George's status report - #3 of 16

[George Chatzisofroniou <sophron () latthi com>]

Hi everyone,

Another exciting week came to an end and here's my third report.

Accomplishments:

* Made improvements to httpspider library.
  - Added support for protocol-relative URLs.
  - Fixed the structure a bit.
  - Added blacklistforscraping.
  - Started a thread introducing a proposed design.

* Set up a VM for nmap research. This will be used:
  - for setting up simple environments for testing scripts easily.
  - for setting up Patrick's instructions who also has access to the machine.

* Finished http-referer-checker.
  - Used my own blacklistforscraping option.
  - Added better patterns to check if a URL points to a javascript resource.
  - Used a custom iswithinhost function that supports both domains and IPs.
  - Posted it to the list.

* http-stored-xss is almost ready.
  - Script currently identifies output escaping problems in forms.
  - It's easy to add your own vector.

* Had a meeting with Patrick.
  - We mostly discussed more script ideas.

Priorities:

* Make more improvements to httpspider library.
* Finish http-stored-xss.
* Start writing a new script. http-sharedhosting seems to be a good idea. This
script will query Bing search engine ('ip: <host-ipaddr>') to learn if the site
is stored in a shared hosting and will return these shared hosting sites.

I'm also (at last) finishing exams in the next 10 days.

Cheers,

-- 
George Chatzisofroniou
http://sophron.latthi.com

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/