mailing list archives
George's status report - #7 of 16
From: George Chatzisofroniou <sophron () latthi com>
Date: Tue, 23 Jul 2013 00:49:02 +0300
This week i was mostly working on some new script ideas.
* Finished http-mobileversion-checker.nse. This script sets an Android
User-Agent header and checks if the website will redirect to a mobile-version of
* Finished http-useragent-tester.nse. This script sets various User-Agent
headers that are used by different ultities and crawling libraries (for example
CURL or wget) to check if these are allowed. Using the option 'useragents' you
can add your own User-Agent headers.
* Almost finished http-dombased-xss.nse. DOM-based XSS occur in client-side
* Started http-csrf.nse. CSRF is a very common vulnerability that tricks the
victim into loading a page that contains a malicious request. This script will
try to detect them by checking each link and form if they contain an
unpredictable token for each user. Without one an attacker may forge malicious
* Commited the following to the trunk: http-xssed.nse, an upgraded version of
httpspider library, http-referer-checker.nse and a couple of bug fixes.
* Do some final improvements to mobileversion-checker and useragent-tester and
post them to the list.
* Finish dombased-xss and http-csrf and post them to the list.
* Write new scripts. I'm thinking of http-framework-detector that will try to
detect some common frameworks (like Django or RoR) or tor-checker that will ask
a Tor directory authority and check if target is listed as a Tor node and if it
is, it will return all the information about this relay.
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/
- George's status report - #7 of 16 George Chatzisofroniou (Jul 22)