Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Nmap GSoC 2014 Success Report

From: Fyodor <fyodor () nmap org>
Date: Sat, 25 Oct 2014 00:06:06 -0700
Hi Folks.  I'm pleased to report the successful completion of our 10th
Google Summer of Code! Four of our six students passed, and they
accomplished many wonderful things. Much of their work has already been
integrated into Nmap 6.47, and we're still working to integrate the
remainder. Let's look at their accomplishments individually:

*Jay Bosamiya* was a feature creeper, working on a wide variety of Nmap
tasks under the expert tutelage of Daniel Miller. Almost all of his work
has already been integrated into Nmap 6.47. Some of the most exciting
improvements are:
  o Added the --comment, --data, and --data-string options for sending
custom payloads in sent packets
  o Reduced Nmap memory usage so it works better with large scans and/or on
memory-constrained systems
  o Improved Zenmap performance when opening large files
  o Improved Nmap topology viewer to combine parallel timed-out hops for a
cleaner view
  o Added the --exclude-ports option to Nmap, which allows you to avoid
scanning specified port names, numbers, or ranges.
  o Nmap now shows TTL information (if available) in the port scan results
table if --reason is specified.
Jay is also finishing up an --ignore-after feature for improving Nmap
performance against hosts with an unreasonable number of ports open (by
skipping them). He is a freshman pursuing a Bachelor's Degree in Computer
Science and Engineering (CSE) at the Indian Institute of Technology in
Roorkee, India.

*Jacek Wielemborek* was one of our most successful 2013 GSoC students and
we are delighted that he came back to help the Nmap Project this summer! He
worked with mentor David Fifield again. His project this year was porting
some of our port scanning methods (including TCP connect scan) to our Nsock
(asynchronous socket) library to allow greater performance and flexibility.
This is a huge project and he has already delivered working code. The next
steps are adding and then testing congestion control, rate limit detection,
and a few other algorithms and features. In support of his efforts, Jacek
also created a benchmarking system for running daily Nmap scans and
highlighting changes in performance or accuracy.  Jacek is pursuing a
Master's Degree in Computer Science at the University of Lodz in Poland.

*Claudiu Perta* spent the summer working on Nmap Scripting Engine (NSE)
scripts and libraries under the mentorship of Ron Bowes, who is himself one
of our top NSE authors.  Some of his projects that you can already find in
Nmap 6.47 include:
  o Updating many scripts to use the brute force library for better
consistency and performance
  o Adding STARTTLS support for IMAP, POP3, and NNTP scripts as well as our
SSL Cert Library
  o The ssl-ccs-injection script for detecting the SSL/TLS CCS Injection
vulnerability.
We're also still working to integrate work he did on SPDY support, ZLib
compression support, and IPMI vulnerabilities.  Claudiu is a PhD student in
Computer Science at Sapienza University in Rome.

*Devin Bjelland* spent the summer working on NSE plumbing with resident Lua
expert Patrick Donnelly as his mentor. Devin's first project was replacing
our Perl-style regular expression library (PCRE) in NSE with the more
appropriate and flexible Lua-based LPeg system. He also wrote working
proof-of-concept code for an NSE debugger and also SSH integration for NSE.
We're particularly excited about SSH support as that will open up a huge
number of potential scripts that involve executing commands on remote
machines. The SSH integration is not yet portable or efficient enough to
integrate, but it does work on Linux and you can learn more about it at
http://seclists.org/nmap-dev/2014/q3/319. Devin is a Sophomore studying
computer science and math at Macalester College in Saint Paul, Minnesota.

Great work, guys!  Both students and mentors deserve a round of applause!
And so does Google for making all of this possible!  They have spent tens
of millions of dollars sponsoring thousands of students to work on hundreds
of open source projects.  Nmap by itself has mentored 68 SoC students in
the last 10 years and some continue as top Nmap developers to this day.  If
you enjoy Zenmap, the Nmap Scripting Engine, Ncat, Nping, or Ndiff, you're
using features developed in a large part by previous Summer of Code
students!

Cheers,
Fyodor

PS: For those who are interested, here are our previous success (pass)
rates and wrap-up reports:

2014 (4/6 - 67%): [this report]
2013 (3/3 - 100%): http://seclists.org/nmap-dev/2013/q4/108
2012 (4/5 -  80%): http://seclists.org/nmap-dev/2012/q4/138
2011 (7/7 - 100%): http://seclists.org/nmap-dev/2012/q1/542
2010 (8/8 - 100%): http://seclists.org/nmap-dev/2011/q1/708
2009 (6/6 - 100%): http://seclists.org/nmap-dev/2009/q4/148
2008 (6/7 -  86%): http://bit.ly/googleblognmap
2007 (5/6 -  83%): http://seclists.org/nmap-dev/2007/q4/24
2006 (8/10 - 80%): http://seclists.org/nmap-dev/2007/q1/235
2005 (7/10 - 70%): http://slashdot.org/comments.pl?sid=183143&cid=15133184

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: