WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Need a little feedback for a vulnerability scanner I'm developing

From: Tasos Laskos <tasos.laskos () gmail com>
Date: Sun, 11 Jul 2010 18:50:51 +0300
Hi guys,
I've been building a modular webapp vulnerability scanner in Ruby and I'd like some feedback.
I would really appreciate it if you Ruby developers took a look at the code and try writing a module 
to tell me what improvements you'd like to see in the API etc.
In all honesty, I started developing it to learn Ruby so the code could be better. There's virtually no documentation besides the doc-comments in the code so if you need any clarification on anything 
please do ask so I can compile a FAQ.

Trac wiki, you'll find the requirements etc:
https://sourceforge.net/apps/trac/arachni/wiki
TODO list, contains the already implemented features and what I'd like to add in the near future: 
https://sourceforge.net/apps/trac/arachni/browser/trunk/TODO

A simple RFI tutorial module:
https://sourceforge.net/apps/trac/arachni/browser/trunk/modules/simple_rfi.rb

A module for shell command injection using the absolute minimum:
https://sourceforge.net/apps/trac/arachni/browser/trunk/modules/simple_cmd_exec.rb
Modules for XSS, SQL injection etc can be just as simple as the shell cmd one and can be written in a matter of minutes if not seconds.
However, module writers have a lot more to work with than what I presented in these 2 example modules, in case they need to write more complex modules that requires access to the HTTP session, the full HTML response etc.
So if you have any questions about what's available ask me or take a look at the inheritance hierarchy.
I'd also appreciate feature requests and improvements especially if you use Trac's ticket system to report them.
I know I'm probably asking for a lot but the project is starting to look like it could turn into be something solid. 

Thanks for your time guys,
Tasos L.



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus 
--------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: