Hello Microsofties!

[Dave Aitel <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So as a side project I'm doing something weirder than usual: C#. Well,
it doesn't have to be C#. Ideally it'd be IronPython - but it's CLR
which means the underlying language is essentially C# no matter what
your syntax looks like.

Here's where we're coming from over at Immunity. It's great to have a
penetration testing tool. Everyone loves a nice GUI popping up shells.
But, in fact, for some large percentage of our customers you're really
only using that tool in order to fit it into your internal business
processes which Immunity typically knows nothing about. While we have
a number of people writing exploits using the CANVAS Python API, it's
not necessarily the way everyone wants to extend CANVAS. For example,
for unknown reasons, not everyone knows Python!

So instead we have an XML-RPC API. Ideally every network attack tool
would have the same XML-RPC API so you could talk to them all with the
same client code, but that might be asking a lot in the short run.

In the meantime, you have a ton of people using Visio with their
network diagrams, and I want to give them a way to connect to CANVAS's
running on those subnets and do cool things. Imagine if you could just
right click a Visio picture and say "What OS is this really?" or "Is
this machine patched for MS08_067?" or "Color all the MS machines on
this network red, and the Linux ones Blue" or "Tell me which machines
are on this network" or "Portscan these and tell me which ones are
IIS". Really, the possibilities are endless when it comes to business
logic automation.

Essentially, a web application these days is just one instance of
something consuming your XML-RPC API. Everyone else can build their
own web mashups, or even thick clients based on their own business
tools. Welcome to Web 2.0! :>

Anyways, my question is: Who has done something like this with Visio?
What do you recommend - and where is the IRC channel for quick help
with the Visio API? :>

- -dave

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJfxkAtehAhL0gheoRAovYAJ0SUGxwYx2Ar+qoPeVyvaXx7Bfg+gCfVOii
7m/4FA8nFor060vtlPeZxnY=
=DtNJ
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave