Sunday, November 22, 2009

Umit SoC 2009 - Results

Hi Everybody,

This year we launched a program similar to Google Summer of Code dubbed Umit Summer of Code. The whole idea is to support all students who would want to contribute to the Umit Project in parallel to Google Summer of Code. The project was had introduced a new concept of a mentor and a co-mentor that is inside the project where students should be comfortable to ask some questions. It had another contributors involved, to be sure that students had support.

We developed the idea early this year and followed through it. The contributions of students were apparent in June.

As we wrap the project for this year, we're still supporting contributors of the program and integrating them. It has been a great first year and we look forward to USoC 2010!

Now the results:

Abhiram Kasina [3]: He is from IIT Kharagpur, India that worked on the Message Sequence Chart (MSC) plugin [1] for PacketManipulator [2]

Plugin is able to create a chart from the packets sent and received between machines. The strength of this project lies in the ability to use a sequence of filters on the packet flow captured. For example, this could only show TCP packets between 192.168.1.31 and 192.168.1.32, involved in a 3-way handshake. These charts can be saved as png/svg images for further use. The source code can be found in MSC svn branch [5].



Mahesh PM [4] : He is a student from Thiruvalla, India working on a transversal area in Umit Project. The major part of his work was developing a Test Suite for Umit Network Scanner. He developed test cases for part of core files, and fixing couple of bugs in Network Scanner. The test suite code can be found in UmitTestSuite branch [6].
He also did a Slax live distribution based with Umit tools installed.

Another students still working: We have another two students: Neeraj Gupta, from India and João Pedro Lemos, from Brasil working in the program. He didn't finish the project yet, but they are still working on it. Actually Neeraj is working on NVDB parser and a plugin for discover web contents for Umit Network Scanner. João Pedro Lemos is working on Umit packing in Fedora and RPM based distros.

Thanks for the guys that make it possible!

Stay tunned!

[1] - http://trac.umitproject.org/wiki/MessageSequenceCharts
[2] - http://trac.umitproject.org/wiki/PacketManipulator
[3] - http://trac.umitproject.org/wiki/AbhiramKasina
[4] - http://trac.umitproject.org/wiki/MaheshPM
[5] - http://svn.umitproject.org/svnroot/umit/branch/MSC
[6] - http://svn.umitproject.org/svnroot/umit/branch/UmitTestSuite

Sunday, November 08, 2009

Google SoC Mentor Summit 2009

Greetings,

We arrived in San Francisco International Airport(SFO) on Wednesday night and almost lost our way to meet each other after our grueling flights. We stayed around the airport for the night and planned for our visit to San Francisco on the next day. We had a blast visiting spots like the Golden Gate Bridge, downtown San Francisco and Fisherman's Wharf.

Finally Friday came and we departed from downtown to Mountain View. We took the BART then exchanged to a Caltrain line which was marred with adventures. We met someone with a GSoC T-Shirt, a Polish guy, Tomasz Kosiak, from Tcl/Tk. The shirt had an aura for the attendees when we met other GSoC folks from Git and Drupal where we boarded the train and talked about the summit and activities to divulge around. The train stopped at Sunny Vale and we took a cab to meet the folks of the open source world!

We met a lot of guys during the dinner and it was a awesome night, with awesome *geek* talks. :)

The Mentor Summit is a two day event over the weekend where every participants are exposed talks and are allowed to propose an hour long talk which would be voted by the masses if its interesting enough to be slotted into the summit. The talks would span throughout the event.

After the breakfast in Googleplex, we went up to the second floor to propose our talk on "Customizing GSoC" which was scheduled it at 4pm on Saturday.

In the summit kickoff talk, we met Fyodor, from the Nmap Project. Right after that, we attended several talks on Security and finer points of the GSoC program where it was highly interactive and enlightening to a point.



We receive a GSoC Mentoring Guide that you can be found there. The guide was done at a blazing speed so good job folks!

Our talk on "Customizing GSoC" was a good hour discussing ways to improve and customize GSoC. It's great to see Ellen Ko sharing our view and she had given a talk about it at the Atlanta Linux Fest. We shared our experiences on Umit SoC and detailed our approach.



Some important points that we'd like share with you guys:

- Create a comprehensive developer guide based with insights from developers and students
- Keep up USoC and improve the best we can
- Open Source rocks!


Cheers,
Luís and Devtar

Sunday, September 13, 2009

Umit Project in BarcampPT

Hi Everybody!

BarCamp[1] is an open event where participants can share some context with others and make social networking. Portuguese guys realized also the event, during this weekend in Coimbra, named BarcampPT[2].

It was a very nice event, beginning with all guys making a shortest personal presentation following the Half-Baked and some talks. And Sunday was a great day with lot of "talks" including the Umit Project presentation [3].



The presentation have a goal: spread Umit Project for audience.

[1] - http://en.wikipedia.org/wiki/BarCamp
[2] - http://www.barcamppt.org
[3] - http://www.slideshare.net/bastiao/umit-presentation

Friday, September 04, 2009

Google Summer of Code 2009 Results

Please, join us congratulating all of our GSoC students for 2009! This year we had 5 students sponsored by Google, and all of them succeeded in their projects this year. Here is a brief description of their projects, and what they had accomplished with Google's stippend.

  1. Quick Scan (Daniel Cassiano) - This project's goal is to offer the fastest way to run scans in the network. To use it, just hit a key stroke, and start typing the scan query and the results will appear on the fly. If you need more details, just open Umit to see it from there.
  2. Zion (João Paulo Medeiros) - Zion is a project that aims discover operating systems (OS fingerprinting) and network security systems through the network using a new methodology created by João Paulo Medeiros.
  3. Bluetooth Sniffer (Shu Yang Quek) - Bluetooth Sniffing capabilities for the masses: the goal is to offer sniffing capabilities through our software using regular buetooth dongles. No special hardware needed.
  4. UMPA Improvements (Bartosz Skowron) - Bartosz came once again this year to improve his project by implementing features like packets receiving capabilities, asynchronous scheduler and template system.
  5. Audits Framework (Francesco Piccinno) - A general framework to create general attacks, with the help of UmitPlugins infrastructure, XML and schema files and Python language. The project also includes a complete set of common attacks, with point and click and pwn semantic.
Congratulations you all for your huge success this year!

We have also some other folks working on our parallel Umit Summer of Code 2009 program, and they're also doing great! Stay tunned for news about them!

Monday, August 24, 2009

Umit Network Scanner 1.0 Release Candidate

I'm pleased to announce that Umit Network Scanner 1.0 Release Candidate is out! This version features a lot of bug fixes reported from the last versions, and some usability improvements. Check our changelog! Special thanks to Luis Bastião, whithout who this version would be postponed a bit more. Download it here!

Friday, August 21, 2009

Py2exe, Python2.6 and Manifest - Error

Hi Guys,

When I was made a package of Umit Network Scanner in Windows there is a problem annoying me and probably will do it with users:

dnet: Failed to open device eth8

This issue is related with Nmap [0] and Umit Network Scanner need to run in administrator mode in Windows Vista and Windows 7 family.

So how you do that?


There is a article in MSDN [1] talking about that issue, then I was thinking to create a manifest file and put it there. And it seems works nice on Windows 7 and Windows Vista, but not in Window XP. There I got something like:


This application has failed to start because MSVCR90.dll was not found


After saw it I thought that it easier to fix and put the missing dll in the folder, but it still doesn't works:


common error: R6034 - "The application has attempted to load the runtime library incorrectly. Contact support for more information"


Finally I went to py2exe website [2] and I checked out some examples to do UAC - User Account Control in svn version of py2exe [3].



app = dict(script="hello.py",
dest_base="require_admin",
uac_info="requireAdministrator")



Easier no? :)

This fix was applied in r5320 [4].



[0] - www.nmap.org
[1] - http://msdn.microsoft.com/en-us/library/bb756929.aspx
[2] - www.py2exe.org
[3] - http://py2exe.svn.sourceforge.net/viewvc/py2exe/trunk/py2exe/py2exe/samples/user_access_control/
[4] - http://trac.umitproject.org/changeset/5320


Cheers!

Monday, July 20, 2009

Umit 1.0 Splash Election Results

We have just conducted a survey to elect our new splash for Umit 1.0, and here is the result! Please, find listed the splashes in descending order. The latter is the winning one. Special thanks to Celso Soares and Thiago de Godoy for designing those awesome splashes!



And the winner that will feature Umit 1.0:

Tuesday, April 28, 2009

Umit Summer of Code 2009

This year we had so many great proposals and highly skilled students that we couldn't accept with our limited slots on Google Summer of Code that we decided to create our own parallel program called Umit Summer of Code.

The goal is to have those great projects and students working with us during this summer to create some high quality open source software.

Benefits

Unfortunatelly, we don't have any budget to afford the same stippend the Google Summer of Code students will receive from Google. But, we can offer a lot of benefits for all of those who wants to volunteers for our Umit Summer of Code.

  • A mentor assigned to conduct and help you throughtout your project. That's the best way to get into Open Source for real, and receive tips and guidelines from folks who already develop successful Open Source software. You're not going to find that experience in any how-to or tutorial in the internet.
  • Your project and your name spreaded along with Umit. Whenever Umit goes, your name and project will go also.
  • Boost your resume. That's something that you can definetly mention in your resume, and will certainly boost it.
  • Experience. You'll get development experience that you'll hardly have somewhere else. You'll face issues on several topics, and will have to provide a high quality software to wide range of users world wide.
  • Google T-Shirt. One of the most important parts ;-). You'll receive a Google T-Shirt after USoC for your participation and success.
  • Certificate. We'll provide you with an official Umit Project participation certificate, which may even include hours if you think that may help you with your university.
  • Credits. We'll mention your work and name along with all announcements we'll do for our sponsored students.
  • Recommendation letter. Through your work, we'll get to know you and we'll certainly be pleased to write you a recomendation letter for whatever purpose you may need. Some students have already benefited from our recomendation letters.
More detail on our program...

Everyone is welcome to participate! We'll be receiving proposals until May 1st.

Monday, April 27, 2009

What's new in upcoming weeks for UMPA?

20th of April Google has announced the accepted students for Google Summer of Code 2009 and I'm proud to say I was accepted again by Umit Project to develop UMPA library.
So be prepare that upcoming weeks will bring some noise and massive commits for UMPA ;-)

Anyway, I would like to share ideas which I'm going to develop during the summer.
There are 4 main features which I would like to hack.

Sniffing

libpcap wrapping

Currently, UMPA doesn't receive packet. It works only in one way (sending). The ideal option to support receiving packets is to use the common library called libpcap. By this, we can use well known format to save and load files with network data. The common and compatible format, allows to reuse files with other applications. To use this library with UMPA, python wrapper is needed. There are several wrappers, like impacket[1], pylibpcap[2] and pypcap[3]. Due to licence incompatiblity or unsupported Windows platform, I would like to use pypcap as a python wrapper for libpcap library. There are still some problems with the wrapper (e.g. function pcap_dispatch() is not supported) but by summing all prons and cons up, this choice fits better our needs than others.

So first, I'm planning to extend pypcap for our needs. I will add pcap_dispatch() functionality and any others if needed. I will test the wrapper against the most common operating systems like GNU/Linux, MS Windows or MacOSX. I have already talked with the main author of pypcap and he agrees this idea and is glad that I would join to pypcap's community.

receiving packets

After preparing and testing pypcap, I'm going to write receiving support for UMPA. It will be done by providing API to functions like available_devices(), receive_one(), receive_loop() and others. I'm going to talk with the author of PacketManipulator about his needs in this scope and to set common API together. Filtering packets will be available too.

Also, I will provide a function for simple action-reaction system (by using pcap_dispatch()). In this system, user could to register callback functions for expected network's frames. Simple scenerio: user send packet A and expect the respond B or C. He registers 2 callbacks for receiving system. And depending which respond will be received (B or C), appropriate function will be called.

Asynchronous Scheduler

UMPA provides an extension called scheduler. It provides functionality to set initial delay for sending packets and interval between sending next frames. This extension in current state is blocking. It means that during a delay or interval time, library freezes process (UMPA uses time.sleep() function). My goal is to write new scheduler which will be non-blocking. Because UMPA is a library, using multiprocessing is improper. Threads are not the best option neither. They would solve some part of problems, like not freezing process, so GUI like PacketManipulator wouldn't be freezed too. On the other hand, new problems will occur with synchronization of threads during receiving packets. To avoid this, I'm going to use asynchronous technique. There are several already done frameworks for this (Twisted[4], asyncore[5] and others). I'm going to use asyncore for several reasons like:

  • it's distributed with Python Standard Library (no additional dependencies)
  • it's very lightweight (minimal additional CPU load)
  • it avoids to write asynchronous scheduler from a scratch (and speeds up developing process)

The only problem is that currently asyncore doesn't support future callbacks. There is an opened ticket for this issue[6] with attached patches and it's going to be commited soon. I'm going to rewrite this patch, to get back-compatibility with older Python's versions than trunk and distribute own version of asyncore with UMPA (with all compatible manner).

After all, UMPA will provide both schedulders, blocking and non-blocking. The reason to keep both is to give users a chance to pick appropriate for own needs (blocking scheduling will provide more friendly environment and its easier to use it for short applications).

Template System

The third feature which I'm going to implement is the template system.

Longterm simulation usecase describes goals of this idea:

User prepares a scenerio of the network simulation. He set rules and behaviours for received packets. UMPA will create new packets on demand and will be able to use information received from the packets to construct suitable packets to send them back. By creating complex scenerio, it's possible to keep UMPA alive for weeks and simulate some hardwares or softwares behaviours.

UMPA will become really powerful tool with this feature. It can be use in many simulation processes by hackers or even scientists (for analyse or provide scientist theories). Template system will be useful also in daily short-term cases. Like for checking stability of the network hardware by administrators. This feature is providing some intelligent for created packets!

Template system will be based on Python files for 2 reasons.

  • it will get some features by low cost (like loops, conditions)
  • user who is using UMPA library knows Python and he doesn't have to learn another (template) language


Additional functions will be provided to get easy way to write templates, especially for long-term cases where using too many conditions may fail (e.g. to generate sequence of packets). To clarify, async scheduler will be strongly integrated part of template system.

Protocol Implementation

I will implement missing protocols like ICMP or ARP. There is few limitation in core of UMPA to implement e.g. ICMP. I will restructure or rewrite part of core code if I would come across any problems during implementation phase.


So, this is how I see it now. Hope to see this (and more) done in August. UMPA would be incredible powerful then.
Check UMPA website for current status!

References
[1] http://oss.coresecurity.com/projects/impacket.html
[2] http://pylibpcap.sourceforge.net
[3] http://code.google.com/p/pypcap/
[4] http://twistedmatrix.com
[5] http://docs.python.org/library/asyncore.html
[6] http://bugs.python.org/issue1641

Monday, April 20, 2009

Summer of Code 2009

I'm pleased to announce the students that are going to work on Umit Project during this Google Summer of Code. This year we received 26 great proposals, but we got only 5 sponsored slots from Google. It was very tough to decide on which projects to sponsor, and we tried to base our decision on what would be the best for the Organization future.

This year, like the past one, we used a selection criteria in which we asked students to accomplish some tasks and interact with community to measure students' responsiveness, dedication, interest, personality and experience.

Although these tasks were important to rank students, we actually use other subjective meanings to decide on who is getting the slot. One of the parameters we use to decide is the proposal's importance for the organization and how we see it fitting on our long term goals, how well structured is the proposal, time the student will have available to dedicate on the project, etc.

Unfortunatelly, we had to let some really nice folks outside this year. We fought really hard to get more slots so we could fit everybody in, but we couldn't get more from Google. We understand that they're doing their best to embrace all the open source community, and we're grateful for whatever we can take.

For all the students we couldn't accept, we sincerely wish that they could stay around and get involved on the project. Although they couldn't get into Summer of Code this year, they can always get into Umit Project, and they will always be welcome to participate and help. By doing this, you'll get a boost in your resume and you'll greatly increase your chances for Summer of Code next year.

Another important detail from this year selection, is that this we had a brave young willing to participate as a volunteer, because he isn't 18 yet and he can't participate officially according to Google's rules. He desires to be subject to the same rules, deadlines and requirements that our sponsored students and he proposed it to be like that since the beginning. That's a wonderful example of dedication and desire to participate. We hope to see more examples like him!

Here follows the list of our selected students:
And our hero:
Please, join us welcoming them! And follow us throughout our Summer of Code on our Blog or Twitter.

Tuesday, April 14, 2009

Umit @ Twitter

We have created a twitter account for The Umit Project. We'll be publishing the lastest minor updates there, while we'll be also posting updates here on the blog as always, although they'll be often more elaborated. Everyone is welcome to follow us there!

Saturday, April 11, 2009

Umit 1.0-BETA2 Release

I'm pleased to announce the release of Umit 1.0-BETA2, featuring a lot of fixes and improvements. Last release was a success, and we integrated a lot of new features that our students have developed during last Summer of Codes. This 1.0 serie is very special, and we recomend everyone to try. If possible, please, report any bug that you may find.

Main changes:
  • We changed documentation [0]. Now, we're using sphinx, and it looks great.
  • Changed our module structure. Now, instead of umitCore and umitGUI we have umit.core and umit.gui . If you've being using our modules, ask for help in our devel mailing list [1] to see the best way to update your code.
  • Fixed an old issue related to .umit configuration files while updating to a new version of Umit. You don't need to care about these files anymore, while updating Umit.
  • Improved our installers.
  • Conducted other fixes reported.
If you're interested in the full change log, please take a look at our new changelog page [2]. Thanks to Guilherme Polo, who developed this changelog solution for us.

If you find any bug, please report it using our Trac[3], or using the bug report tool that comes with Umit, and that you can access in the main interface.

Download the installers, or source packages, here[4].

Special thanks to our dedicated community, which have being working hard on delivering a better Umit (alphabetical order): Bartosz Skowron, Daniel Cassiano, Devtar Singh, Francesco Piccino, Guilherme Polo, João Medeiros, Luís Silva, Rodolfo Carvalho.


Kind Regards,

[0] - Umit's new documentation
[1] - Umit's Development Mailing List
[2] - Changelog Page
[3] - Trac
[4] - Download Page

Thursday, March 19, 2009

Umit Project was accepted for Google Summer of Code 2009

I'm pleased to announce that Umit Project was accepted once again as a mentoring organization at Google Summer of Code 2009!

We invite everyone to participate, and send us a proposal (take a look at our ideas for this year). If you want to know more about the program and how to participate, watch our videos here or ask at GSoC discussion group. If your doubt is Umit related, you reach us at our mailing list or IRC Channel at Freenode.

Saturday, February 14, 2009

Umit 1.0-BETA1 Release

We're pleased to announce another release of our beloved Umit, which now is featuring a whole bunch of new features and tools developed by our dedicated "Summer of Coders".

Here are the new features:

Umit Mapper

Project developed by João Paulo Medeiros, as our Summer of Code student during 2007. It is a great tool that generate a radial map of the network, with hosts and routes.

Umit Plugins

Project developed by Francesco Piccinno, as our Summer of Code student during 2008. It allows you to extend Umit freely. It also comes with some cool plugins, so you can start using them as an example to create your own.

Network Inventory
Project developed by Guilherme Polo, as our Summer of Code student during 2007. It is a great tool to keep track of your hosts inside a network, and keep an eye closely on changes. It becames really easy to detect if a new port has suddenly appeared in your network and becames very handy when that port was openned by a trojan or other harmful software.

Interface Editor
Project developed by Luís Bastião Silva, as our Summer of Code student during 2007. It is handy when you want to customize your Profile Wizard or Profile Editor, adding combinations of nmap options or even adding brand new nmap options that weren't available by the time Umit was released. The great news is that now you can do that graphically without the need of editing any text file by hand or understand complex configurations.

Other important improvements
These improvements were conducted by all our students during 2007 and 2008:
  • Better Profile Editor
  • Profile Manager
  • Easier installation procedures
  • Usability improvements
  • Bugs from older versions fixed
Aside Umit, we are announcing also the release of our other softwares from the Umit Project Organization:

UMPA
Project developed by Bartosz Skowron, as our Summer of Code student during 2008. It is a nice library for packet manipulation written in Python, and can be easily used by any developer willing to create packet manipulation scripts for simple tasks or complex packets for softwares. It has being used to create our Packet Manipulator and has proven to be very hand and powerful.

Umit Packet Manipulator
Project developed by Francesco Piccinno, as our Summer of Code student during 2008. This is our packet manipulation tool, which uses UMPA as backend and offers a very pleasant and usable interface.

Umit Bluetooth Scanner
Project developed by Devtar Singh, as our Summer of Code student during 2008. It is a cool scanning tool for Bluetooth devices, and is very handy for bluetooth related software developers. It is a plataform that we're certainly going to extend to provide more blutooth related features.

Umit Web
Project developed by Rodolfo Carvalho, as our Summer of Code student during 2007 and 2008. It is a web interface reproducing our beloved desktop version of Umit, intended to help network administrators to keep an eye on their networks whenever they're away from it without the need of using any other tool than a regular web browser. Forget about ssh, vpns, etc. Just take you're grand mother's pc with any browser and you're set to see if something is wrong in your network during saturday's lunch at her house.

Downloads: http://www.umitproject.org/?active=download

Google Summer of Code 2009 Videos

We have just released the new videos for Google Summer of Code 2009, which Umit will try to participate once again. The video has the same content as the one for the last year, despite some updates and the new Summer of Code Logo.

Help us spread the word about Google Summer of Code 2009!










If you're missing your language, please help us translate it! It's easy and doesn't take more than 15 minutes. We'll mention your name, and will put the video here and in our web site.