Web Application Security
Back to list
Need a little feedback for a vulnerability scanner I'm developing
Jul 11 2010 03:50PM
Tasos Laskos (tasos laskos gmail com)
I've been building a modular webapp vulnerability scanner in Ruby and
I'd like some feedback.
I would really appreciate it if you Ruby developers took a look at the
code and try writing a module
to tell me what improvements you'd like to see in the API etc.
In all honesty, I started developing it to learn Ruby so the code could
There's virtually no documentation besides the doc-comments in the code
so if you need any clarification on anything
please do ask so I can compile a FAQ.
Trac wiki, you'll find the requirements etc:
TODO list, contains the already implemented features and what I'd like
to add in the near future:
A simple RFI tutorial module:
A module for shell command injection using the absolute minimum:
Modules for XSS, SQL injection etc can be just as simple as the shell
cmd one and can be written in a matter of minutes if not seconds.
However, module writers have a lot more to work with than what I
presented in these 2 example modules,
in case they need to write more complex modules that requires access to
the HTTP session, the full HTML response etc.
So if you have any questions about what's available ask me or take a
look at the inheritance hierarchy.
I'd also appreciate feature requests and improvements especially if you
use Trac's ticket system to report them.
I know I'm probably asking for a lot but the project is starting to look
like it could turn into be something solid.
Thanks for your time guys,
This list is sponsored by Cenzic
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
[ reply ]
Copyright 2010, SecurityFocus