Nmap Development mailing list archives
George's status report - #7 of 16
From: George Chatzisofroniou <sophron () latthi com>
Date: Tue, 23 Jul 2013 00:49:02 +0300
Hi everyone, This week i was mostly working on some new script ideas. Accomplishments: * Finished http-mobileversion-checker.nse. This script sets an Android User-Agent header and checks if the website will redirect to a mobile-version of the app. * Finished http-useragent-tester.nse. This script sets various User-Agent headers that are used by different ultities and crawling libraries (for example CURL or wget) to check if these are allowed. Using the option 'useragents' you can add your own User-Agent headers. * Almost finished http-dombased-xss.nse. DOM-based XSS occur in client-side JavaScript and this script tries to detect them by using some patterns. * Started http-csrf.nse. CSRF is a very common vulnerability that tricks the victim into loading a page that contains a malicious request. This script will try to detect them by checking each link and form if they contain an unpredictable token for each user. Without one an attacker may forge malicious requests. * Commited the following to the trunk: http-xssed.nse, an upgraded version of httpspider library, http-referer-checker.nse and a couple of bug fixes. Priorities: * Do some final improvements to mobileversion-checker and useragent-tester and post them to the list. * Finish dombased-xss and http-csrf and post them to the list. * Write new scripts. I'm thinking of http-framework-detector that will try to detect some common frameworks (like Django or RoR) or tor-checker that will ask a Tor directory authority and check if target is listed as a Tor node and if it is, it will return all the information about this relay. -- George Chatzisofroniou _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- George's status report - #7 of 16 George Chatzisofroniou (Jul 22)