Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: NMAP getting a spit shine thanks to Google

  1. #1
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885

    NMAP getting a spit shine thanks to Google

    Yep, the Google coding project has prodoced some wonderful enhancements to NMAP which will be seen sometime in early fall. Take a look...


    SNIPPED from NMAP HACKERS mailing list:
    ================================
    Nmap-hackers,

    As previously announced, Google generously offered to sponsor summer students developers to assist with the Nmap project (among others). The response was overwhelming, with 233 applications for Nmap alone! Of those, Google agreed to sponsor the 10 most exceptional candidates and project ideas. You'll see why I'm so excited about this when you read about their projects and credentials below. They plan to finish all of this by September 1. That will be quite a challenge, so you are welcome and encouraged to submit ideas, testing results, or patches for any of these projects that catch your interest. The development is taking place in the open, on Sourceforge projects and the nmap-dev list. Subscription information is available at http://cgi.insecure.org/mailman/listinfo/nmap-dev .

    Please join me in congratulating the Summer of Code winners:

    Chris Gibson is bringing us a new and exciting reinterpretation of Netcat and a packet crafter similar to but better for Nmap users than hping, nemesis, or scapy. Planned features for Ncat include:
    o Security: SSL, password-protected encrypted
    channels, incoming IP address restrictions
    o IPv6
    o Connection forwarding/redirection
    o Http and SOCKS proxy (chained) client support
    o Connection brokering to allow proxied communication between hosts
    that are each behind a NAT and thus can't connect directly. Chris is a 2nd year computer science student at the University of Manchester in the UK.

    Ole Mortem Grodaas is designing and implementing a whole new Nmap GUI and results viewer in C++/Qt and SQLite. Read his ideas and sketches at http://home.no.net/grodaas/nmap/details.html . Note that this GUI is meant to help advanced users manage large data sets. It isn't a simple wrapper program for novices who are intimidated by the command-line. Ole is a 2nd year technology student at the Norwegian Military Academy.

    Doug Hoyte is dramatically improving the version detection database and adding cool new features. He has already added hundreds of signatures to the DB, written a port exclusion feature, and expanded the DB format to include hostname and underlying OS information. Doug is preparing for his 3rd year in computer science at the University of British Columbia Okanagan.

    Bo Jiang is a Windows Czar, helping bring parity in features and performance to that platform. Bo is a 2nd year graduate student in Computer System Engineering at Brandeis University.

    Zhao Lei has demonstrated many great ideas for improving OS detection. He is working to improve the database by integrating submissions and will also help in adding new tests to provide more granular results. We will soon be soliciting ideas for new tests on the nmap-dev list. Zhao has completed two years of graduate study toward an Masters in Software Engineering at Tsinghua University in Beijing.

    Adriano Monteiro Marques (like Ole) is creating a new Nmap GUI and results viewer. His in-progress GUI, named UMIT, utilizes Python and PyGTK. One of the great values of open source software is choice. Nmap users should be pleased to have two (more) excellent GUIs to choose from. Note that both new GUIs will be multi-platform. Adriano a 3rd year Information Systems student at Universidade Estadual de Goias in Brazil.

    Ronak Sutaria is another Windows Czar, focused on bringing feature parity to windows. He may also be creating a new installer with NSIS. Considering that only 419 out of 8700 applications were accepted for the whole SoC program, winners had to be extremely talented and lucky to win just once. He was one of a handful whose proposals were accepted for two projects. Of those two, we are lucky that he chose Nmap. Ronak has completed one year of graduate study towards a Master's in Computer Science at New Jersey Institute of Technology.

    Alok Tangoankar is using his strong background in language design and implementation to add scripting language support to Nmap. With this, we plan to put Nessus out of business. Just kidding, Renaud . Nmap will probably focus more in information gathering scripts, though some vulnerability and worm detections scripts may be useful as well. Alok recently received his masters in Computer Science at Stony Brok University in New York, and is now pursuing a Ph.D. there.

    Paul Tarjan is the Nmap performance Czar. He has already produced patches for storing port lists more efficiently (using STL maps rather than huge arrays) and (you guys will like this) providing real time performance stats and completion time estimates when you press enter during Nmap execution. Paul recently graduated with 2 honors degrees (pure math and computer science) from the University of Calgary. Next year he will begin Master's studies in CS at Stanford University.

    Bharath Venkatramani is the final (alphabetical by last name) Windows Czar. He is working to improve stability and performance on that platform. He may also create automated build system which does everything from checking out the source code from Subversion to compiling and processing it all into various shiny little packages (installer, zip file, etc). Bharath is a 4th year Computer Science student at Virginia Tech.

    Congratulations once again to these 10 winners! I hope to do a general Nmap release in a few weeks with some of their code as well as features that I have cooked up. So you may wish to cancel any August vacations and just relax at home with a newly souped-up port
    scanner .

    I would also like to specially thank Google for coming up with this innovative program and spending more than $2 million to fund it. In related news, it looks like they are also hiring Nmap users:

    "Google is looking for aspiring Systems Security Engineers to secure
    our growing infrastructure. If you dream about hardening Linux
    boxes, port scanning with nmap, and fixing security holes, we'd love
    to see your resume."
    -- http://tinyurl.com/dt4m8

    Happy Coding,
    Fyodor
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  2. #2
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    This is such a great idea, not only is it going to fuel the stability and improve on the already vast number of features of nmap, but its going to bring more of a spotlight to open source software.

    Kudos to goolge, and all the people with the rekindled interest in developing nmap.

    WIth all those windows guys they should be able to work the bugs out of the windows port as well, and take some heat off of those posts that make their way here!
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    That new and improved netcat was long overdue.. Great to see someone picking it up and taking it to the next level.. Eventhough netcat is a bit outdated these days I still find myself using it on an almost daily basis...

    I'm also very interested in the future scripting capabilities of nmap

    Code:
    if($port == open) {
      case $port in
          80:    exec("HEAD http://$ip:$port");
          25:    exec("smtprelaycheck $ip");
    }
    Or something similar... cool
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #4
    Senior Member
    Join Date
    Feb 2004
    Posts
    270
    Yes improvements for windows are very welcome.
    Since the beginning of time, Man has searched for the answers to the big questions: \'How did we get here?\' \'Is there life after death?\' \'Are we alone?\' But today, in this very theatre, you will be asked to answer the biggest question of them all...WHO LIVES IN A PINEAPPLE UNDER THE SEA?

  5. #5
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Yeah, it seems that NMAP will be similar to Nessus in that you can script "plugins" if you will.

    I'm waiting impatiently....

    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  6. #6
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    Do I smell perhaps another tutorial from the local nmap whiz thehorse13?
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  7. #7
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    More exposure/spotlight on opensource software = great things. Awesome news Th13, glad to hear that users will soon be able to script plug-ins for NMAP.
    Space For Rent.. =]

  8. #8
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Do I smell perhaps another tutorial from the local nmap whiz thehorse13?
    Absolutely. However, I'll wait until the GA builds hit before writing one.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  9. #9
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    see...now this type of news makes a good day
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  10. #10
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Great, looks like I can put off my next Nmap flash tutorial a little longer.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •