Nmap Announce mailing list archives

Previous By Date Next
Previous By Thread Next

Nmap GSoC 2015 Success Report

From: Fyodor <fyodor () nmap org>
Date: Mon, 19 Oct 2015 15:38:09 -0700
Nmap hackers:

I'm pleased to report the successful completion of our 11th Google Summer
of Code.  And this year all five of our students passed!  They added many
great features and improvements which Nmap users are sure to enjoy.  Much
of their work has already been integrated in the Nmap 6.49BETA5 release
last month, and we're working to integrate even more in the upcoming stable
version.  Let's look at their accomplishments individually:

*Andrew Farabee* spent most of the summer working on proxy-related tasks.
We're talking socks4a, socks5, proxy authentication, name-based proxy
scanning, etc. One of the most exciting points was creating an experimental
system for scanning Tor hidden services (
http://seclists.org/nmap-dev/2015/q2/317). Most of this work hasn't been
merged yet, but he created a road map for doing so (
http://seclists.org/nmap-dev/2015/q3/236). He was expertly mentored by
Jacek Wielemborek who has experience working in the same code areas from
his own two summers as a GSoC student.

*Gioacchino Mazzurco* was a feature creeper, so he worked on a wide variety
of tasks all over the Nmap code base. Perhaps his biggest change was adding
IPv6 support to our parallel reverse DNS query system, making it much
faster. To understand why we've been working so hard on IPv6 in recent
years, just take a look at Google's IPv6 adoption stats (
https://www.google.com/intl/en/ipv6/statistics.html).  It roughly doubles
every year. Gio also cleaned up our build system and made some NSE
enhancements such as improving the creds (credentials) library and
upgrading the SNMP library and scripts to support creds.  Gio gave a talk
about his Nmap work at the BattleMesh ad-hoc networking event in Slovenia.
He worked on all this with mentor Dan Miller, and most of his code has
already been integrated into Nmap.

*Gyanendra Mishra* spent the summer improving our Nmap Scripting Engine. In
the process he wrote or improved dozens of scripts, and you can find a full
list at http://seclists.org/nmap-dev/2015/q3/237. His slaxml library
provides a long-awaited XML parsing library for Nmap and his improvements
to the HTTP library include NTLM auth support which makes scripts such as
http-brute more powerful. Gyani was also mentored by Dan Miller.

*Jiayi Ye* was also developing NSE scripts this summer, but her focus was
on vulnerability detection.  She wrote scripts for specific bug checks
(e.g. http-vuln-cve2015-1635, smtp-vuln-cve2015-0235) and also one which
uses the Tor consensus protocol to determine whether a target is listed as
a Tor node. She also hugely improved Marc Ruef's general purpose vuln
detection script (vulnscan.nse).  You can read about more of her work at
http://seclists.org/nmap-dev/2015/q3/249. She was mentored by Paulino
Calderon who literally wrote the book on NSE (
https://www.packtpub.com/networking-and-servers/mastering-nmap-scripting-engine).
Paulino also has previous experience as an Nmap GSoC student (2011).

*Yang Luo* is a second time Nmap GSoC student who returned this year to
work with me (Fyodor) on an awesome project to improve the WinPcap library
that Nmap uses for packet capture on Windows.  Our new version replaces the
deprecated NDIS5 API with the newer and superior Windows Filtering
Platform.  We also added a security feature to prevent unprivileged users
from packet sniffing. And Yang found a way to enable packets sending to
localhost. Our experimental version of Nmap with Npcap can do SYN scans
against localhost for the first time since Microsoft disabled raw sockets
in 2003. We've received a lot of interest in Npcap from Wireshark users as
well. We're hoping to either incorporate Npcap into official Nmap releases,
or work with the WinPcap folks to get our improvements ported over.

Both students and mentors deserve a round of applause for their great work
this year! And so does Google for making all of this possible!  They have
spent tens of millions of dollars sponsoring thousands of students to work
on hundreds of open source projects.  Nmap by itself has now mentored 73
SoC students in the last 11 years and some of those students are now top
Nmap developers and GSoC mentors.  If you enjoy Zenmap, the Nmap Scripting
Engine, Ncat, Nping, or Ndiff, you're using features developed in a large
part by previous Summer of Code students!

Cheers,
Fyodor

PS: For those who are interested, here are our previous success (pass)
rates and wrap-up reports:

2015 (5/5 - 100%) [this report]
2014 (4/6 - 67%): http://seclists.org/nmap-dev/2014/q4/108
2013 (3/3 - 100%): http://seclists.org/nmap-dev/2013/q4/108
2012 (4/5 -  80%): http://seclists.org/nmap-dev/2012/q4/138
2011 (7/7 - 100%): http://seclists.org/nmap-dev/2012/q1/542
2010 (8/8 - 100%): http://seclists.org/nmap-dev/2011/q1/708
2009 (6/6 - 100%): http://seclists.org/nmap-dev/2009/q4/148
2008 (6/7 -  86%): http://bit.ly/googleblognmap
2007 (5/6 -  83%): http://seclists.org/nmap-dev/2007/q4/24
2006 (8/10 - 80%): http://seclists.org/nmap-dev/2007/q1/235
2005 (7/10 - 70%): http://slashdot.org/comments.pl?sid=183143&cid=15133184
_______________________________________________
Sent through the announce mailing list
https://nmap.org/mailman/listinfo/announce
Archived at http://seclists.org/nmap-hackers/
Previous By Date Next
Previous By Thread Next

Current thread: