Nmap Development mailing list archives
[GSoC] Candidate on NSE Script Development and my first scripts
From: George Chatzisofroniou <sophron () latthi com>
Date: Sun, 28 Apr 2013 18:57:43 +0300
Hello Nmap Developers, My name is George Chatzisofroniou and i'm 21 years old. I am an undergraduate student in the department of computer science at the University of Piraeus (Greece) where i also work as a system administrator for the last two years. I'm very interested on joining the Nmap development team starting by GSoC 2013. This is actually the second time i'm participating in GSoC. Last year i developed a metrics module for GNU/Mailman. This year i hope to join a community that focus on infosec which is my primary area of interest. Nmap is one of my favorite tools that seems to have a good basic architecture while the details are still evolving and ofcourse a great community -- a perfect choice for GSoC. While reading through the ideas in the wiki, the "Web Scanning Specialist" looks very interesting. To get my hands dirty early, i started hacking on NSE and i developed my first two scripts: * http-fileupload-exploiter [1]. This ideas is mentioned on the wiki. In total, this script performs 45 upload requests to progressively exploit the fileupload mechanism. * http-comments-displayer [2]. This script extracts and outputs HTML/JS comments from HTTP responses. Now, I noticed that the "high-priority" section on NSE script ideas contains 3 interesting HTTP scripts: * XML and HTML parsing. I think we could analyze the XML file into nested tables using patterns. I've seen some implementations, like this one [3] that look interesting. I'm wondering if it makes sense to build this library in C++ for efficiency or just stick to LUA for consistency. * http-mirror. As mentioned, to make this possible we need a wrapper to perform the system call and create the directory for the mirrored site. * http-nikto-fingerprints. Nikto's database is in CSV format, so we could use some ready implementations like this one for its parsing [4]. Some more ideas: * http-csrf. This will try to generate a CSRF PoC but i'm not sure if there is a simple way to test the effectiveness of the generated PoC. * http-referer-checker. This will inform about cross-domain include of scripts. This could work either by checking the Accept-header */* where target domain differs from referer domain, or simply by checking all links in the HTTP response. * http-session-analyzer. This will test the randomness of session tokens. We could implement FIPS 140-2 the same way Burp Sequencer does or find a wrapper that performs tests on random values. * http-brute-phpsessid. This will perform a session hijacking by brute forcing the PHP session ID in applications that use the native PHP Session mechanism [5]. * Right now http-sql-injection uses the most basic form of SQL injection. I think we need to perform more advanced techniques like blind injections or stacked queries probably in standalone scripts. * There is only one XSS script right now (http-phpself-xss). We need some scripts to perform different kind of XSS, like stored, reflected or DOM-based. That's all for now. I would appreciate any comments, [1]: https://github.com/sophron/nmap-nse-scripts/blob/master/scripts/http-fileupload-exploiter.nse [2]: https://github.com/sophron/nmap-nse-scripts/blob/master/scripts/http-comments-displayer.nse [3]: https://github.com/Cluain/Lua-Simple-XML-Parser [4]: http://lua-users.org/lists/lua-l/2009-08/msg00012.html [5]: http://berlin.ccc.de/~andreas/php-entropy-advisory.txt -- George Chatzisofroniou http://sophron.latthi.com
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [GSoC] Candidate on NSE Script Development and my first scripts George Chatzisofroniou (Apr 28)
- Re: [GSoC] Candidate on NSE Script Development and my first scripts David Fifield (Apr 30)
- Re: [GSoC] Candidate on NSE Script Development and my first scripts George Chatzisofroniou (Apr 30)
- Re: [GSoC] Candidate on NSE Script Development and my first scripts David Fifield (Apr 30)
- Re: [GSoC] Candidate on NSE Script Development and my first scripts George Chatzisofroniou (Apr 30)
- Re: [GSoC] Candidate on NSE Script Development and my first scripts David Fifield (Apr 30)