Nmap Development mailing list archives
[GSOC 2015] Web Scanning Specialist
From: Gyanendra Mishra <anomaly.the () gmail com>
Date: Sat, 7 Mar 2015 19:33:49 +0530
Hi, I have introduced myself here before but I want to introduce myself again. My name is Gyanendra Mishra and I am an undergraduate student in the Department of Computer Science in the Birla Institute of Technology and Science Pilani, Pilani, India. I have programming experience in Lua (NSE), Python (Scripting/Scraping/Automation), Java (OOP and GUI), C/C++ (mainly for competitive programming). I have recently started contributing to open source projects. I am very interested in being the part of the Nmap GSOC 2015 team as a 'Web Scanning Specialist'. This is the first time I will be participating in the Google Summer of Code. I like the security field and would like to see myself as a permanent contributor to Nmap. I believe any person contributing to NSE should have a goal to beat Patrik Karlsson's record (both libraries and scripts) ;). Apart from contributing code post GSOC I would like to help in increasing the size of the community by actively helping new contributors and encouraging them to contribute. I have a few script ideas : ->http-devframework: Currently the script has around 13 fingerprints to use in the data file. I plan on rewriting the script from scratch to use[1] which has support for countless different frameworks. Currently OWASP uses this here [2]. ->http-joomla-enum: We have a http-wordpress-enum script. Joomla is also similarly easy for extension/template enumeration. The only annoying thing is how they organize their code and how they name their extensions. They organize their extensions in to Component(comp), Module(mod), Plugins(plugin) and installations hold them in directories like /site/modules/mod_acymailing/. ->http-mirror : I had posted a rough version of http-mirror here[3]. The script needs some work for Windows and OSX support among other things mentioned in the ToDo list in the script. ->http-phpBB-enum: phpBB is the largest used forum software on the web and it is open for extension/style and modification enumeration. All styles have style.cfg in their root directory and all extensions are installed as ext/<author>/<extension_name>. ->Enumeration and Brute force scripts for other popular CMSs available. ->http-seo-analysis: A simple script that gets you SEO data for a webpage. Similar to the extension posted here [4]. Will not be a default script as it has some scraping involved which may slow down a scan. ->http-lang-enum: A script to enumerate what all languages a webpage is available in. Some pages have espanol.example.com for their spanish version while others have example.com/?locale=in. Or other similar patterns could be used to check if the response is 200 or 404. I believe there will be a few big full disclosures during the summer of which I plan on adding detection/exploitation scripts. I havent really made a timeline yet. If time permits I can work on a some CVEs that might have been missed but are useful. I hope to have more ideas(hopefully exploitatiive) by the application period and would love to hear your input regarding the same. I can also work on http and other scripts listed here[5]. I liked the http parser and xml parser idea. Having not worked on a parser before I would require some time and reading to implement the same. I was thinking of putting a second proposal for the parser but I had my doubts after reading more about building parsers and I am much more confident about writing web scripts. I was wondering if we could modify different HTML/XML parsers available in lua[6][7] and bring them upto NSE standards with proper permissions of course. In my experience of writing scripts I felt that an HTML/XML parser would be really useful. One of the mini tasks that I could do would be to port one of these lua based parsers to Nmap and upgrade different scripts/libraries to use the same. I have had some experience writing NSE scripts which I have listed here: ->Merging http-wordpress-themes and http-wordpress-plugins[8] ->Added theme checking to http-drupal-modules [9] ->Modified http-grep to include built in patterns and multiple pattern search.[10] ->Made a rough http-mirror script[3] has some limitations. ->http-tumblr-info: Throws stats about tumblr pages.[11] ->http-awstats-stats: A script that looks for open awstats folders in root directory. ->microsoft-version-table:A library file[13] that does whatever is listed here[14]. Apart from this I have also contributed the Hindi(mother tongue) translation of Zenmap. I am really enthusiastic and excited about this summer and would love to be a part of Nmaps team for Google Summer of Code and beyond. Having a mentor would really help me develop as a programmer. I have written a lot for now! I should have added a tl;dr ;). I would appreciate some comments :). Gyanendra [1] https://github.com/AliasIO/Wappalyzer/blob/master/src/apps.json [2] https://code.google.com/p/zap-extensions/wiki/AddOn_techDetection [3] http://seclists.org/nmap-dev/2015/q1/246 [4] https://chrome.google.com/webstore/detail/website-and-seo-analysis/ajkomeiemllejmopbbjjngpmmikfedad?hl=en [5] https://secwiki.org/w/Nmap/Script_Ideas [6] https://github.com/wscherphof/lua-htmlparser [7] https://matthewwild.co.uk/projects/luaexpat/ [8] http://seclists.org/nmap-dev/2015/q1/155 [9] http://seclists.org/nmap-dev/2015/q1/223 [10] http://seclists.org/nmap-dev/2015/q1/166 [11] http://seclists.org/nmap-dev/2015/q1/248 [12] http://seclists.org/nmap-dev/2015/q1/274 [13] http://seclists.org/nmap-dev/2015/q1/107 [14] https://secwiki.org/w/Nmap/Script_Ideas#Microsoft_Version_Table
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [GSOC 2015] Web Scanning Specialist Gyanendra Mishra (Mar 07)