Nmap Development mailing list archives
Re: Introducing the 2011 Nmap/Google Summer of Code Team
From: Shinnok <admin () shinnok com>
Date: Tue, 26 Apr 2011 10:25:04 +0300
Hi, I am honored to be accepted as part of the GSoC team to hack on Nmap to bring it to new horizons and make it more solid and kick ass of a tool then ever. Regards, Shinnok On Mon, 25 Apr 2011 15:02:24 -0700, Fyodor <fyodor () insecure org> wrote:
Hello everyone. The Nmap Project received a spectacular bunch of Summer of Code proposals this year, and I'm happy to report that Google has agreed to sponsor seven of them to spend this summer enhancing the Nmap Security Scanner! In previous summers we have sponsored students to develop related tools such as Ncat, Nping, and Ncrack, but this year we're focused on Nmap proper. We have three students working on the Nmap Scripting Engine, two on IPv6, and two general feature creepers and bug wranglers. I'm delighted to introduce the 2011 team! ==Nmap Scripting Engine== The Nmap Scripting Engine, first created with GSoC student Diman Todorov in 2006, has become one of Nmap's most powerful and popular features. It allows users to write (and share) simple scripts to automate a wide variety of networking tasks. We now have almost 200 scripts, all documented at the NSEDoc Reference Portal (http://nmap.org/nsedoc/). A main focus of previous years has been improving the NSE engine and infrastructure, but this year we're going all-out with script creation! We have chosen three SoC students to assist with the task: *Djalal Harouni* was a SoC student last year, and we're delighted to have him back! He previously added important NSE features such as prerule/postrule support and the target library (which allows newly discovered hosts to be added by NSE scripts to Nmap's scan queue). Djalal (AKA tixxdz) also wrote a number of valuable scripts, including nfs-ls and nfs-statfs. This summer he will be focusing on vulnerability and exploitation scripts to help administrators discover weaknesses in their networks before the bad guys do. Djalal is pursuing a PhD in Computer Science at Mentouri University in Constantine, Algeria. He will be mentored by Henri Doreau, who has written many great NSE scripts himself. *Gorjan Petrovski* will be working on discovery (and miscellaneous) NSE scripts. He is rather new to Nmap and NSE, but has already done some great work. In particular, we have already integrated his backorifice-info script, which provides detailed information about any discovered instances of the backorifice backdoor. Gorjan is hoping to graduate this year from Ss. Cyril & Methodius University in Skopje, Macedonia with a BSc in Computer Systems Engineering and Automation. He will be mentored by Lua expert Patrick Donnelly, who was himself a GSoC student in '08 and '09. *Paulino Calderon* will spend the summer improving Nmap's web scanning support. Nmap already offers many http/https scripts, but there is much room for improvement. The web has grown to dominate the Internet, so it is critical that Nmap help keep people's web sites secure. Paulino is pursuing a BSc in computer science at Canada's University of Victoria. He has written open source web scanning software such as the web discovery tool PHP-spdr, and has also had code accepted into the Metasploit framework. As a penetration tester, he has used Nmap extensively. He will be mentored by Fyodor. All the NSE students will also have the support of NSE script developer Mak Kolybabi as backup mentor. ==IPv6== The IANA has run out of IPv4 addresses to allocate and the regional registries are expected to deplete their reserves within months. The competition for scarce IPv4 addresses is already heating up. Various hacky techniques (NAT, SSL SNI, name-based hosting, etc.) have been developed to conserve IPv4 addresses, but IPv6 is the only practical solution for fundamentally expanding the address space. Nmap was an early IPv6 adopter, with initial support added in August 2002. But there is a lot more Nmap could do in this regard, and Google has sponsored two Summer of Code students to help us get there. Their primary projects will be researching and implementing OS detection and advanced host discovery techniques for IPv6. Nmap co-maintainer and IPv6 expert David Fifield will be mentoring both of them: *Luis MartinGarcia* did a great job implementing the Nping packet generation and response analysis tool (http://nmap.org/nping/) as a SoC student in 2009 and 2010, and we're happy to have him back this year. He has already been researching IPv6 as a masters/PhD student at the Polytechnic University of Madrid, and has come up with some great ideas for host discovery. *Xu Weilin* is an IPv6 expert in China who helped write an open source IPv6 NAT project and has already come up with some great IPv6 Nmap OS detection ideas. He is pursuing a BSc in Computer Science at Beijing University of Posts and Telecommunications. ==Feature Creepers and Bug Wranglers== There are many Nmap bugs and desired features which are quite important but take much less than a whole summer to implement. Some may only take hours, while others could take weeks or even a month. The feature creeper and bug wranglers handle many such tasks during the summer. This lets them explore and contribute to a wide variety of the Nmap code base rather than spending the whole summer working on just one subsystem. I'm happy to report that we have two excellent SoC students (both to be mentored by David Fifield) filling those shoes: *Colin Rice* is an Eagle Scout and National Merit Scholar attending Rensselaer Polytechnic Institute in Troy, New York. He is particularly proficient in C++ and Python, which is perfect for Nmap and Zenmap work. His previous work includes a zombie invasion simulator, so I'm glad we have him on the team just in case. *Shinnok* is an experienced open source developer whose recent projects include a Netcat GUI (http://shinnok.com/projects.php). He has also discovered numerous vulnerabilities and written quite a few exploits. He is pursuing a BSc in Computer Science at A. I. Cuza University in Iasi, Romania. This is the Nmap Project's seventh year participating in the Google Summer of Code. If you enjoy the Zenmap GUI, Ncat, Ndiff, Nping, Ncrack, or the Nmap Scripting Engine, you're using features developed in a large part by previous Summer of Code students. Full-time coding starts May 23, but we have already started project brainstorming and planning. Some participants may use this community bonding period to get an early start on coding, while others will focus on testing Nmap and reading the code and documentation. Please join us in welcoming this new team of Nmap SoC students! Most of the development will be done on the nmap-dev list, where everybody is encouraged to participate in coding, suggesting ideas, testing, etc. With a team like this, we can't help but expect great things for the summer of 2011! I'd also like to offer big thanks to Google for putting another six million dollars (over all projects) into open source development this summer! You can read about all the other organizations and their accepted students from http://bit.ly/gsocall. Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
-- Shinnok <http://shinnok.com> _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Introducing the 2011 Nmap/Google Summer of Code Team Fyodor (Apr 25)
- Re: Introducing the 2011 Nmap/Google Summer of Code Team Shinnok (Apr 26)
- Re: Introducing the 2011 Nmap/Google Summer of Code Team John Bond (Apr 27)
- Re: Introducing the 2011 Nmap/Google Summer of Code Team Shinnok (Apr 26)