George's status report - #8 of 16

[George Chatzisofroniou <sophron () latthi com>]

Hello everyone.

We are right in the middle of GSoC and here's my 8th report.

Accomplishments:

* Posted http-useragent-tester to this list and did some improvements based on
  the feedback i got. There are some things i need to do, to commit this script to
  the trunk.

* Finished http-dombased-xss.nse.
    * Added more patterns.
    * Fixed some mistakes.
    * Wrote documentation, comments, debug msgs.
    * Posted it to the list.

* Finished http-mobileversion-checker.
    * Added a feature that checks if the mobile version lies on the same host.
    * Wrote documentation, comments, debug msgs.
    * Posted it to the list.

* Improved http-csrf.nse.
    * Made a good working version.
    * I had to tackle a bug in parse_form function in http library to make
      this work properly.

* Wrote some code that checks if a site is build with Django framework. I'm
  still thinking if this script should be more generic and performs tests for
  other frameworks as well.

* Commited whois scripts and nnposter's patches to the trunk.

* Came up with new ideas.
  - I found out that my idea about tor-checker is implemented in
    dns-blacklist.nse.
  - Patrick mentioned an idea of a script that checks for common vhosts. I don't
    think that a script currently tells that.

Priorities:

* Finish http-useragent-tester.

* Finish http-csrf and post it to the list.

* See what to do with my Django code.

* Write new scripts. Maybe i should improve the SQL injection area of NSE next.

-- 
George Chatzisofroniou
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/