Nmap Development mailing list archives
Re: [GSoC 2015] Ideas, thoughts
From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 6 Mar 2015 22:43:58 -0600
s0h3ck, On Fri, Mar 6, 2015 at 4:29 PM, s0h3ck . <s0h3ck () gmail com> wrote:
Dear mentors and Nmap's team, I wonder if a tool who is able to tell you how many XML or HTML elements are in a specific chosen web page could be interesting in Nmap's team? In fact, this tool would be able to describe the hierarchy of the website (DOM) by default. Then, with arguments supplied by the user, we could know how many hidden elements are on the specific web page. For instance, some websites has hidden input and he could be useful to know how many are hidden on the website. Another amazing example could be to detect if your web page implements news feature added from W3C. Furthermore, this tool would have the ability to research a specific element by following the search item as the first argument and specify additional arguments like the minimum or the maximum elements before the script stops looking into the source page and return results. The tool could be able to compare how many counted element between website and another. In that way, it can be a great opportunity to detect XSS, SQL and more. What are your thoughts ?
We have had a potential project [1] to add an XML parser to NSE for several years now. This would be a great enabler not only for web-type tasks like you're mentioning, but also as a driver for lots of XML-based protocols: XMLRPC, SOAP, BGPmon, etc. We have more thoughts on this and the related task of HTML parsing on our Script Ideas wiki page [2].
Next, couple of questions : 1. Does Nmap has a terminal tutorial like vimtutor (Vim) ? If no, does Nmap's team would be interest in it as part of the work in GSoC (for maybe one or two week) ?
We don't have such a tutorial, though we do have lots of great, readable documentation available. I think that some sort of usability analysis for each of our tools would be an interesting project, and could contribute a lot to ease of use.
2. Does Nmap needs more french translations? (I can give a boost maybe for this summer ;))
We will never turn down a chance to improve our translations in every language. Our Zenmap translation is current as of November 2014, so that's pretty good, but our French man page has only had a couple minor corrections since 2007! We generally don't have students doing translation work for GSOC directly, but helping with translations beforehand can be a good way to learn more about Nmap itself and interact with the community.
3. In the proposal, do you recommend to write both the real name and the pseudo or only the real name ?
In the proposal template (forgive me for not having a link at the moment) we ask for your name (real name) and any instant messenger names and protocols you wish to use. If you have a handle that you use around the Net, we'd like to know, but that's up to you. Real name is required, though. 4. Where is the sql-injection.html ?
http://nmap.org/nsedoc/scripts/sql-injection.html Broken link : http://nmap.org/soc/#nsescripts
Thanks for pointing this out! I fixed this and 2 other broken links on that page due to script renaming. The one you asked about is: http://nmap.org/nsedoc/scripts/http-sql-injection.html Dan [1] https://secwiki.org/w/GSoC_community_ideas#XML_parser_for_NSE [2] https://secwiki.org/w/Nmap/Script_Ideas#XML_and_HTML_parsing
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [GSoC 2015] Ideas, thoughts s0h3ck . (Mar 06)
- Re: [GSoC 2015] Ideas, thoughts Daniel Miller (Mar 06)