George's status report - #2 of 16

[George Chatzisofroniou <sophron () latthi com>]

Hi,

Here's the report for this week.

Accomplishments:

* Switched to nmap's SVN repo and created my private branch.

* Improvements on my HTTP scripts
  http-fileupload-expoiter
    - Emailed the script to the list. 
    - Commited it to the trunk.
  http-comments-displayer
    - Added the pathname for the file with the comments and 
      the line number in the output.
    - Renamed the 'extend' argument to 'context'.
    - Emailed the script to the list.
    - Commited it to the trunk.
  http-referer-checker.nse
    - This informs about cross-domain include of scripts. 
      First version is ready and seems to work good.
 
* To make http-referer-checker work properly i had to improve 
  httpspider library.
    - I added the capability of handling protocol-relative 
      URLs.
    - Added a 'scrapejsfiles' parameter. Scraping JS files is 
      complicated and most of the times it will extract the 
      wrong links. This is by default enabled, but if you turn 
      this off, the crawler won't scrape any JS files (it will 
      return JS files though).

* Started designing http-stored-xss. This script will POST 
  specially crafted strings to every form it encounters and 
  then it will spider through the website searching for those 
  strings.

Priorities:

* Fix mistakes and make improvements on my http-referer-checker.

* Improve httpspider library.

* Finish a first version of http-stored-xss.

-- 
George Chatzisofroniou
http://sophron.latthi.com

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/