Nmap Development mailing list archives
George's status report - #3 of 16
From: George Chatzisofroniou <sophron () latthi com>
Date: Tue, 25 Jun 2013 02:52:10 +0300
Hi everyone, Another exciting week came to an end and here's my third report. Accomplishments: * Made improvements to httpspider library. - Added support for protocol-relative URLs. - Fixed the structure a bit. - Added blacklistforscraping. - Started a thread introducing a proposed design. * Set up a VM for nmap research. This will be used: - for setting up simple environments for testing scripts easily. - for setting up Patrick's instructions who also has access to the machine. * Finished http-referer-checker. - Used my own blacklistforscraping option. - Added better patterns to check if a URL points to a javascript resource. - Used a custom iswithinhost function that supports both domains and IPs. - Posted it to the list. * http-stored-xss is almost ready. - Script currently identifies output escaping problems in forms. - It's easy to add your own vector. * Had a meeting with Patrick. - We mostly discussed more script ideas. Priorities: * Make more improvements to httpspider library. * Finish http-stored-xss. * Start writing a new script. http-sharedhosting seems to be a good idea. This script will query Bing search engine ('ip: <host-ipaddr>') to learn if the site is stored in a shared hosting and will return these shared hosting sites. I'm also (at last) finishing exams in the next 10 days. Cheers, -- George Chatzisofroniou http://sophron.latthi.com
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- George's status report - #3 of 16 George Chatzisofroniou (Jun 24)
- Re: George's status report - #3 of 16 David Fifield (Jun 26)
- Re: George's status report - #3 of 16 George Chatzisofroniou (Jun 26)
- Re: George's status report - #3 of 16 David Fifield (Jun 26)