List of project ideas for contributors applying to the Google Summer of Code program in 2023.
Please always refer to the official timeline.
Please always refer to the main page of this repository
You can also propose your own.
Mentors: Matteo Lodi, Daniele Rosetti, Simone Berni, Aditya Narayan Sinha
Project URL: IntelOwl
Project hours: 175
Skills required: Docker, Python (Django), JavaScript (React.js), Object-Oriented Programming
Difficulty: Medium
Description:
Right now there are 3 possible types of plugins in IntelOwl: “Analyzers”, “Connectors” and “Playbooks”.
This project aims to add 2 new plugin types to the already existing ones in IntelOwl:
- The “Scanner” type would be a subtype of the “analyzers” ones with special configuration. In that way, IntelOwl could be used not only for classic data enrichment with external services but as either a vulnerability scanner or a scraper too.
- The “Ingestor” type would be a completely new type of plugin which would work as an input for IntelOwl. In that way, IntelOwl could retrieve observables and files to analyze from an external service.
Like we have similarly done with other GSoC projects in the past that added new plugin types, we expect the contributor to add the most important new scanners/ingestors (like this) to IntelOwl once he finishes building the framework to provide a base of tools which can be used by the users.
The candidate would have the chance to touch the core parts of the application. Because of this, the ideal candidate for this project is someone who is familiar with how the Plugins Framework works and understands completely how the application leverages it.
Mentors: Matteo Lodi, Daniele Rosetti, Simone Berni, Aditya Narayan Sinha
Project URL: IntelOwl
Project hours: 175
Skills required: Docker, Python (Django), JavaScript (React.js), Object-Oriented Programming
Difficulty: Hard
Description:
Last GSoC we implemented the “Playbook” plugin type. Playbooks are designed to be easy to share sequence of running Analyzers/Connectors on a particular kind of observable. Those are the base to the creation of a new, and more complex framework of analysis that we could call “Investigations framework”. In a nutshell, Investigations are built on top of Playbooks and are thought to be customizable workflows of them. Some discussions here and here could clarify the intention.
This candidate would have the chance to create a complete new framework from scratch, based on the already existing IntelOwl’s features. Because of this, the ideal candidate for this project is someone who knows very well how the overall application works. This project is highly experimental so a strong critical spirit and adaptability are required.
Mentors: Matteo Lodi, Daniele Rosetti, Simone Berni, Aditya Narayan Sinha
Project URL: IntelOwl, pyintelowl, GreedyBear and IntelOwl site
Project hours: 175
Skills required: Docker, Python (Django), JavaScript (React.js), Object-Oriented Programming
Difficulty: Low/Medium
Description:
This project focuses on adding common features available in classic web applications regarding the management of the authentication and sessions. Password reset/change and 2FA are some examples. Others can be proposed by the candidate.
To make the project more complete, we would like the contributor to also take charge of several little stagnant issues in the most important projects (IntelOwl, pyintelowl and GreedyBear) and to solve them, like a classic maintainer would do. During the last year a lot of possible new analyzers and GUI adjustments have been proposed: those are a perfect example of an issue to be solved.
The candidate would have the chance to touch several different parts of the application. Because of this, the ideal candidate for this project is someone who is strongly familiar with IntelOwl codebase.
Mentors: Federico Foschini
Project URL: BuffaLogs
Project hours: 175
Skills required: Docker, Python (Django), Javascript, Object-Oriented Programming
Difficulty: Medium
Description: This new project is a full feature system that lets user ingest login data from various sources(IE: ssh, nginx, azure, etc.) and through a number of correlation rules it generates alerts when a suspicious login is seen. At the moment the project implements all the basic features like user and alerts visualization, a simple dashboard and correlation rules.
During the GSoC period the candidate should work on the following items:
- Settings and configuration page: this feature will allow fine tuning and configuration of the platform
- Alert outputs: implement mail, slack and other integration to allow alerts to be forwarded to other systems
- New log source types: test the project on logs from new sources and write the documentation to allow easy configuration of these sources
- Improve dashboards by showing additional data
The candidate will work on every part of the application, the code base is not very complex but a good knowledge of Django and some javascript for the web interface is strongly recommended.
Mentors: YuShaing Dang, ShengFeng Lu, KunYu Chen
Project URL: Quark Engine
Project hours: 175
Skills required: Python, Object-Oriented Programming
Difficulty: Low/Medium
Description:
Last year, Quark Engine shifted its goal from malware detection to vulnerability digging. The project has proposed Quark scripts to detect CWEs (Common Weakness Enumeration). We now have scripts to detect 15 CWEs on Android binaries. And we’d like to grow this number.
The candidate is required to have clear and critical thinking. Fully understand the definition of the CWEs and develop the detection logic of the CWEs with the Quark Script APIs.
The candidate needs to understand a little about the codebase of Quark Engine since we may need to develop new APIs for the other CWEs.
Mentors: YuShaing Dang, ShengFeng Lu, KunYu Chen
Project URL: Quark Engine
Project hours: 175
Skills required: Python, Object-Oriented Programming
Difficulty: Low/Medium
Description:
Last year, Quark Engine shifted its goal from malware detection to vulnerability digging. The project has proposed Quark scripts to detect CWEs (Common Weakness Enumeration). We now have scripts to detect 15 CWEs on Android binaries. However, there is more than just one way to detect a particular CWE.
So, the candidate is required to have clear and critical thinking. Fully understand the definition of the CWEs and develop new detection logic of the CWEs. Making the better versatility of the scripts.
The candidate needs to understand a little about the codebase of Quark Engine since we may need to develop new APIs for the other CWEs.
Please note: if the potential contributor would like to invest more time, he can propose a 350 hours project composed of 2 projects requirements together!
More generally, the required project hours can be changed at the time of the proposal, based on the actual proposal size, in accordance with the mentors.