Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort - w3af integration to find malware in websites

From: Andres Riancho <andres.riancho () gmail com>
Date: Sat, 5 Oct 2013 17:50:45 -0300
List,

    Let me introduce myself, my name is Andres Riancho and I'm the
w3af [0] project leader. w3af is an open source web application
security scanner, and I was thinking about integrating a small subset
of snort rules into it.

    The idea is rather simple, parse the rules which identify
botnets/malware in http response bodies and apply them to each http
response that w3af gets from the target site while it's crawling it.
If a match is found, report a vulnerability to the user; that
vulnerability will contain all the information (URLs, fix, more info,
etc.) provided by the snort rule.

    My questions to the snort community are:
        * What do you think about the idea?
        * Do you expect this to trigger lots of false positives? How
could I reduce them?
        * w3af is GPLv2.0, can I bundle the snort rules with it?
        * Is there any well tested snort rule parser written in python?
        * Any similar project you want me to look into?

    Thanks!

[0] http://w3af.org/

Regards,
-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: