Nmap Development mailing list archives
Web App Scanner - GSoC 2009
From: João <3rd.box () gmail com>
Date: Sat, 28 Mar 2009 02:15:17 -0300
Hey there everyone, My name is João and I'm also a GSoC 2009 aspirant. In 2008 I've helped OSSIM Project in Google Summer of Code and, this year, I'm interested in a idea I had that I think would be nice. I've already sent this idea to umit's dev mail list. The idea is developing a Web app scanner. Before scanning a host and finding a web server running on it, it would be very interesting that you could have a way to discover which applications are running in this web server. I mean, we could scan for installations of wordpress, php-myadmin, wikis, web-repos, webmin, OSSIM server, webmail services, and many other applications. There is also the possibility of using dns tools to discover which domains are assigned to the address and try to identificate which are the services running on these domains. We can also implement a common dir scanner, like trying to find addresses like 'www.domain.com/admin', 'www.domain.com/adm', 'www.domain.com/config', and many others very usual paths. Another issue would be trying to search through virtual domains, like 'admin.domain.com', 'mail.domain.com', 'phpmyadmin.domain.com'... and, again, many others. After performing the full web app scanning, we could use the results and search for matchs on a vulnerability database. I think that the integration of both ideas (the web app scanner and vuln database) could be developed as one GSoC project. I am a little experienced with network and program security. In 2008 I've reported OSSIM about a critical vulnerability on its server (a persistent xss that could lead to user inclusion). I am also experienced with web development and I have some skills with web pentesting. I would be very glad if I could help you guys. I really would appreciate some feedback. My irc nick is lvwr. cheers, João -- lvwr blog.livewire.com.br _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Web App Scanner - GSoC 2009 João (Mar 27)
- Re: Web App Scanner - GSoC 2009 Patrick Donnelly (Mar 27)
- Re: Web App Scanner - GSoC 2009 Fyodor (Mar 29)
- Re: Web App Scanner - GSoC 2009 João (Mar 31)
- <Possible follow-ups>
- Re: Web App Scanner - GSoC 2009 Rob Nicholls (Mar 28)
- Re: Web App Scanner - GSoC 2009 João (Mar 28)
- Re: Web App Scanner - GSoC 2009 Fyodor (Mar 30)