Nmap Announce mailing list archives

By Date By Thread Introducing the 2017 Nmap/Google Summer of Code Team! From: Fyodor <fyodor () nmap org>

Date: Thu, 18 May 2017 16:49:20 -0700

Nmap community: Thanks for all of your applications and referrals of talented students to the Summer of Code program. Google has agreed to sponsor four students to spend this summer enhancing the Nmap Security Scanner and I'm proud to introduce our 2017 team! We normally mentor coders working all over the Nmap/Zenmap/Ncat/Nping spectrum, but this year we're doubling down on the Nmap Scripting Engine component. All four of our students will be enhancing NSE, with some of Nmap's most prolific NSE developers serving as their mentors. In fact, all of this year's mentors were previous GSoC participants (students or mentors) themselves. Let's see what we can do for one of Nmap's most flexible and powerful subsystems which already has nearly 600 scripts and 125 protocol libraries! Even though our overall focus will be NSE, we do have some smaller side projects planned which were too good to pass up. So, without further ado, here is the team: *Evangelos Deirmentzoglou* is a PhD student in information security at the University of Piraeus in Greece. He has many great ideas for improving Nmap, and one of the ones I'm most excited about is adding ssh support to NSE. Nmap is almost exclusively focused on unauthenticated remote discovery and security scanning right now, but SSH support will enable simple scripts to log in and perform local checks or run administrative commands. It will also allow Nmap to test a remote systems SSH password security using our brute force subsystem. And speaking of password auditing, Evangel is also planning to add further brute force modules to NSE and to our dedicated Ncrack auditing tool (https://nmap.org/ncrack/). Password security may sound like "old news" to some, but it continues as a major weakness and struggle for large and small organizations. Evangel will be working with Ncrack author Fotis "Ithilgore" Chantzis, who has been both a successful GSoC student and mentor in the past. *Rewanth Cool* is a 3rd year student pursuing a Bachelor's in Computer Engineering at NIT Kurukshetra in India. He has already contributed some code to Nmap in recent months and has a lot more planned for the summer. He'll be working with Nmap co-maintainer Dan Miller on TLS/SSL enhancements, improving RPC support, and also some more general (non-NSE) Nmap improvements. Dan has already mentored 5 successful GSoC studence since 2014 and I can't wait to see what they accomplish this year! *Vinamra Bhatia* is a sophomore computer science student at the Birla Institute of Technology and Science in Pilani, India. He will be working on NSE improvements with Nmap developer Paulino Calderon, who literally wrote the book on NSE ("Mastering the Nmap Scripting Engine", 2015). Paulino also made recent headlines with his new NSE script for remotely detecting the MS17-010 vulnerability exploited by WannaCry ( http://seclists.org/nmap-dev/2017/q2/79). Paulino and Vinamra are planning to focus on SMB and HTTP scripts and infrastructure, with other enhancements thrown in for good measure. In fact Vinamra already has several pull requests pending on the Nmap Github repo. They will be assisted by longtime Nmap developer Ron Bowes, who single-handedly wrote much of Nmap's current SMB implementation. *Wong Wai Tuck* is finishing his sophomore year at the Singapore Management University, then he is headed to the U.S. to complete his studies in information security at Carnegie Mellon University. He will be working with former Nmap GSoC student George "Sophron" Chatzisofroniou on improving NSE for pen-testers. This may include a password profiling system ( http://seclists.org/nmap-dev/2016/q2/46), better automation and enhancements of security scanning methods, and new exploitation scripts for big bugs like last week's Windows Defender vuln ( https://www.engadget.com/2017/05/08/microsoft-windows-malwa re-protection-engine-rce/). Nmap is one of just seven organizations who have now participated in all thirteen Google Summers of Code. If you enjoy the Zenmap GUI, Ncat, Ndiff, Nping, Ncrack, or the Nmap Scripting Engine, you're using features developed in a large part by previous Summer of Code students. And with a team like this, we can't help but expect more great things! Full-time coding starts May 30, but we have already started project brainstorming and planning. Some participants may use this community bonding period to get an early start on coding, while others will focus on testing Nmap and reading the code and documentation. Please join us in welcoming this new team of Nmap GSoC students! Most of the development will be done on the Nmap dev list ( http://seclists.org/nmap-dev/), where everybody is encouraged to participate in coding, suggesting ideas, testing, etc. We had 52 applications this year and most were excellent. I regret that we could only accept 8% of them, but I'd like to thank everyone who applied! Please try again next year, if you can. We've had several cases in the past where we couldn't find room for someone one year, but were able to accept them the next. I'd also like to offer big thanks to Google for sponsoring another 1,318 students over all projects this year and putting millions of dollars into open source development! Cheers, Fyodor _______________________________________________ Sent through the announce mailing list https://nmap.org/mailman/listinfo/announce Archived at http://seclists.org/nmap-hackers/ By Date By Thread Current thread: Introducing the 2017 Nmap/Google Summer of Code Team! Fyodor (May 18)