Nmap Development mailing list archives
Nmap GSoC 2014 Success Report
From: Fyodor <fyodor () nmap org>
Date: Sat, 25 Oct 2014 00:06:06 -0700
Hi Folks. I'm pleased to report the successful completion of our 10th Google Summer of Code! Four of our six students passed, and they accomplished many wonderful things. Much of their work has already been integrated into Nmap 6.47, and we're still working to integrate the remainder. Let's look at their accomplishments individually: *Jay Bosamiya* was a feature creeper, working on a wide variety of Nmap tasks under the expert tutelage of Daniel Miller. Almost all of his work has already been integrated into Nmap 6.47. Some of the most exciting improvements are: o Added the --comment, --data, and --data-string options for sending custom payloads in sent packets o Reduced Nmap memory usage so it works better with large scans and/or on memory-constrained systems o Improved Zenmap performance when opening large files o Improved Nmap topology viewer to combine parallel timed-out hops for a cleaner view o Added the --exclude-ports option to Nmap, which allows you to avoid scanning specified port names, numbers, or ranges. o Nmap now shows TTL information (if available) in the port scan results table if --reason is specified. Jay is also finishing up an --ignore-after feature for improving Nmap performance against hosts with an unreasonable number of ports open (by skipping them). He is a freshman pursuing a Bachelor's Degree in Computer Science and Engineering (CSE) at the Indian Institute of Technology in Roorkee, India. *Jacek Wielemborek* was one of our most successful 2013 GSoC students and we are delighted that he came back to help the Nmap Project this summer! He worked with mentor David Fifield again. His project this year was porting some of our port scanning methods (including TCP connect scan) to our Nsock (asynchronous socket) library to allow greater performance and flexibility. This is a huge project and he has already delivered working code. The next steps are adding and then testing congestion control, rate limit detection, and a few other algorithms and features. In support of his efforts, Jacek also created a benchmarking system for running daily Nmap scans and highlighting changes in performance or accuracy. Jacek is pursuing a Master's Degree in Computer Science at the University of Lodz in Poland. *Claudiu Perta* spent the summer working on Nmap Scripting Engine (NSE) scripts and libraries under the mentorship of Ron Bowes, who is himself one of our top NSE authors. Some of his projects that you can already find in Nmap 6.47 include: o Updating many scripts to use the brute force library for better consistency and performance o Adding STARTTLS support for IMAP, POP3, and NNTP scripts as well as our SSL Cert Library o The ssl-ccs-injection script for detecting the SSL/TLS CCS Injection vulnerability. We're also still working to integrate work he did on SPDY support, ZLib compression support, and IPMI vulnerabilities. Claudiu is a PhD student in Computer Science at Sapienza University in Rome. *Devin Bjelland* spent the summer working on NSE plumbing with resident Lua expert Patrick Donnelly as his mentor. Devin's first project was replacing our Perl-style regular expression library (PCRE) in NSE with the more appropriate and flexible Lua-based LPeg system. He also wrote working proof-of-concept code for an NSE debugger and also SSH integration for NSE. We're particularly excited about SSH support as that will open up a huge number of potential scripts that involve executing commands on remote machines. The SSH integration is not yet portable or efficient enough to integrate, but it does work on Linux and you can learn more about it at http://seclists.org/nmap-dev/2014/q3/319. Devin is a Sophomore studying computer science and math at Macalester College in Saint Paul, Minnesota. Great work, guys! Both students and mentors deserve a round of applause! And so does Google for making all of this possible! They have spent tens of millions of dollars sponsoring thousands of students to work on hundreds of open source projects. Nmap by itself has mentored 68 SoC students in the last 10 years and some continue as top Nmap developers to this day. If you enjoy Zenmap, the Nmap Scripting Engine, Ncat, Nping, or Ndiff, you're using features developed in a large part by previous Summer of Code students! Cheers, Fyodor PS: For those who are interested, here are our previous success (pass) rates and wrap-up reports: 2014 (4/6 - 67%): [this report] 2013 (3/3 - 100%): http://seclists.org/nmap-dev/2013/q4/108 2012 (4/5 - 80%): http://seclists.org/nmap-dev/2012/q4/138 2011 (7/7 - 100%): http://seclists.org/nmap-dev/2012/q1/542 2010 (8/8 - 100%): http://seclists.org/nmap-dev/2011/q1/708 2009 (6/6 - 100%): http://seclists.org/nmap-dev/2009/q4/148 2008 (6/7 - 86%): http://bit.ly/googleblognmap 2007 (5/6 - 83%): http://seclists.org/nmap-dev/2007/q4/24 2006 (8/10 - 80%): http://seclists.org/nmap-dev/2007/q1/235 2005 (7/10 - 70%): http://slashdot.org/comments.pl?sid=183143&cid=15133184
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Nmap GSoC 2014 Success Report Fyodor (Oct 25)