George's status report - #9 of 16

[George Chatzisofroniou <sophron () latthi com>]

Hi everyone,

This is the 9th report for my Google Summer of Code project.

Accomplishments:

* Finished http-useragent-tester. I've experimented with a couple of ideas. I
think this script is ready to be commited. Although, I'm still investigating
some ideas, so there is a posibillity to come back and do some improvements on
the script later.

* Finished http-csrf, a script That detects Cross Site Request Forgeries (CSRF)
vulnerabilities that exist in HTML forms.

* Started http-feed. This script finds rss or atom feeds on a website. A first
version is ready, but i need to do some optimization.

* Started http-errors. This script finds "500" responses. I wrote the first
sample, but i'm looking for ways to extend it. Maybe we can identify the
underneath framework or CMS by studying the error pages.

Priorities:

* Finish http-feed and http-errors.

* Post some stuff to the list for a review and commit other (reviewed) stuff to
the trunk.

* I think NSE lacks of a script that detects blind SQL Injections. I should
code this one.

* There is also the http-framework script that i need to finish.

Note, that i'm going to have some vacation time for the next four days. i'll
able to read any emails, but i won't be on the computer for too long though.

-- 
George Chatzisofroniou
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/