Hello João, Thanks for your interest on Umit!
> The idea is developing a Web app scanner. Before scanning a host and > finding a web server running on it, it would be very interesting that > you could have a way to discover which applications are running in > this web server. I mean, we could scan for installations of wordpress, > php-myadmin, wikis, web-repos, webmin, OSSIM server, webmail services, > and many other applications. There is also the possibility of using > dns tools to discover which domains are assigned to the address and > try to identificate which are the services running on these domains. > We can also implement a common dir scanner, like trying to find > addresses like 'www.domain.com/admin', 'www.domain.com/adm', > 'www.domain.com/config', and many others very usual paths. Another > issue would be trying to search through virtual domains, like > 'admin.domain.com', 'mail.domain.com', 'phpmyadmin.domain.com'... and, > again, many others. It looks a good idea. The only problem I see is that it would take a long time to scan all these possibilities. How do you intend to do that? And for trying the dns, what do you intend to use to keep portability? > Before performing the full web app scanning, we could use the results > and search for matchs on a vulnerability database, such as the one > suggest in the idea's list. I think it is also possible to develop > both ideas (the web app scanner and vuln database) as one GSoC > project. Mainly because the first idea would be very useful if the > second one was running. In this case, do you intend to take both ideas, or you intend to take only the first one and expect another student to develop the second and then integrate with it? > I am a little experienced with network and program security. In 2008 > I've reported OSSIM about a critical vulnerability on its server (a > persistent xss that could lead to user inclusion). I am also > experienced with web development and I have some skills with web > pentesting. I would be very glad if I could help you guys. You certainly can! You just need to create a detailed proposal about your idea and how you intend to tackle all the development challenges and submit it through Google's subscription system. This is the only way to get into GSoC. ;) Cheers! -- Adriano Monteiro Marques http://adriano-marques.blogspot.com http://www.umitproject.org http://www.pythonbenelux.org "Don't stay in bed, unless you can make money in bed." - George Burns ------------------------------------------------------------------------------ _______________________________________________ Umit-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/umit-devel
