an independent project. He mentored Diogo Pinheiro and Kosma Moczek for the summer and you can read about their successes at http://blog.umitproject.org/. Please join me in congratulating all these folks for their excellent work! I'm particularly pleased that many of them continued contributing even after the summer ended. I'd also like to thank my fellow mentors--David, Patrick, and Adriano--for their tireless efforts. And of course the nmap-dev mailing list members who helped with testing, bug reports, and advice throughout the summer. Finally I'd like to hugely thank Google for making this all possible by coordinating and bankrolling the program. If you enjoy Zenmap, the Nmap Scripting Engine, Ncat, Ndiff, Nping, or Ncrack, you're using features developed in a large part by previous Summer of Code students. Cheers, Fyodor PS: For those interested, here are our previous success rates and wrap-up reports: 2009 (6/6 - 100%!): http://seclists.org/nmap-dev/2009/q4/148 2008 (6/7 - 86%): http://google-opensource.blogspot.com/2008/11/nmaps-fourth-gsoc-success-stories-and.html 2007 (5/6 - 83%): http://seclists.org/nmap-dev/2007/q4/24 2006 (8/10 - 80%): http://seclists.org/nmap-dev/2007/q1/235 2005 (7/10 - 70%): http://slashdot.org/comments.pl?sid=183143&cid=15133184 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Nmap GSoC 2010 Success Report Fyodor (Mar 08)