Hi Andres,
i try to search backend malware scanner but i didnt find that you mean,
can you help URL for that?
Regards,
Andri
From: Andres Riancho <andres.rian...@gmail.com>
To: Andri Herumurti <vynx_1...@yahoo.com>; "w3af-develop@lists.sourceforge.net"
<W3af-develop@lists.sourceforge.net>
Sent: Sunday, May 5, 2013 8:43 PM
Subject: Re: [W3af-develop] W3af pass file to anti malware
Andri,
On Sun, May 5, 2013 at 12:33 AM, Andri Herumurti <vynx_1...@yahoo.com> wrote:
> Hi Andres,
Please reply to all, keep the w3af-develop in the loop!
> Thanks,
> Do you have developer guide to create plugin for w3af ?
>
> Maybe you have some that you not share public also ok if you dont mind :)
No, sorry, don't have a guide for that yet, but if you want to create
a grep plugin you can just copy+paste from:
https://github.com/andresriancho/w3af/blob/master/plugins/grep/cross_domain_js.py
https://github.com/andresriancho/w3af/blob/master/plugins/grep/private_ip.py
https://github.com/andresriancho/w3af/blob/master/plugins/grep/xss_protection_header.py
If you create this plugin, please use a "backend malware scanner"
which is open source, freely available, well supported and GPLv2
license compatible.
Regards,
> Regards
> Andri
>
> On 5 Mei 2013, at 09:53, Andres Riancho <andres.rian...@gmail.com> wrote:
>
>> Andri,
>>
>> On Sat, May 4, 2013 at 8:29 PM, Andri Herumurti <vynx_1...@yahoo.com> wrote:
>>> Hi Andres,
>>>
>>> It would be a great feature.
>>> Since it also can make integration with other solutions,
>>> Anyway may i know estimation when you will implement it?
>>
>> Any day between tomorrow and 2057 :) It is not something I'm
>> particularly interested in, so... I can't promise anything. What I can
>> promise you is that if you work on it and send me a pull-request [0]
>> I'll review it in less than three working days :)
>>
>> [0] https://github.com/andresriancho/w3af/wiki/Contributing-101
>>
>> Regards,
>>
>>> Regards
>>> Andri
>>>
>>> On 5 Mei 2013, at 00:26, Andres Riancho <andres.rian...@gmail.com> wrote:
>>>
>>>> Andri,
>>>>
>>>> On Sat, May 4, 2013 at 10:47 AM, Andri Herumurti <vynx_1...@yahoo.com>
>>>> wrote:
>>>>> Dear all,
>>>>>
>>>>> It is possible to pass file that currently scanning by w3af to anti
>>>>> malware/anti virus to scan ?
>>>>> Since currently there is some file like java that content
>>>>> malware/infected.
>>>>
>>>> 100% possible, but it hasn't been implemented yet (at least not
>>>> that I know of). I would do it in a grep plugin.
>>>>
>>>> The problem I see here is that the antivirus/malware scan would
>>>> take some time to run, potentially slowing down (in a noticeable way)
>>>> the whole scan. There are ways to get around that, like for example
>>>> only analyzing http responses which are of a certain mime type, or
>>>> reading the file's magic using [0]
>>>>
>>>> [0] http://en.wikipedia.org/wiki/File_(command)#Libmagic_library
>>>>
>>>>> Regards
>>>>> Andri
>>>>> ------------------------------------------------------------------------------
>>>>> Get 100% visibility into Java/.NET code with AppDynamics Lite
>>>>> It's a free troubleshooting tool designed for production
>>>>> Get down to code-level detail for bottlenecks, with <2% overhead.
>>>>> Download for free and get started troubleshooting in minutes.
>>>>> http://p.sf.net/sfu/appdyn_d2d_ap2
>>>>> _______________________________________________
>>>>> W3af-develop mailing list
>>>>> W3af-develop@lists.sourceforge.net
>>>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>>>>
>>>>
>>>>
>>>> --
>>>> Andrés Riancho
>>>> Project Leader at w3af - http://w3af.org/
>>>> Web Application Attack and Audit Framework
>>>> Twitter: @w3af
>>>> GPG: 0x93C344F3
>>
>>
>>
>> --
>> Andrés Riancho
>> Project Leader at w3af - http://w3af.org/
>> Web Application Attack and Audit Framework
>> Twitter: @w3af
>> GPG: 0x93C344F3
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite
It's a free troubleshooting tool designed for production
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
