Nmap Announce mailing list archives

Previous By Date Next
Previous By Thread Next

Nmap GSoC 2016 Success Report

From: Fyodor <fyodor () nmap org>
Date: Tue, 7 Feb 2017 21:42:46 -0800
Happy belated new year from the Nmap Project!  I'd like to take this
opportunity to send you the belated results from our 2016 Summer of Code
team.   I was going to send them right after the program finished, but some
of the students were still finishing some great things so I decided to
wait. As you may recall from the team intro mail (
http://seclists.org/nmap-announce/2016/2), we had 5 students last year and
I'm happy to report that all of them passed!  They added many great
features and improvements which Nmap users are sure to enjoy.  Much of
their work has already been integrated in the Nmap 7.40 release and some is
still to come.  Let's look at their accomplishments individually:

*Abhishek Singh* jumped into the Bug Hunter and Feature Creeper role with a
ton of improvements to NSE, including a deep dive into timing and
scheduling of NSE threads that resulted in more accurate timekeeping and a
new --script-timeout option to limit NSE runtimes without losing portscan
data. He fixed Nmap's reverse-DNS resolver to extract answers from
truncated replies, which was causing problems with DNSSEC zones, and
improved performance too. He added support for scan decoys to IPv6 scans.
Even Ncat got some love, with the addition of the often-requested -z
(zero-byte) port status checking option.  Abhi was expertly mentored by
Nmap developer Dan MIller.

*Prabhjyot Singh Sodhi* spent the summer working on Nmap's IPv6 OS
detection system, with an emphasis on improving the machine learning
techniques used. He implemented and tested a random forest classifier using
the OpenCV system to replace our linear classification approach.  Then he
split the system into two stages--a first one to detect the OS family (such
as Linux) and then a second to detect the version such as 4.9.5.  His work
has not yet been merged, but he's still working with his mentors,
 Alexandru Geana and Mathias Morbitzer, to hopefully provide an
experimental version soon.

*Sergey Khegay* spent the summer working on the Nmap Scripting Engine. He
especially improved its brute-force performance by making it more adaptive
to changing network conditions and refining resource utilization. He also
added support for SSH (https://github.com/sergeykhegay/nmap/tree/gsoc-ssh).
His SSH integration with NSE was based on Devin Bjelland's work, who had
also participated as a Google Summer of Code student in 2004. His SSH
integration has not yet been integrated into the Nmap trunk, but is
available from https://github.com/sergeykhegay/nmap/tree/gsoc-ssh. Sergey
was mentored by Fotis Chantzis (Ithilgore) who had worked with Fyodor on
our Ncrack dedicated brute-force cracking tool in a previous Summer of Code
(https://nmap.org/ncrack/).

*Tudor Emil Coman* was our performance and optimization specialist for the
summer.  He made dozens of improvements, from adding I/O Completion API
support for faster windows scanning to detecting and fixing a major
bottleneck in the findHost() function.  We set up a new scanning research
machine so he was able to do multiple full-Internet scans to test the
changes.  Tudor explains his Summer's work in more detail at
http://seclists.org/nmap-dev/2016/q3/225.  He was mentored by long-time
Nmap developer Brandon Enright.

*Vincent Dumont* made good on his plans to improve the Nmap build system on
OS X, converting the Zenmap bundler from a custom Macports+py2app script to
the much cleaner and easier-to-manage gtk-mac-bundler setup. The installer
even has helpful and cool graphics now! He modernized several other parts
of Nmap on OS X, moving us away from deprecated methods. He handled several
other important changes that affect other platforms: making Nmap compatible
with OpenSSL 1.1.X, fixing support for DNS names over 64 bytes, and
delivering a Spanish translation of Zenmap.  These changes have all been
integrated into Nmap.  He was the second student mentored by Dan MIller.

Both students and mentors deserve a round of applause for their great work
this year! And so does Google for making all of this possible!  They have
spent tens of millions of dollars sponsoring thousands of students to work
on hundreds of open source projects.  Nmap by itself has now mentored 78
SoC students in the last 12 years and some of those students are now top
Nmap developers and GSoC mentors.  If you enjoy Zenmap, the Nmap Scripting
Engine, Ncat, Nping, or Ndiff, you're using features developed in a large
part by previous Summer of Code students!  And last year Google posted a
particularly inspiring story about one of our students to their Open Source
Blog:
https://opensource.googleblog.com/2016/02/coming-to-america-how-google-summer-of.html

We're one of only 7 organizations to participate in all twelve GSoC summers
so far, and we hope to soon bring you good news about the 2017 program!

Cheers,
Fyodor

PS: For those who are interested, here are our previous success (pass)
rates and wrap-up reports:

2016 (5/5 - 100%) [this report]
2015 (5/5 - 100%) http://seclists.org/nmap-announce/2015/4
2014 (4/6 - 67%): http://seclists.org/nmap-dev/2014/q4/108
2013 (3/3 - 100%): http://seclists.org/nmap-dev/2013/q4/108
2012 (4/5 -  80%): http://seclists.org/nmap-dev/2012/q4/138
2011 (7/7 - 100%): http://seclists.org/nmap-dev/2012/q1/542
2010 (8/8 - 100%): http://seclists.org/nmap-dev/2011/q1/708
2009 (6/6 - 100%): http://seclists.org/nmap-dev/2009/q4/148
2008 (6/7 -  86%): http://bit.ly/googleblognmap
2007 (5/6 -  83%): http://seclists.org/nmap-dev/2007/q4/24
2006 (8/10 - 80%): http://seclists.org/nmap-dev/2007/q1/235
2005 (7/10 - 70%): http://slashdot.org/comments.pl?sid=183143&cid=15133184
_______________________________________________
Sent through the announce mailing list
https://nmap.org/mailman/listinfo/announce
Archived at http://seclists.org/nmap-hackers/
Previous By Date Next
Previous By Thread Next

Current thread: