Nmap Announce mailing list archives

By Date By Thread Nmap GSoC 2016 Success Report From: Fyodor <fyodor () nmap org>

Date: Tue, 7 Feb 2017 21:42:46 -0800

Happy belated new year from the Nmap Project! I'd like to take this opportunity to send you the belated results from our 2016 Summer of Code team. I was going to send them right after the program finished, but some of the students were still finishing some great things so I decided to wait. As you may recall from the team intro mail ( http://seclists.org/nmap-announce/2016/2), we had 5 students last year and I'm happy to report that all of them passed! They added many great features and improvements which Nmap users are sure to enjoy. Much of their work has already been integrated in the Nmap 7.40 release and some is still to come. Let's look at their accomplishments individually: *Abhishek Singh* jumped into the Bug Hunter and Feature Creeper role with a ton of improvements to NSE, including a deep dive into timing and scheduling of NSE threads that resulted in more accurate timekeeping and a new --script-timeout option to limit NSE runtimes without losing portscan data. He fixed Nmap's reverse-DNS resolver to extract answers from truncated replies, which was causing problems with DNSSEC zones, and improved performance too. He added support for scan decoys to IPv6 scans. Even Ncat got some love, with the addition of the often-requested -z (zero-byte) port status checking option. Abhi was expertly mentored by Nmap developer Dan MIller. *Prabhjyot Singh Sodhi* spent the summer working on Nmap's IPv6 OS detection system, with an emphasis on improving the machine learning techniques used. He implemented and tested a random forest classifier using the OpenCV system to replace our linear classification approach. Then he split the system into two stages--a first one to detect the OS family (such as Linux) and then a second to detect the version such as 4.9.5. His work has not yet been merged, but he's still working with his mentors, Alexandru Geana and Mathias Morbitzer, to hopefully provide an experimental version soon. *Sergey Khegay* spent the summer working on the Nmap Scripting Engine. He especially improved its brute-force performance by making it more adaptive to changing network conditions and refining resource utilization. He also added support for SSH (https://github.com/sergeykhegay/nmap/tree/gsoc-ssh). His SSH integration with NSE was based on Devin Bjelland's work, who had also participated as a Google Summer of Code student in 2004. His SSH integration has not yet been integrated into the Nmap trunk, but is available from https://github.com/sergeykhegay/nmap/tree/gsoc-ssh. Sergey was mentored by Fotis Chantzis (Ithilgore) who had worked with Fyodor on our Ncrack dedicated brute-force cracking tool in a previous Summer of Code (https://nmap.org/ncrack/). *Tudor Emil Coman* was our performance and optimization specialist for the summer. He made dozens of improvements, from adding I/O Completion API support for faster windows scanning to detecting and fixing a major bottleneck in the findHost() function. We set up a new scanning research machine so he was able to do multiple full-Internet scans to test the changes. Tudor explains his Summer's work in more detail at http://seclists.org/nmap-dev/2016/q3/225. He was mentored by long-time Nmap developer Brandon Enright. *Vincent Dumont* made good on his plans to improve the Nmap build system on OS X, converting the Zenmap bundler from a custom Macports+py2app script to the much cleaner and easier-to-manage gtk-mac-bundler setup. The installer even has helpful and cool graphics now! He modernized several other parts of Nmap on OS X, moving us away from deprecated methods. He handled several other important changes that affect other platforms: making Nmap compatible with OpenSSL 1.1.X, fixing support for DNS names over 64 bytes, and delivering a Spanish translation of Zenmap. These changes have all been integrated into Nmap. He was the second student mentored by Dan MIller. Both students and mentors deserve a round of applause for their great work this year! And so does Google for making all of this possible! They have spent tens of millions of dollars sponsoring thousands of students to work on hundreds of open source projects. Nmap by itself has now mentored 78 SoC students in the last 12 years and some of those students are now top Nmap developers and GSoC mentors. If you enjoy Zenmap, the Nmap Scripting Engine, Ncat, Nping, or Ndiff, you're using features developed in a large part by previous Summer of Code students! And last year Google posted a particularly inspiring story about one of our students to their Open Source Blog: https://opensource.googleblog.com/2016/02/coming-to-america-how-google-summer-of.html We're one of only 7 organizations to participate in all twelve GSoC summers so far, and we hope to soon bring you good news about the 2017 program! Cheers, Fyodor PS: For those who are interested, here are our previous success (pass) rates and wrap-up reports: 2016 (5/5 - 100%) [this report] 2015 (5/5 - 100%) http://seclists.org/nmap-announce/2015/4 2014 (4/6 - 67%): http://seclists.org/nmap-dev/2014/q4/108 2013 (3/3 - 100%): http://seclists.org/nmap-dev/2013/q4/108 2012 (4/5 - 80%): http://seclists.org/nmap-dev/2012/q4/138 2011 (7/7 - 100%): http://seclists.org/nmap-dev/2012/q1/542 2010 (8/8 - 100%): http://seclists.org/nmap-dev/2011/q1/708 2009 (6/6 - 100%): http://seclists.org/nmap-dev/2009/q4/148 2008 (6/7 - 86%): http://bit.ly/googleblognmap 2007 (5/6 - 83%): http://seclists.org/nmap-dev/2007/q4/24 2006 (8/10 - 80%): http://seclists.org/nmap-dev/2007/q1/235 2005 (7/10 - 70%): http://slashdot.org/comments.pl?sid=183143&cid=15133184 _______________________________________________ Sent through the announce mailing list https://nmap.org/mailman/listinfo/announce Archived at http://seclists.org/nmap-hackers/ By Date By Thread Current thread: Nmap GSoC 2016 Success Report Fyodor (Feb 07)