Hi, On Sat, Mar 28, 2009 at 4:03 AM, João <[email protected]> wrote:
> Hey there everyone, > > My name is João and I'm also a GSoC 2009 aspirant. In 2008 I've helped > OSSIM Project in Google Summer of Code and, this year, I'm interested > in a idea I had that I think would be nice for Umit. > The idea is developing a Web app scanner. Before scanning a host and > finding a web server running on it, it would be very interesting that > you could have a way to discover which applications are running in > this web server. I mean, we could scan for installations of wordpress, > php-myadmin, wikis, web-repos, webmin, OSSIM server, webmail services, > and many other applications. There is also the possibility of using > dns tools to discover which domains are assigned to the address and > try to identificate which are the services running on these domains. > We can also implement a common dir scanner, like trying to find > addresses like 'www.domain.com/admin', 'www.domain.com/adm', > 'www.domain.com/config', and many others very usual paths. Another > issue would be trying to search through virtual domains, like > 'admin.domain.com', 'mail.domain.com', 'phpmyadmin.domain.com'... and, > again, many others. Do you know about UmitWeb? It's a graphical front-end like umit and may be your application could be an extension. UmitWeb is able to make a scan several levels like Umit. So if your back-end know what service the host are running could be more fast to find application services no? :) > > > Before performing the full web app scanning, we could use the results > and search for matchs on a vulnerability database, such as the one > suggest in the idea's list. I think it is also possible to develop > both ideas (the web app scanner and vuln database) as one GSoC > project. Mainly because the first idea would be very useful if the > second one was running. Sounds good. Are you talking like GHDB and others vulnerabilities database right? > > I am a little experienced with network and program security. In 2008 > I've reported OSSIM about a critical vulnerability on its server (a > persistent xss that could lead to user inclusion). I am also > experienced with web development and I have some skills with web > pentesting. I would be very glad if I could help you guys. > > I really would appreciate some feedback. My irc nick is lvwr. > cheers, > João > > -- > > lvwr > blog.livewire.com.br > > > ------------------------------------------------------------------------------ > _______________________________________________ > Umit-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/umit-devel > Best Regards, -- Luís A. Bastião Silva
------------------------------------------------------------------------------
_______________________________________________ Umit-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/umit-devel
