I've been building a modular webapp vulnerability scanner in Ruby and
I'd like some feedback.
I would really appreciate it if you Ruby developers took a look at the
code and try writing a module
to tell me what improvements you'd like to see in the API etc.
In all honesty, I started developing it to learn Ruby so the code could
be better.
There's virtually no documentation besides the doc-comments in the code
so if you need any clarification on anything
please do ask so I can compile a FAQ.
Trac wiki, you'll find the requirements etc:
https://sourceforge.net/apps/trac/arachni/wiki
TODO list, contains the already implemented features and what I'd like
to add in the near future:
https://sourceforge.net/apps/trac/arachni/browser/trunk/TODO
A simple RFI tutorial module:
https://sourceforge.net/apps/trac/arachni/browser/trunk/modules/simple_r
fi.rb
A module for shell command injection using the absolute minimum:
https://sourceforge.net/apps/trac/arachni/browser/trunk/modules/simple_c
md_exec.rb
Modules for XSS, SQL injection etc can be just as simple as the shell
cmd one and can be written in a matter of minutes if not seconds.
However, module writers have a lot more to work with than what I
presented in these 2 example modules,
in case they need to write more complex modules that requires access to
the HTTP session, the full HTML response etc.
So if you have any questions about what's available ask me or take a
look at the inheritance hierarchy.
I'd also appreciate feature requests and improvements especially if you
use Trac's ticket system to report them.
I know I'm probably asking for a lot but the project is starting to look
like it could turn into be something solid.
Thanks for your time guys,
Tasos L.
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
I've been building a modular webapp vulnerability scanner in Ruby and
I'd like some feedback.
I would really appreciate it if you Ruby developers took a look at the
code and try writing a module
to tell me what improvements you'd like to see in the API etc.
In all honesty, I started developing it to learn Ruby so the code could
be better.
There's virtually no documentation besides the doc-comments in the code
so if you need any clarification on anything
please do ask so I can compile a FAQ.
Trac wiki, you'll find the requirements etc:
https://sourceforge.net/apps/trac/arachni/wiki
TODO list, contains the already implemented features and what I'd like
to add in the near future:
https://sourceforge.net/apps/trac/arachni/browser/trunk/TODO
A simple RFI tutorial module:
https://sourceforge.net/apps/trac/arachni/browser/trunk/modules/simple_r
fi.rb
A module for shell command injection using the absolute minimum:
https://sourceforge.net/apps/trac/arachni/browser/trunk/modules/simple_c
md_exec.rb
Modules for XSS, SQL injection etc can be just as simple as the shell
cmd one and can be written in a matter of minutes if not seconds.
However, module writers have a lot more to work with than what I
presented in these 2 example modules,
in case they need to write more complex modules that requires access to
the HTTP session, the full HTML response etc.
So if you have any questions about what's available ask me or take a
look at the inheritance hierarchy.
I'd also appreciate feature requests and improvements especially if you
use Trac's ticket system to report them.
I know I'm probably asking for a lot but the project is starting to look
like it could turn into be something solid.
Thanks for your time guys,
Tasos L.
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
[ reply ]