Home page logo

nmap-dev logo Nmap Development mailing list archives

Nmap GSoC 2010 Success Report
From: Fyodor <fyodor () insecure org>
Date: Tue, 8 Mar 2011 02:09:30 -0800

Hi folks!  GSoC 2010 ended last August and it was another huge
success!  So much so that it took us until January 28 of this year to
get all the code integrated into a stable Nmap release (5.50).  We're
about to embark on GSoC 2011 idea brainstorming, but first I want to
give a big shout out to the 2010 participants who did such a wonderful

We had 8 students in 2010 and, for only the second time in our 6 years
of GSoC, all of them passed!  Let's take a look at their
accomplishments individually:

*Alexandru Totolici* created Rainmap, a web application allowing users
to create, configure and run Nmap scans from within their browser.
You can install it on your server and then schedule regular scans to
keep an eye on your infrastructure.  It is still in an early stage of
development, but it does work and you can download it from
http://nmap.org/rainmap/.  He was mentored by Fyodor (me).

*Djalal Harouni* spent the whole summer working on the Nmap Scripting
Engine.  One of the coolest features he added is the target library,
which allows scripts to add newly discovered targets to Nmap's scan
queue.  He also added the prerule and postrule scan phases, allowing
for scripts like broadcast-upnp-info that only need to run once per
Nmap scan rather than against discovered hosts or open ports.  Djalal
also wrote the handy nfs-ls and nfs-statfs scripts.  He was mentored
by Patrick Donnelly.

*Dražen Popović* spent the summer working on SMB and MS-RPC.  First he
added checks for the MS06-025 and MS07-029 vulnerabilities to
smb-check-vulns, then he embarked on a large project to better handle
the NDR serialization format used by MS-RPC. He built a testing
environment to find serialization errors and also made progress
towards creating a program to automatically generate Lua libraries
from a machine-readable protocol description (IDL). The library was
not completely finished but it is available from
svn://svn.insecure.org/nmap-exp/drazen.  David Fifield was his mentor.

*Ithilgore* developed Ncrack as a 2009 SoC student and spent 2010
enhancing it further.  During the summer he added support for cracking
two extremely difficult protocols: RDP and SMB.  Ncrack also supports
high speed ssh, http(s), ftp, telnet, and pop3(s) cracking.  You can
download Ncrack from http://nmap.org/ncrack/.  Ithilgore was mentored
by Fyodor again.

*Kirubakaran Sampath* designed and implemented Zenmap's new NSE script
selection interface.  Choosing scripts in Zenmap used to be much like
the command line in that you have to know exactly what you want. Now
you're presented with a list of all scripts available, including
script documentation and an editable list of arguments specific to
each script.  Click the "Scripting" tab in the Zenmap Profile editor
to see this new system in action!  Kirubakaran was mentored by David.

*Luis MartinGarcia* wrote Nping as a 2009 SoC student and we were
delighted to have him back in 2010 to further improve this excellent
packet probing tool, which is now included with Nmap proper. He spent
the first part of the summer working to improve the codebase.  He
wrote a test program with hundreds of tests and eliminated about 2,700
duplicated (between Nmap and Nping) lines by creating the libnetutil
library.  Luis then spent the second half of the summer creating Nping
echo mode. This is a novel technique for discovering how packets are
changed (or dropped) in transit between the host they originated on
and a target machine. It can detect network address translation,
packet filtering, routing anomalies, and more.  See
http://nmap.org/book/nping-man-echo-mode.html or read up on Nping in
general at http://nmap.org/nping/.  Luis was mentored by David and

In addition to these six students working on Nmap proper, we agreed to
accept two students to work on the UMIT project.  UMIT is an Nmap GUI
that started out as an Nmap SoC project in 2005 and formed the basis
of Zenmap.  UMIT Founder Adriano Marques has continued to develop the
tool as an independent project.  He mentored Diogo Pinheiro and Kosma
Moczek for the summer and you can read about their successes at

Please join me in congratulating all these folks for their excellent
work!  I'm particularly pleased that many of them continued
contributing even after the summer ended.  I'd also like to thank my
fellow mentors--David, Patrick, and Adriano--for their tireless
efforts.  And of course the nmap-dev mailing list members who helped
with testing, bug reports, and advice throughout the summer.  Finally
I'd like to hugely thank Google for making this all possible by
coordinating and bankrolling the program.  If you enjoy Zenmap, the
Nmap Scripting Engine, Ncat, Ndiff, Nping, or Ncrack, you're using
features developed in a large part by previous Summer of Code


PS: For those interested, here are our previous success rates and
    wrap-up reports:

2009 (6/6 - 100%!): http://seclists.org/nmap-dev/2009/q4/148
2008 (6/7 - 86%): http://google-opensource.blogspot.com/2008/11/nmaps-fourth-gsoc-success-stories-and.html
2007 (5/6 - 83%): http://seclists.org/nmap-dev/2007/q4/24
2006 (8/10 - 80%): http://seclists.org/nmap-dev/2007/q1/235
2005 (7/10 - 70%): http://slashdot.org/comments.pl?sid=183143&cid=15133184
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
  • Nmap GSoC 2010 Success Report Fyodor (Mar 08)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]