Introducing the 2012 Nmap/Google Summer of Code Team!

[Fyodor <fyodor () insecure org>]

Hello everyone.  The Nmap Project received a spectacular bunch of
Summer of Code proposals this year (50 of them), and I'm happy to
report that Google has agreed to sponsor five students to spend this
summer enhancing the Nmap Security Scanner!  In previous summers we
have sponsored students to develop related tools such as Ncat, Nping,
and Ncrack, but this year we have a smaller, more focused group.
Three will be working on Nmap Scripting Engine (NSE) scripts and
infrastructure, while the other two are free-range feature creepers
making improvements and bug fixes all over Nmap.  I'm delighted to
introduce the 2012 team!

==Nmap Scripting Engine==

The Nmap Scripting Engine, first created with GSoC student Diman
Todorov in 2006, has become one of Nmap's most powerful and popular
features.  It allows users to write (and share) simple scripts to
automate a wide variety of networking tasks. We now have more than 350
scripts, all documented at the NSEDoc Reference Portal
(http://nmap.org/nsedoc/).  We have chosen three SoC students to write
even more scripts and libraries, and even improve the infrastructure
(C++ underpinning) as needed.

*Aleksandar Nikolic* will be our NSE vulnerability and exploitation
specialist.  When major new remotely exploitable vulnerabilities are
discovered in popular operating systems or applications, Aleks will be
on call to do any necessary reverse engineering and produce an NSE
script for detecting the problem.  Administrators can then quickly
scan their networks for vulnerable systems.  Aleks already
demonstrated his skills by writing a detection script for the recent
major vulnerability in Samba.  His detection script is already
integrated into Nmap and available from
http://nmap.org/nsedoc/scripts/samba-vuln-cve-2012-1182.html.  Aleks
will also be working to improve Nmap's brute force password auditing
scripts by moving existing scripts to our faster parallel cracking
library, and writing new scripts to enhance protocol coverage.  Aleks
is currently seeking his master's degree at the University Of Novi Sad,
Faculty Of Technical Sciences, in Serbia.  He will be mentored by
David Fifield, who joined the Nmap Project as a SoC student in 2007,
later became a SoC mentor, and now is Nmap's co-maintainer.

*Hani Benhabiles* will be focused on network discovery scripts, which
is Nmap's core function.  These can include service information
gathering, target host discovery, version detection, and more.  We
didn't have to guess about Hani's script writing skills because he
already has five of them to his name: http-affiliate-id,
http-apache-negotiation, http-drupal-enum-users, http-method-tamper,
and http-vuln-cve2009-3960.  Hani is pursuing a Computer Science
degree at the National Higher School Of Computer Science in Algiers,
Algeria.  He will be mentored by Henri Doreau, who has committed code
all over Nmap, including writing many great NSE scripts.

*Piotr Olma* will spend the summer improving Nmap's web scanning
support.  Nmap already offers more than 60 http/https scripts, but we
can do even more.  The web has grown to dominate the Internet and is
becoming ever-more complex, so it is critical that Nmap help keep web
sites secure.  Piotr is pursuing a master's degree in Computer Science
at Wroclaw University in Poland.  He will be mentored by our resident
Lua expert (and '08 and '09 SoC student) Patrick Donnelly.

All the NSE students will also have the support of NSE script-writing
record holder Patrik Karlsson as backup mentor.  Patrik is an author
of 159 of our current 361 scripts, and he has shown no sign of slowing
down :).

==Feature Creepers and Bug Wranglers==

There are many Nmap bugs and desired features which are quite
important but take much less than a whole summer to implement. Some
may only take hours, while others could take weeks or even a
month. The feature creeper and bug wranglers handle many such tasks
during the summer. This lets them explore and contribute to a wide
variety of the Nmap code base rather than spending the whole summer
working on just one subsystem.  I'm happy to report that we have two
excellent SoC students this year:

*James Rogers* is a Management Information Systems student who will be
attending Marietta College in Ohio (United States) this fall.  He is
already looking into a "spurious closed port detection" bug
(http://seclists.org/nmap-dev/2012/q1/62) and we have a couple other
small feature ideas lined up.  He's a particularly good writer, and a
prolific blogger at http://mystry-geek.blogspot.com/.  We also have
some larger possible tasks in mind for later, including static
analysis to find bugs in Nmap.  James will be mentored by Fyodor.

*Sean Rivera* will be leading what he calls "the Great Bug Hunt",
helping to fix up, clean up, and improve numerous parts of Nmap.  He
is pursuing Bachelors of Science degrees in Computer Science and
Computer Engineering at the University of Colorado at Boulder (United
States).  He'll probably start with small tasks like tidying the
version detection database and cleaning up the Zenmap installer, but
we already have ideas for larger tasks such as adding IPv6
subnet/pattern support to Nmap.  He will be mentored by David Fifield.

This is the Nmap Project's eight year participating in the Google
Summer of Code.  If you enjoy the Zenmap GUI, Ncat, Ndiff, Nping,
Ncrack, or the Nmap Scripting Engine, you're using features developed
in a large part by previous Summer of Code students.  Full-time coding
starts May 21, but we have already started project brainstorming and
planning.  Some participants may use this community bonding period to
get an early start on coding, while others will focus on testing Nmap
and reading the code and documentation.

Please join us in welcoming this new team of Nmap SoC students!  Most
of the development will be done on the nmap-dev list, where everybody
is encouraged to participate in coding, suggesting ideas, testing,
etc. With a team like this, we can't help but expect great things for
the summer of 2012!

I'd also like to offer big thanks to Google for putting another six
million dollars (over all projects) into open source development this
summer!  You can read about all the other organizations and their
accepted students at
http://google-opensource.blogspot.com/search/label/gsoc.

Cheers,
Fyodor
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/