On Sat, Mar 28, 2009 at 4:27 PM, Luis A. Bastiao Silva <[email protected]> wrote: > Hi, > > On Sat, Mar 28, 2009 at 4:03 AM, João <[email protected]> wrote: >> >> Hey there everyone, >> >> My name is João and I'm also a GSoC 2009 aspirant. In 2008 I've helped >> OSSIM Project in Google Summer of Code and, this year, I'm interested >> in a idea I had that I think would be nice for Umit. >> >> The idea is developing a Web app scanner. Before scanning a host and >> finding a web server running on it, it would be very interesting that >> you could have a way to discover which applications are running in >> this web server. I mean, we could scan for installations of wordpress, >> php-myadmin, wikis, web-repos, webmin, OSSIM server, webmail services, >> and many other applications. There is also the possibility of using >> dns tools to discover which domains are assigned to the address and >> try to identificate which are the services running on these domains. >> We can also implement a common dir scanner, like trying to find >> addresses like 'www.domain.com/admin', 'www.domain.com/adm', >> 'www.domain.com/config', and many others very usual paths. Another >> issue would be trying to search through virtual domains, like >> 'admin.domain.com', 'mail.domain.com', 'phpmyadmin.domain.com'... and, >> again, many others. > > Do you know about UmitWeb? > It's a graphical front-end like umit and may be your application could be an > extension. > I've heard about UmitWeb, but unlike the Umit I've never tested it. Could you explain me why the application would better fit as a umitweb extension?
> UmitWeb is able to make a scan several levels like Umit. > So if your back-end know what service the host are running could be more > fast to find application services no? :) > Yes, I think so. >> >> Before performing the full web app scanning, we could use the results >> and search for matchs on a vulnerability database, such as the one >> suggest in the idea's list. I think it is also possible to develop >> both ideas (the web app scanner and vuln database) as one GSoC >> project. Mainly because the first idea would be very useful if the >> second one was running. > > > Sounds good. Are you talking like GHDB and others vulnerabilities database > right? > The Umit idea's page have a suggestion for developing a vuln db system, that could give umit the ability to detect exploitable services. If we can identify an old version of Wordpress, for example, we can search the database looking for possible exploits for that version. The idea suggests the use of OSVDB I didn't think exactly about GHDB, but maybe it can also be included. If we create our own vulndb, we can turn Umit into a exploiting framework also, since we can explicitly create payloads and methods of attacking in a database. (maybe another idea for GSoC proposals! =). >> >> I am a little experienced with network and program security. In 2008 >> I've reported OSSIM about a critical vulnerability on its server (a >> persistent xss that could lead to user inclusion). I am also >> experienced with web development and I have some skills with web >> pentesting. I would be very glad if I could help you guys. >> >> I really would appreciate some feedback. My irc nick is lvwr. >> >> cheers, >> João >> >> -- >> >> lvwr >> blog.livewire.com.br >> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> Umit-devel mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/umit-devel > > > Best Regards, > -- > Luís A. Bastião Silva > > Thanks for the feedback Luís, I've seen that you are always online on IRC. If you want to chat about anything, my nick is lvwr (I'm always online, but not always in front of the computer...) Cheers! João -- lvwr blog.livewire.com.br ------------------------------------------------------------------------------ _______________________________________________ Umit-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/umit-devel
