On Sat, Mar 28, 2009 at 2:20 AM, Adriano Marques <[email protected]> wrote: > Hello João, > Hi Adriano, thanks for the feedback!
> Thanks for your interest on Umit! > >> The idea is developing a Web app scanner. Before scanning a host and >> finding a web server running on it, it would be very interesting that >> you could have a way to discover which applications are running in >> this web server. I mean, we could scan for installations of wordpress, >> php-myadmin, wikis, web-repos, webmin, OSSIM server, webmail services, >> and many other applications. There is also the possibility of using >> dns tools to discover which domains are assigned to the address and >> try to identificate which are the services running on these domains. >> We can also implement a common dir scanner, like trying to find >> addresses like 'www.domain.com/admin', 'www.domain.com/adm', >> 'www.domain.com/config', and many others very usual paths. Another >> issue would be trying to search through virtual domains, like >> 'admin.domain.com', 'mail.domain.com', 'phpmyadmin.domain.com'... and, >> again, many others. > > It looks a good idea. The only problem I see is that it would take a > long time to scan all these possibilities. How do you intend to do > that? And for trying the dns, what do you intend to use to keep > portability? > I'm pretty sure about time issues. Perform tests on a big host is a test that takes time. The first obvious idea is to use parallel operations. We can perform a number of tests simultaneously and, since getting a response from the server takes some time, it won't be a problem having some threads to do the job. There are also some things we can do, like developing smart tests, that can change itself dinamically depending on the results that it already get... I mean, there is no use to search for directories of a webapp if the webapp is not running on the server. Another good idea I just had would be developing distributed tests... Have you ever think about including this functionality to Umit? I honestly think that including it to the web app scanner may turn the gsoc project too huge... but it could be a good feature that could be exploited not only by the app scanner. (maybe I can submit another proposal about it... lol :) About the DNS, I'm not pretty sure. Maybe twisted can give us some functionalities, and if it is not enough, we can extend it to deal with our needs. The second idea is a little bit uncertain yet, but maybe we could use a Nmap nse script. Anyway, its something that I need to research more for better efficiency. >> Before performing the full web app scanning, we could use the results >> and search for matchs on a vulnerability database, such as the one >> suggest in the idea's list. I think it is also possible to develop >> both ideas (the web app scanner and vuln database) as one GSoC >> project. Mainly because the first idea would be very useful if the >> second one was running. > > In this case, do you intend to take both ideas, or you intend to take > only the first one and expect another student to develop the second > and then integrate with it? I think that taking both ideas won't be a problem since we focus on having a simple web app scanner before the GSoC deadline. Of course that we can extend the scanner after GSoC ending, and, since I'm going to use it daily, I'll be very interested in doing it. If we do like this, the goal will be having a working web app scanner, that is able to crawl files, search for domains, try to find hidden subdomains and paths, identify data input points, a small set of exploiting tests (such as sql injections) and being able to search the vuln databases looking for possible secuity breaches. Having the above structure is the hardest part, since it consists on the core of the application. Extending it later won't be a problem, since it's going to be developed with this goal... I mean, the app will be written to work with sets of data and tests always that it is possible, these sets will be easy to increment. These datasets can be on external files, that can be easily changed. The GUI itself can help us increasing some data sets, like including new paths to test, for example. Another thing that wasn't on the previous e-mail is the reports. The web app scanner needs to create good reports. The web app should output a lot of information to files (maybe xml files), and it can be parsed to generate good reports. The idea of having html allows the user to change the reports... like click to minimize not interesting information, click for including more information (like the requests and responses that leaded to the event discovered), etc. Of course it all will need the use of some javascript wizardry. But the idea is creating some really good, beautiful, interactive and easy to read reports. > >> I am a little experienced with network and program security. In 2008 >> I've reported OSSIM about a critical vulnerability on its server (a >> persistent xss that could lead to user inclusion). I am also >> experienced with web development and I have some skills with web >> pentesting. I would be very glad if I could help you guys. > > You certainly can! You just need to create a detailed proposal about > your idea and how you intend to tackle all the development challenges > and submit it through Google's subscription system. This is the only > way to get into GSoC. ;) > I'm sure about it. I'm just interested in getting some feedback about the idea first. This way I can improve my proposal. If anyone have any another appointment, it would be of great help! Cheers, João > > Cheers! > > -- > Adriano Monteiro Marques > > http://adriano-marques.blogspot.com > http://www.umitproject.org > http://www.pythonbenelux.org > > "Don't stay in bed, unless you can make money in bed." - George Burns > ------------------------------------------------------------------------------ _______________________________________________ Umit-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/umit-devel
