Nmap Development mailing list archives
Nmap SoC 2008 Success Stories
From: Fyodor <fyodor () insecure org>
Date: Wed, 15 Oct 2008 17:59:02 -0700
Hi Folks. The Google Summer of Code pencils-down date was in August, and we've been busily integrating code since then. Thanks to the continued help of the participants themselves as well as the wider Nmap community, I'm happy to report that most of the code has now been integrated! As this report will demonstrate, the 2008 Nmap/Google Summer of Code was another huge success for the project! I'll start with the raw numbers: In 2005, 70% (7 out of 10) students succeeded, and they tackled some wonderful projects! This was the year that Zenmap (then named Umit), Ncat, and the 2nd generation OS detection systems got their starts. Doug Hoyte first made major contributions that summer, and continues helping to this day. I was the mentor for all 10 students, and I had them all send me patches rather than providing SVN access. Nmap didn't even have a public SVN tree at this point. Here is a more detailed writeup: http://slashdot.org/comments.pl?sid=183143&cid=15133184 In 2006, I had a better idea of what works and what doesn't and was able to improve the success rate to 80% (8 out of 10). Perhaps the most exciting project was the Nmap Scripting Engine, which has become one of Nmap's most compelling features. We also finished and integrated the 2nd generation OS detection system, and Zenmap (Umit) continued to improve. I again mentored the students myself without providing SVN access. Read the details at http://seclists.org/nmap-dev/2007/q1/0235.html . In 2007, our success rate grew again to 83% (5 of 6)! I attribute part of the success to me being less of a control freak. For example, I took only 4 students compared to 10 the previous year. The remaining two 2006 students were mentored by Diman Todorov, who created NSE as a 2006 SoC student. I also made the Nmap SVN server public and provided commit access to the students. This year we formally integrated Zenmap into the Nmap build system and packages, making massive improvements along the way. This Summer also introduced David Fifield to the Nmap project and was the first SoC for Kris Katterjohn. Both of them have been prolific developers ever since then. Read the details at: http://seclists.org/nmap-dev/2007/q4/0024.html Enough with the history--let's take a look at our 2008 results! I'm happy to report that we had an 86% (6 out of 7) success rate. In other words, our success rate has increased every single year! I like to credit improved processes and interaction based on what we've learned before, but it also helps that we invite the best students back in later years. We've never had a 2nd year (or more) student fail. This year we expanded to three mentors, all of whom (except for me) were former SoC students. Now let's look in detail at our 2008 SoC accomplishments: Patrick Donnelly made substantial NSE infrastructure improvements. He added mutex support and an NSE Standard Library (stdnse), fixed some serious bugs, and rewrote and optimized a substantial amount of code (particularly the nse_init system). But his crowning accomplishment was the NSEDoc system, which uses special comments and variables in script and library code to generate a comprehensive documentation portal at http://nmap.org/nsedoc/ . Kris Katterjohn, who already had hundreds of useful Nmap patches to his name, returned for 2008 to write hundreds more! There is no way I can list everything he did here, particularly as his contributions ranged all over the map from writing NSE libraries (such as the username/password module unpwdb and the standardized communication comm library) to improving Windows support (adding IPv6 and OpenSSL). His biggest project has been finishing up Ncat, our advanced Netcat replacement (which began as a 2005 SoC project by Chris Gibson). Ncat is now integrated with Nmap in our latest SVN revision. Learn more about this exciting new tool at http://nmap.org/ncat/ . Vladimir Mitrovic spent the summer improving the Zenmap GUI, under David Fifield's expert mentorship. They made huge usability and stability improvements, but the pinnacle of their summer achievement was clearly the scan aggregation and topology features! Scan aggregation allows you to conduct multiple scans at different times and add them seamlessly to your existing results. Topology draws a beautiful interactive diagram of the discovered network. Learn more about these features (and view the pretty pictures) at http://nmap.org/book/zenmap-topology.html and http://nmap.org/book/zenmap-scanning.html#aggregation. Jurand Nogiec also worked with David on Zenmap, and was responsible for many key UI improvements which now seem obvious in hindsight. For example, he added a cancel button for aborting a scan in progress without clearing the Nmap output, and he added context-sensitive help to the many dozens of options in the Profile Editor. He also made numerous improvements to the command entry field for people who like to type Nmap command directly, while still benefiting from Zenmap's visual and searchable presentation of results. Michael Pattrick was David's third student, and he accomplished a wide variety of tasks. For example, he created a new OSAssist application for testing and integrating the thousands of Nmap OS detection submissions sent in by Nmap users all over the world. With OSAssist, integration is more accurate and much less tedious. Michael also built two prototypes (one in Perl and then another in C++) for an Ndiff application which compares two or more scan output files and prints out any changes. The prototypes proved so popular that David wrote a final version in Python which is now integrated with Nmap in our latest SVN revision. Philip Pickering spent the summer working on NSE scripts and libraries. We've already incorporated his libraries for binary data manipulation (binlib), DNS queries, Base64 encoding, SNMP, POP3, and cryptographic hashes. We've also incorporated several scripts he wrote utilizing these new libraries. In addition to these core Nmap projects, 5 students were sponsored to work on the UMIT Nmap GUI (now a separate project led by Adriano Marques). Four of their five students passed, as described at: http://blog.umitproject.org/2008/08/google-summer-of-code-results.html Please join me in congratulating all these students for their excellent work! I'm particularly pleased that many of the SoC students have continued contributing even though the summer has ended. I'm looking forward to GSoC 2009 (assuming it is held again and they invite us), but 2008 will be a tough year to top! Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Nmap SoC 2008 Success Stories Fyodor (Oct 15)
- Re: Nmap SoC 2008 Success Stories jah (Oct 16)
- Re: Nmap SoC 2008 Success Stories Luis A. Bastiao Silva (Oct 18)
- Re: Nmap SoC 2008 Success Stories Arturo 'Buanzo' Busleiman (Oct 18)