w3af-develop

[W3af-develop] new plugin - favicon identification implementation

[Vlatko K. <ko...@li...>]

Here's patch(against SVN trunk of w3af) for new plugin to perform 
favicon identification.

In order to learn more about it to, refer to:
http://kost.com.hr/favicon.phpiimplement mplement
http://www.owasp.org/index.php/Category:OWASP_Favicon_Database_Project

Kost

Re: [W3af-develop] new plugin - favicon identification implementation

[Andres R. <and...@gm...>]

Kost,

On Fri, Oct 16, 2009 at 7:05 AM, Vlatko Kosturjak <ko...@li...> wrote:
> Here's patch(against SVN trunk of w3af) for new plugin to perform favicon
> identification.

    I love this plugin! I loved the idea when you told me about it in
France, and I love it much more now that I see how simple the code is.
These are the things I modified in the plugin before commiting it to
the trunk:

- There were lines with tab indentation instead of the PEP-8
recommended 4-space indentation. I changed them.

- Moved the "self._exec = False" to the top of the plugin, mostly
because I don't want it to run many times if there is some problem
with the plugin. For example, if for some reason the md5 file is not
found, the original "self._exec = False" would never be executed, and
the plugin would run many times.

- Changed the reporting a little bit. Now an information object is
only saved to the kb if the favicon.ico is actually identified.

- Removed the unused "self._fuzzableRequests = []" and "dirs = []"

- I added a test script named
"scripts/script-favicon_identification.w3af" that helps test the
plugin you created by running "./w3af_console -s
scripts/script-favicon_identification.w3af"

To sum up, I did nothing and you did a great job ;) If you perform a
"svn up" of w3af's trunk, you'll find your plugin there.

> In order to learn more about it to, refer to:
> http://kost.com.hr/favicon.phpiimplement mplement
> http://www.owasp.org/index.php/Category:OWASP_Favicon_Database_Project

    I see that you guys are trying to expand this database by running
"Internet wide" scans. I have a server that could be used for this
purpose, if you send me a couple of commands that you need me to run,
I'll be more than happy to run them and then send you the response.
Maybe you could assign me the address range for Argentina, Chile,
Uruguay, Bolivia and Paraguay, and I would the results back to you?

    Thank you for supporting w3af, and other open source projects like
openvas and nessus!

Cheers,

> Kost
>



-- 
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/

Re: [W3af-develop] new plugin - favicon identification implementation

[Vlatko K. <ko...@li...>]

Andres Riancho wrote:
>     I love this plugin! I loved the idea when you told me about it in
> France, and I love it much more now that I see how simple the code is.

Thanks, it was great to meet you at Besancon.

> These are the things I modified in the plugin before commiting it to
> the trunk:
> - There were lines with tab indentation instead of the PEP-8
> recommended 4-space indentation. I changed them.

OK. Now, I know what you prefer for patches.

> - Changed the reporting a little bit. Now an information object is
> only saved to the kb if the favicon.ico is actually identified.

I had different idea. Usually, assessor/tester of the target site should 
be aware if there's favicon there. Maybe we could not identify it 
automatically, but assessor could see that there is favicon.ico, so he 
can see it visually and get some clue about the website/CMS/... As it 
tests for 404, it will display only existing favicon.ico.
Also, it would ease the contribution of MD5 back to the project...
It's my point of view which could be wrong...

> - Removed the unused "self._fuzzableRequests = []" and "dirs = []"

There's few things to implement in future versions. First of all, 
support for different dirs. i.e. on single web site, there could be 
different software versions, e.g.:
http://website/phpbb
http://website/drupal
So, it would be good to have it run after the crawler, so it can 
identify different versions. Here I would need your help. Also,
it would be good to implement parsing of <link rel icon> tag, so plugin 
can identify favicon.ico in not-usual locations...

> - I added a test script named
> "scripts/script-favicon_identification.w3af" that helps test the
> plugin you created by running "./w3af_console -s
> scripts/script-favicon_identification.w3af"

Just checked it and i'm sending patch to fix it as it has some leftovers.

> To sum up, I did nothing and you did a great job ;) If you perform a
> "svn up" of w3af's trunk, you'll find your plugin there.

Thanks. I plan and hope I will contribute more (plugins & code).

>> In order to learn more about it to, refer to:
>> http://kost.com.hr/favicon.phpiimplement mplement

My error, link should be: http://kost.com.hr/favicon.php

>     I see that you guys are trying to expand this database by running
> "Internet wide" scans. I have a server that could be used for this
> purpose, if you send me a couple of commands that you need me to run,
> I'll be more than happy to run them and then send you the response.
> Maybe you could assign me the address range for Argentina, Chile,
> Uruguay, Bolivia and Paraguay, and I would the results back to you?

Sure. As I have donated all my work to OWASP and we're just building  it 
as OWASP project, feel free to join the mailing list at:
https://lists.owasp.org/mailman/listinfo/owasp-favicon-database

Current process of crawling is described here:
http://www.owasp.org/index.php/OWASP_favicon_database_crawl
...and scripts can be downloaded here:
http://kost.com.hr/favicon.php

Although, I'm not sure that we can separate it per country (in terms of 
nmap -iR), but any idea on performing the internet wide survey is welcomed!

>     Thank you for supporting w3af, and other open source projects like
> openvas and nessus!

You're welcome. As we talk about OpenVAS, maybe it's good time and place 
to ask about it. My plan is to write OpenVAS NVT (NASL) script which 
would run w3af automatically if http(s) port(s) is found (similar to 
nikto NASL plugin). I think this mailing list is best place (and you 
Andres) to ask what is the best command line for w3af for automatic 
vulnerability discovery? i.e. so NASL can launch w3af and parse the 
results and report it through standard OpenVAS reporting mechanism. Any 
help would be appreciated.

Also if you (or anyone else) have some ideas about other OpenVAS<=>w3af 
cooperation/partnership, let me know!

Kost

Re: [W3af-develop] new plugin - favicon identification implementation

[Ulises2k <uli...@gm...>]

Hi Vlatko & Andres,

I would like to contribute with a MD5

phpMyAdmin-3.2.2.1

d037ef2f629a22ddadcf438e6be7a325  favicon.ico

I am sure more people could colaborate to increasing the MD5 database


   Thank you for supporting w3af, and other open source projects like
>> openvas and nessus!
>>
>
> You're welcome. As we talk about OpenVAS, maybe it's good time and place to
> ask about it. My plan is to write OpenVAS NVT (NASL) script which would run
> w3af automatically if http(s) port(s) is found (similar to nikto NASL
> plugin). I think this mailing list is best place (and you Andres) to ask
> what is the best command line for w3af for automatic vulnerability
> discovery? i.e. so NASL can launch w3af and parse the results and report it
> through standard OpenVAS reporting mechanism. Any help would be appreciated.
>
> Great Idea!


-- 
--
Ulises U. Cuñé
Web: http://www.ulises2k.com.ar

Re: [W3af-develop] new plugin - favicon identification implementation

[Andres R. <and...@gm...>]

Ulises,

On Fri, Oct 16, 2009 at 1:39 PM, Ulises2k <uli...@gm...> wrote:
> Hi Vlatko & Andres,
>
> I would like to contribute with a MD5
>
> phpMyAdmin-3.2.2.1
>
> d037ef2f629a22ddadcf438e6be7a325  favicon.ico
>
> I am sure more people could colaborate to increasing the MD5 database

Just added this to the DB, thanks!

>
>>>    Thank you for supporting w3af, and other open source projects like
>>> openvas and nessus!
>>
>> You're welcome. As we talk about OpenVAS, maybe it's good time and place
>> to ask about it. My plan is to write OpenVAS NVT (NASL) script which would
>> run w3af automatically if http(s) port(s) is found (similar to nikto NASL
>> plugin). I think this mailing list is best place (and you Andres) to ask
>> what is the best command line for w3af for automatic vulnerability
>> discovery? i.e. so NASL can launch w3af and parse the results and report it
>> through standard OpenVAS reporting mechanism. Any help would be appreciated.
>>
> Great Idea!
>
>
> --
> --
> Ulises U. Cuñé
> Web: http://www.ulises2k.com.ar
>



-- 
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/

[W3af-develop] OpenVAS + w3af

[Vlatko K. <ko...@li...>]

>     You're welcome. As we talk about OpenVAS, maybe it's good time and
>     place to ask about it. My plan is to write OpenVAS NVT (NASL) script
>     which would run w3af automatically if http(s) port(s) is found
>     (similar to nikto NASL plugin). I think this mailing list is best
>     place (and you Andres) to ask what is the best command line for w3af
>     for automatic vulnerability discovery? i.e. so NASL can launch w3af
>     and parse the results and report it through standard OpenVAS
>     reporting mechanism. Any help would be appreciated.
> Great Idea!

Here's the experimental NVT on OpenVAS SVN trunk:
http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/remote-web-w3af.nasl?root=openvas&view=log

Also, it seems that output console cannot be used as w3af (using 
termios) is spitting lot of errors when using NASL pread:
[ Sun Oct 18 22:39:43 2009 - console ] termios error: (25, 
'Inappropriate ioctl for device')
[ Sun Oct 18 22:39:43 2009 - console ]
[ Sun Oct 18 22:39:43 2009 - console ] termios error: (25, 
'Inappropriate ioctl for device')

So, I'm using textFile...

Let me know if you have any comments!

Kost

Re: [W3af-develop] OpenVAS + w3af

[Andres R. <and...@gm...>]

Kost,

On Sun, Oct 18, 2009 at 5:42 PM, Vlatko Kosturjak <ko...@li...> wrote:
>>    You're welcome. As we talk about OpenVAS, maybe it's good time and
>>    place to ask about it. My plan is to write OpenVAS NVT (NASL) script
>>    which would run w3af automatically if http(s) port(s) is found
>>    (similar to nikto NASL plugin). I think this mailing list is best
>>    place (and you Andres) to ask what is the best command line for w3af
>>    for automatic vulnerability discovery? i.e. so NASL can launch w3af
>>    and parse the results and report it through standard OpenVAS
>>    reporting mechanism. Any help would be appreciated.
>> Great Idea!
>
> Here's the experimental NVT on OpenVAS SVN trunk:
> http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/remote-web-w3af.nasl?root=openvas&view=log
>
> Also, it seems that output console cannot be used as w3af (using termios) is
> spitting lot of errors when using NASL pread:
> [ Sun Oct 18 22:39:43 2009 - console ] termios error: (25, 'Inappropriate
> ioctl for device')
> [ Sun Oct 18 22:39:43 2009 - console ]
> [ Sun Oct 18 22:39:43 2009 - console ] termios error: (25, 'Inappropriate
> ioctl for device')
>
> So, I'm using textFile...

Yes, I don't think that termios is going to allow you to do that. You
better use an output file.

> Let me know if you have any comments!

Comments:

- In a section of the code it reads: "See the preferences section for
w3af options.", what are those options? How could I read them?

-  "script_require_ports("Services/www", 80);", actually, w3af can
launch a scan on any port that has an HTTP daemon. I don't really know
if this situation is covered by these other lines or not:

"""
port = get_kb_item("Services/www");
if (! port) port = 80;
if (! get_port_state(port)) exit(0);

encaps = get_port_transport(port);
if (encaps > 1) httprefix="https://";
else httprefix="http://";

httpver = get_kb_item("http/"+port);
if (httpver == "11") {
	httparg=get_host_name();
} else {
	httparg=get_host_ip();
}
"""

- Even with the modifications I've been working on, w3af tends to be
time consuming. Maybe users want to be able to set for how much time
w3af is going to run inside openvas? Could this be done here "r =
pread(cmd: cmdw3af, argv: argv, cd: 1);
if (! r) exit(0);" ?

I think that adding w3af to openvas is a good idea, it will give you
guys some advantages over nessus, and on the other side, w3af will be
more widespread. The only problem I see is that openvas users could be
inclined to think that running w3af inside openvas is "100% accurate",
which is not, because openvas will only be able to show some of w3af's
settings, features, etc.

Cheers,

> Kost
>



-- 
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/

Re: [W3af-develop] OpenVAS + w3af

[Vlatko K. <ko...@li...>]

Andres Riancho wrote:
> - In a section of the code it reads: "See the preferences section for
> w3af options.", what are those options? How could I read them?

Currently, you can only set profile (it's full_audit by default) and 
verboseness is automatically set if you set verbose globally in OpenVAS. 
I hope to implement much more features/options...
If you think some feature should be immediately implemented, feel free 
to suggest :)

> -  "script_require_ports("Services/www", 80);", actually, w3af can
> launch a scan on any port that has an HTTP daemon. I don't really know
> if this situation is covered by these other lines or not:

Services/www means: any web server found (regardless of http/https).
80 means as fallback, if port 80 is open...

> - Even with the modifications I've been working on, w3af tends to be
> time consuming. Maybe users want to be able to set for how much time
> w3af is going to run inside openvas? Could this be done here "r =

It should work through script_timeout()...

> I think that adding w3af to openvas is a good idea, it will give you
> guys some advantages over nessus, and on the other side, w3af will be
> more widespread. The only problem I see is that openvas users could be
> inclined to think that running w3af inside openvas is "100% accurate",
> which is not, because openvas will only be able to show some of w3af's
> settings, features, etc.

Anyway, people using automatic scanners should be aware that the scanner 
is only there to help... We can put some kind of disclaimer if you think 
will help (in description of plugin or/and report).

i.e.

"...See the preferences section for w3af options.
Note that OpenVAS is using limited set of w3af options.
Therefore, for more complete web assessment, you should
use standalone w3af tool for deeper/customized checks."

Kost

Re: [W3af-develop] OpenVAS + w3af

[Andres R. <and...@gm...>]

Kost,

On Sun, Oct 18, 2009 at 7:08 PM, Vlatko Kosturjak <ko...@li...> wrote:
> Andres Riancho wrote:
>>
>> - In a section of the code it reads: "See the preferences section for
>> w3af options.", what are those options? How could I read them?
>
> Currently, you can only set profile (it's full_audit by default) and
> verboseness is automatically set if you set verbose globally in OpenVAS. I
> hope to implement much more features/options...
> If you think some feature should be immediately implemented, feel free to
> suggest :)

hmmm, if the script_timeout variable is set to something reasonable,
then for now I do not have any other options.

>> -  "script_require_ports("Services/www", 80);", actually, w3af can
>> launch a scan on any port that has an HTTP daemon. I don't really know
>> if this situation is covered by these other lines or not:
>
> Services/www means: any web server found (regardless of http/https).
> 80 means as fallback, if port 80 is open...

Ok, nice.

>> - Even with the modifications I've been working on, w3af tends to be
>> time consuming. Maybe users want to be able to set for how much time
>> w3af is going to run inside openvas? Could this be done here "r =
>
> It should work through script_timeout()...

Nice, I'm starting to like openvas even more ;)

>> I think that adding w3af to openvas is a good idea, it will give you
>> guys some advantages over nessus, and on the other side, w3af will be
>> more widespread. The only problem I see is that openvas users could be
>> inclined to think that running w3af inside openvas is "100% accurate",
>> which is not, because openvas will only be able to show some of w3af's
>> settings, features, etc.
>
> Anyway, people using automatic scanners should be aware that the scanner is
> only there to help... We can put some kind of disclaimer if you think will
> help (in description of plugin or/and report).

Yes, I would appreciate that.

Cheers,

> i.e.
>
> "...See the preferences section for w3af options.
> Note that OpenVAS is using limited set of w3af options.
> Therefore, for more complete web assessment, you should
> use standalone w3af tool for deeper/customized checks."
>
> Kost
>



-- 
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/

Re: [W3af-develop] OpenVAS + w3af

[Vlatko K. <ko...@li...>]

Andres Riancho wrote:
>>> - In a section of the code it reads: "See the preferences section for
>>> w3af options.", what are those options? How could I read them?
>> Currently, you can only set profile (it's full_audit by default) and
>> verboseness is automatically set if you set verbose globally in OpenVAS. I
>> hope to implement much more features/options...
>> If you think some feature should be immediately implemented, feel free to
>> suggest :)
> hmmm, if the script_timeout variable is set to something reasonable,
> then for now I do not have any other options.

There is "thorough scan" option in OpenVAS which could run w3af in 
full_audit mode without timeouts set. As I don't like timeouts in sense 
of time. Is there any "sane" default for normal scan in terms of items 
scanned or something like that which you would recommend? i.e. scanning 
only 3 levels deep on web servers, scanning only first 1000 URls found 
or something like that?

>>> -  "script_require_ports("Services/www", 80);", actually, w3af can
>>> launch a scan on any port that has an HTTP daemon. I don't really know
>>> if this situation is covered by these other lines or not:
>> Services/www means: any web server found (regardless of http/https).
>> 80 means as fallback, if port 80 is open...
> Ok, nice.
> Nice, I'm starting to like openvas even more ;)

Nice thing is that actually, the script will run itself on all www ports 
itself without any additional logic (i.e. if web ports are found on port 
80,443,8080 and 8000 = the script would run on all of them). That 
reminded me to fix the bug in filename generation - Thanks! :-)

>>> I think that adding w3af to openvas is a good idea, it will give you
>>> guys some advantages over nessus, and on the other side, w3af will be
>>> more widespread. The only problem I see is that openvas users could be
>>> inclined to think that running w3af inside openvas is "100% accurate",
>>> which is not, because openvas will only be able to show some of w3af's
>>> settings, features, etc.
>> Anyway, people using automatic scanners should be aware that the scanner is
>> only there to help... We can put some kind of disclaimer if you think will
>> help (in description of plugin or/and report).
> Yes, I would appreciate that.

Done.

Kost

Re: [W3af-develop] OpenVAS + w3af

[Andres R. <and...@gm...>]

Kost,

On Sun, Oct 18, 2009 at 8:24 PM, Vlatko Kosturjak <ko...@li...> wrote:
> Andres Riancho wrote:
>>>>
>>>> - In a section of the code it reads: "See the preferences section for
>>>> w3af options.", what are those options? How could I read them?
>>>
>>> Currently, you can only set profile (it's full_audit by default) and
>>> verboseness is automatically set if you set verbose globally in OpenVAS.
>>> I
>>> hope to implement much more features/options...
>>> If you think some feature should be immediately implemented, feel free to
>>> suggest :)
>>
>> hmmm, if the script_timeout variable is set to something reasonable,
>> then for now I do not have any other options.
>
> There is "thorough scan" option in OpenVAS which could run w3af in
> full_audit mode without timeouts set. As I don't like timeouts in sense of
> time. Is there any "sane" default for normal scan in terms of items scanned
> or something like that which you would recommend? i.e. scanning only 3
> levels deep on web servers, scanning only first 1000 URls found or something
> like that?

In the misc-settings section you have the "maxDiscoveryLoops" and
"maxDepth" variables, which you could tweak in order to have shorter
scans.


>>>> -  "script_require_ports("Services/www", 80);", actually, w3af can
>>>> launch a scan on any port that has an HTTP daemon. I don't really know
>>>> if this situation is covered by these other lines or not:
>>>
>>> Services/www means: any web server found (regardless of http/https).
>>> 80 means as fallback, if port 80 is open...
>>
>> Ok, nice.
>> Nice, I'm starting to like openvas even more ;)
>
> Nice thing is that actually, the script will run itself on all www ports
> itself without any additional logic (i.e. if web ports are found on port
> 80,443,8080 and 8000 = the script would run on all of them). That reminded
> me to fix the bug in filename generation - Thanks! :-)
>
>>>> I think that adding w3af to openvas is a good idea, it will give you
>>>> guys some advantages over nessus, and on the other side, w3af will be
>>>> more widespread. The only problem I see is that openvas users could be
>>>> inclined to think that running w3af inside openvas is "100% accurate",
>>>> which is not, because openvas will only be able to show some of w3af's
>>>> settings, features, etc.
>>>
>>> Anyway, people using automatic scanners should be aware that the scanner
>>> is
>>> only there to help... We can put some kind of disclaimer if you think
>>> will
>>> help (in description of plugin or/and report).
>>
>> Yes, I would appreciate that.
>
> Done.
>
> Kost
>



-- 
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/

Re: [W3af-develop] new plugin - favicon identification implementation

[Raul S. <rau...@gm...>]

Vlakto,
Have you checked the Nikto db_favicon file? It contains a few fingerprints.
Get first auth. from the Nikto project.

Cheers,
--
Raul Siles
www.raulsiles.com



On Fri, Oct 16, 2009 at 5:50 PM, Vlatko Kosturjak <ko...@li...> wrote:
> Andres Riancho wrote:
>>
>>    I love this plugin! I loved the idea when you told me about it in
>> France, and I love it much more now that I see how simple the code is.
>
> Thanks, it was great to meet you at Besancon.
>
>> These are the things I modified in the plugin before commiting it to
>> the trunk:
>> - There were lines with tab indentation instead of the PEP-8
>> recommended 4-space indentation. I changed them.
>
> OK. Now, I know what you prefer for patches.
>
>> - Changed the reporting a little bit. Now an information object is
>> only saved to the kb if the favicon.ico is actually identified.
>
> I had different idea. Usually, assessor/tester of the target site should be
> aware if there's favicon there. Maybe we could not identify it
> automatically, but assessor could see that there is favicon.ico, so he can
> see it visually and get some clue about the website/CMS/... As it tests for
> 404, it will display only existing favicon.ico.
> Also, it would ease the contribution of MD5 back to the project...
> It's my point of view which could be wrong...
>
>> - Removed the unused "self._fuzzableRequests = []" and "dirs = []"
>
> There's few things to implement in future versions. First of all, support
> for different dirs. i.e. on single web site, there could be different
> software versions, e.g.:
> http://website/phpbb
> http://website/drupal
> So, it would be good to have it run after the crawler, so it can identify
> different versions. Here I would need your help. Also,
> it would be good to implement parsing of <link rel icon> tag, so plugin can
> identify favicon.ico in not-usual locations...
>
>> - I added a test script named
>> "scripts/script-favicon_identification.w3af" that helps test the
>> plugin you created by running "./w3af_console -s
>> scripts/script-favicon_identification.w3af"
>
> Just checked it and i'm sending patch to fix it as it has some leftovers.
>
>> To sum up, I did nothing and you did a great job ;) If you perform a
>> "svn up" of w3af's trunk, you'll find your plugin there.
>
> Thanks. I plan and hope I will contribute more (plugins & code).
>
>>> In order to learn more about it to, refer to:
>>> http://kost.com.hr/favicon.phpiimplement mplement
>
> My error, link should be: http://kost.com.hr/favicon.php
>
>>    I see that you guys are trying to expand this database by running
>> "Internet wide" scans. I have a server that could be used for this
>> purpose, if you send me a couple of commands that you need me to run,
>> I'll be more than happy to run them and then send you the response.
>> Maybe you could assign me the address range for Argentina, Chile,
>> Uruguay, Bolivia and Paraguay, and I would the results back to you?
>
> Sure. As I have donated all my work to OWASP and we're just building  it as
> OWASP project, feel free to join the mailing list at:
> https://lists.owasp.org/mailman/listinfo/owasp-favicon-database
>
> Current process of crawling is described here:
> http://www.owasp.org/index.php/OWASP_favicon_database_crawl
> ...and scripts can be downloaded here:
> http://kost.com.hr/favicon.php
>
> Although, I'm not sure that we can separate it per country (in terms of nmap
> -iR), but any idea on performing the internet wide survey is welcomed!
>
>>    Thank you for supporting w3af, and other open source projects like
>> openvas and nessus!
>
> You're welcome. As we talk about OpenVAS, maybe it's good time and place to
> ask about it. My plan is to write OpenVAS NVT (NASL) script which would run
> w3af automatically if http(s) port(s) is found (similar to nikto NASL
> plugin). I think this mailing list is best place (and you Andres) to ask
> what is the best command line for w3af for automatic vulnerability
> discovery? i.e. so NASL can launch w3af and parse the results and report it
> through standard OpenVAS reporting mechanism. Any help would be appreciated.
>
> Also if you (or anyone else) have some ideas about other OpenVAS<=>w3af
> cooperation/partnership, let me know!
>
> Kost
>
> ------------------------------------------------------------------------------
> Come build with us! The BlackBerry(R) Developer Conference in SF, CA
> is the only developer event you need to attend this year. Jumpstart your
> developing skills, take BlackBerry mobile applications to market and stay
> ahead of the curve. Join us from November 9 - 12, 2009. Register now!
> http://p.sf.net/sfu/devconference
> _______________________________________________
> W3af-develop mailing list
> W3a...@li...
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>
>

Re: [W3af-develop] new plugin - favicon identification implementation

[Ulises2k <uli...@gm...>]

I  found the same md5sum as the following one in Plex Favicon:
- dcea02a5797ce9e36f19b7590752563e:Apache (seen on CentOS/Debian/Fedora)

Plex Favicon:
$ wget https://plesk86.demo.parallels.com:8443/favicon.ico--no-check-certificate
$ md5sum favicon.ico
dcea02a5797ce9e36f19b7590752563e  favicon.ico

Can you check if the md5sum of the Apache favicon is ok?


On Thu, Oct 22, 2009 at 07:06, Raul Siles <rau...@gm...> wrote:
> Vlakto,
> Have you checked the Nikto db_favicon file? It contains a few
fingerprints.
> Get first auth. from the Nikto project.
>
> Cheers,
> --
> Raul Siles
> www.raulsiles.com
>
>
>
> On Fri, Oct 16, 2009 at 5:50 PM, Vlatko Kosturjak <ko...@li...> wrote:
>> Andres Riancho wrote:
>>>
>>>    I love this plugin! I loved the idea when you told me about it in
>>> France, and I love it much more now that I see how simple the code is.
>>
>> Thanks, it was great to meet you at Besancon.
>>
>>> These are the things I modified in the plugin before commiting it to
>>> the trunk:
>>> - There were lines with tab indentation instead of the PEP-8
>>> recommended 4-space indentation. I changed them.
>>
>> OK. Now, I know what you prefer for patches.
>>
>>> - Changed the reporting a little bit. Now an information object is
>>> only saved to the kb if the favicon.ico is actually identified.
>>
>> I had different idea. Usually, assessor/tester of the target site should
be
>> aware if there's favicon there. Maybe we could not identify it
>> automatically, but assessor could see that there is favicon.ico, so he
can
>> see it visually and get some clue about the website/CMS/... As it tests
for
>> 404, it will display only existing favicon.ico.
>> Also, it would ease the contribution of MD5 back to the project...
>> It's my point of view which could be wrong...
>>
>>> - Removed the unused "self._fuzzableRequests = []" and "dirs = []"
>>
>> There's few things to implement in future versions. First of all, support
>> for different dirs. i.e. on single web site, there could be different
>> software versions, e.g.:
>> http://website/phpbb
>> http://website/drupal
>> So, it would be good to have it run after the crawler, so it can identify
>> different versions. Here I would need your help. Also,
>> it would be good to implement parsing of <link rel icon> tag, so plugin
can
>> identify favicon.ico in not-usual locations...
>>
>>> - I added a test script named
>>> "scripts/script-favicon_identification.w3af" that helps test the
>>> plugin you created by running "./w3af_console -s
>>> scripts/script-favicon_identification.w3af"
>>
>> Just checked it and i'm sending patch to fix it as it has some leftovers.
>>
>>> To sum up, I did nothing and you did a great job ;) If you perform a
>>> "svn up" of w3af's trunk, you'll find your plugin there.
>>
>> Thanks. I plan and hope I will contribute more (plugins & code).
>>
>>>> In order to learn more about it to, refer to:
>>>> http://kost.com.hr/favicon.phpiimplement mplement
>>
>> My error, link should be: http://kost.com.hr/favicon.php
>>
>>>    I see that you guys are trying to expand this database by running
>>> "Internet wide" scans. I have a server that could be used for this
>>> purpose, if you send me a couple of commands that you need me to run,
>>> I'll be more than happy to run them and then send you the response.
>>> Maybe you could assign me the address range for Argentina, Chile,
>>> Uruguay, Bolivia and Paraguay, and I would the results back to you?
>>
>> Sure. As I have donated all my work to OWASP and we're just building  it
as
>> OWASP project, feel free to join the mailing list at:
>> https://lists.owasp.org/mailman/listinfo/owasp-favicon-database
>>
>> Current process of crawling is described here:
>> http://www.owasp.org/index.php/OWASP_favicon_database_crawl
>> ...and scripts can be downloaded here:
>> http://kost.com.hr/favicon.php
>>
>> Although, I'm not sure that we can separate it per country (in terms of
nmap
>> -iR), but any idea on performing the internet wide survey is welcomed!
>>
>>>    Thank you for supporting w3af, and other open source projects like
>>> openvas and nessus!
>>
>> You're welcome. As we talk about OpenVAS, maybe it's good time and place
to
>> ask about it. My plan is to write OpenVAS NVT (NASL) script which would
run
>> w3af automatically if http(s) port(s) is found (similar to nikto NASL
>> plugin). I think this mailing list is best place (and you Andres) to ask
>> what is the best command line for w3af for automatic vulnerability
>> discovery? i.e. so NASL can launch w3af and parse the results and report
it
>> through standard OpenVAS reporting mechanism. Any help would be
appreciated.
>>
>> Also if you (or anyone else) have some ideas about other OpenVAS<=>w3af
>> cooperation/partnership, let me know!
>>
>> Kost
>>
>>
------------------------------------------------------------------------------
>> Come build with us! The BlackBerry(R) Developer Conference in SF, CA
>> is the only developer event you need to attend this year. Jumpstart your
>> developing skills, take BlackBerry mobile applications to market and stay
>> ahead of the curve. Join us from November 9 - 12, 2009. Register now!
>> http://p.sf.net/sfu/devconference
>> _______________________________________________
>> W3af-develop mailing list
>> W3a...@li...
>> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>>
>>
>
>
------------------------------------------------------------------------------
> Come build with us! The BlackBerry(R) Developer Conference in SF, CA
> is the only developer event you need to attend this year. Jumpstart your
> developing skills, take BlackBerry mobile applications to market and stay
> ahead of the curve. Join us from November 9 - 12, 2009. Register now!
> http://p.sf.net/sfu/devconference
> _______________________________________________
> W3af-develop mailing list
> W3a...@li...
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>



-- 
--
Ulises U. Cuñé
Web: http://www.ulises2k.com.ar

Re: [W3af-develop] new plugin - favicon identification implementation

[Ulises2k <uli...@gm...>]

more md5´s

http://nmap.org/nsedoc/scripts/http-favicon.html
http://nmap.org/svn/nselib/data/favicon-db


On Thu, Oct 22, 2009 at 12:29, Ulises2k <uli...@gm...> wrote:

> I  found the same md5sum as the following one in Plex Favicon:
> - dcea02a5797ce9e36f19b7590752563e:Apache (seen on CentOS/Debian/Fedora)
>
> Plex Favicon:
> $ wget https://plesk86.demo.parallels.com:8443/favicon.ico--no-check-certificate
> $ md5sum favicon.ico
> dcea02a5797ce9e36f19b7590752563e  favicon.ico
>
> Can you check if the md5sum of the Apache favicon is ok?
>
>
>
> On Thu, Oct 22, 2009 at 07:06, Raul Siles <rau...@gm...> wrote:
> > Vlakto,
> > Have you checked the Nikto db_favicon file? It contains a few
> fingerprints.
> > Get first auth. from the Nikto project.
> >
> > Cheers,
> > --
> > Raul Siles
> > www.raulsiles.com
> >
> >
> >
> > On Fri, Oct 16, 2009 at 5:50 PM, Vlatko Kosturjak <ko...@li...> wrote:
> >> Andres Riancho wrote:
> >>>
> >>>    I love this plugin! I loved the idea when you told me about it in
> >>> France, and I love it much more now that I see how simple the code is.
> >>
> >> Thanks, it was great to meet you at Besancon.
> >>
> >>> These are the things I modified in the plugin before commiting it to
> >>> the trunk:
> >>> - There were lines with tab indentation instead of the PEP-8
> >>> recommended 4-space indentation. I changed them.
> >>
> >> OK. Now, I know what you prefer for patches.
> >>
> >>> - Changed the reporting a little bit. Now an information object is
> >>> only saved to the kb if the favicon.ico is actually identified.
> >>
> >> I had different idea. Usually, assessor/tester of the target site should
> be
> >> aware if there's favicon there. Maybe we could not identify it
> >> automatically, but assessor could see that there is favicon.ico, so he
> can
> >> see it visually and get some clue about the website/CMS/... As it tests
> for
> >> 404, it will display only existing favicon.ico.
> >> Also, it would ease the contribution of MD5 back to the project...
> >> It's my point of view which could be wrong...
> >>
> >>> - Removed the unused "self._fuzzableRequests = []" and "dirs = []"
> >>
> >> There's few things to implement in future versions. First of all,
> support
> >> for different dirs. i.e. on single web site, there could be different
> >> software versions, e.g.:
> >> http://website/phpbb
> >> http://website/drupal
> >> So, it would be good to have it run after the crawler, so it can
> identify
> >> different versions. Here I would need your help. Also,
> >> it would be good to implement parsing of <link rel icon> tag, so plugin
> can
> >> identify favicon.ico in not-usual locations...
> >>
> >>> - I added a test script named
> >>> "scripts/script-favicon_identification.w3af" that helps test the
> >>> plugin you created by running "./w3af_console -s
> >>> scripts/script-favicon_identification.w3af"
> >>
> >> Just checked it and i'm sending patch to fix it as it has some
> leftovers.
> >>
> >>> To sum up, I did nothing and you did a great job ;) If you perform a
> >>> "svn up" of w3af's trunk, you'll find your plugin there.
> >>
> >> Thanks. I plan and hope I will contribute more (plugins & code).
> >>
> >>>> In order to learn more about it to, refer to:
> >>>> http://kost.com.hr/favicon.phpiimplement mplement
> >>
> >> My error, link should be: http://kost.com.hr/favicon.php
> >>
> >>>    I see that you guys are trying to expand this database by running
> >>> "Internet wide" scans. I have a server that could be used for this
> >>> purpose, if you send me a couple of commands that you need me to run,
> >>> I'll be more than happy to run them and then send you the response.
> >>> Maybe you could assign me the address range for Argentina, Chile,
> >>> Uruguay, Bolivia and Paraguay, and I would the results back to you?
> >>
> >> Sure. As I have donated all my work to OWASP and we're just building  it
> as
> >> OWASP project, feel free to join the mailing list at:
> >> https://lists.owasp.org/mailman/listinfo/owasp-favicon-database
> >>
> >> Current process of crawling is described here:
> >> http://www.owasp.org/index.php/OWASP_favicon_database_crawl
> >> ...and scripts can be downloaded here:
> >> http://kost.com.hr/favicon.php
> >>
> >> Although, I'm not sure that we can separate it per country (in terms of
> nmap
> >> -iR), but any idea on performing the internet wide survey is welcomed!
> >>
> >>>    Thank you for supporting w3af, and other open source projects like
> >>> openvas and nessus!
> >>
> >> You're welcome. As we talk about OpenVAS, maybe it's good time and place
> to
> >> ask about it. My plan is to write OpenVAS NVT (NASL) script which would
> run
> >> w3af automatically if http(s) port(s) is found (similar to nikto NASL
> >> plugin). I think this mailing list is best place (and you Andres) to ask
> >> what is the best command line for w3af for automatic vulnerability
> >> discovery? i.e. so NASL can launch w3af and parse the results and report
> it
> >> through standard OpenVAS reporting mechanism. Any help would be
> appreciated.
> >>
> >> Also if you (or anyone else) have some ideas about other OpenVAS<=>w3af
> >> cooperation/partnership, let me know!
> >>
> >> Kost
> >>
> >>
> ------------------------------------------------------------------------------
> >> Come build with us! The BlackBerry(R) Developer Conference in SF, CA
> >> is the only developer event you need to attend this year. Jumpstart your
> >> developing skills, take BlackBerry mobile applications to market and
> stay
> >> ahead of the curve. Join us from November 9 - 12, 2009. Register now!
> >> http://p.sf.net/sfu/devconference
> >> _______________________________________________
> >> W3af-develop mailing list
> >> W3a...@li...
> >> https://lists.sourceforge.net/lists/listinfo/w3af-develop
> >>
> >>
> >
> >
> ------------------------------------------------------------------------------
> > Come build with us! The BlackBerry(R) Developer Conference in SF, CA
> > is the only developer event you need to attend this year. Jumpstart your
> > developing skills, take BlackBerry mobile applications to market and stay
> > ahead of the curve. Join us from November 9 - 12, 2009. Register now!
> > http://p.sf.net/sfu/devconference
> > _______________________________________________
> > W3af-develop mailing list
> > W3a...@li...
> > https://lists.sourceforge.net/lists/listinfo/w3af-develop
> >
>
>
>
> --
> --
> Ulises U. Cuñé
> Web: http://www.ulises2k.com.ar
>
>


-- 
Ulises U. Cuñé
Web: http://www.ulises2k.com.ar

Re: [W3af-develop] new plugin - favicon identification implementation

[Andres R. <and...@gm...>]

Vlatko,

On Mon, Nov 23, 2009 at 4:26 PM, Ulises2k <uli...@gm...> wrote:
> more md5´s
>
> http://nmap.org/nsedoc/scripts/http-favicon.html
> http://nmap.org/svn/nselib/data/favicon-db

I think that you should somehow centralize the efforts to keep an
updated database. If every piece of software keeps its own database,
we'll be wasting our times. What do you think about keeping it in your
website, and then everybody can download the latest from there?

Cheers,

>
> On Thu, Oct 22, 2009 at 12:29, Ulises2k <uli...@gm...> wrote:
>>
>> I  found the same md5sum as the following one in Plex Favicon:
>> - dcea02a5797ce9e36f19b7590752563e:Apache (seen on CentOS/Debian/Fedora)
>>
>> Plex Favicon:
>> $ wget https://plesk86.demo.parallels.com:8443/favicon.ico
>> --no-check-certificate
>> $ md5sum favicon.ico
>> dcea02a5797ce9e36f19b7590752563e  favicon.ico
>>
>> Can you check if the md5sum of the Apache favicon is ok?
>>
>>
>> On Thu, Oct 22, 2009 at 07:06, Raul Siles <rau...@gm...> wrote:
>> > Vlakto,
>> > Have you checked the Nikto db_favicon file? It contains a few
>> > fingerprints.
>> > Get first auth. from the Nikto project.
>> >
>> > Cheers,
>> > --
>> > Raul Siles
>> > www.raulsiles.com
>> >
>> >
>> >
>> > On Fri, Oct 16, 2009 at 5:50 PM, Vlatko Kosturjak <ko...@li...> wrote:
>> >> Andres Riancho wrote:
>> >>>
>> >>>    I love this plugin! I loved the idea when you told me about it in
>> >>> France, and I love it much more now that I see how simple the code is.
>> >>
>> >> Thanks, it was great to meet you at Besancon.
>> >>
>> >>> These are the things I modified in the plugin before commiting it to
>> >>> the trunk:
>> >>> - There were lines with tab indentation instead of the PEP-8
>> >>> recommended 4-space indentation. I changed them.
>> >>
>> >> OK. Now, I know what you prefer for patches.
>> >>
>> >>> - Changed the reporting a little bit. Now an information object is
>> >>> only saved to the kb if the favicon.ico is actually identified.
>> >>
>> >> I had different idea. Usually, assessor/tester of the target site
>> >> should be
>> >> aware if there's favicon there. Maybe we could not identify it
>> >> automatically, but assessor could see that there is favicon.ico, so he
>> >> can
>> >> see it visually and get some clue about the website/CMS/... As it tests
>> >> for
>> >> 404, it will display only existing favicon.ico.
>> >> Also, it would ease the contribution of MD5 back to the project...
>> >> It's my point of view which could be wrong...
>> >>
>> >>> - Removed the unused "self._fuzzableRequests = []" and "dirs = []"
>> >>
>> >> There's few things to implement in future versions. First of all,
>> >> support
>> >> for different dirs. i.e. on single web site, there could be different
>> >> software versions, e.g.:
>> >> http://website/phpbb
>> >> http://website/drupal
>> >> So, it would be good to have it run after the crawler, so it can
>> >> identify
>> >> different versions. Here I would need your help. Also,
>> >> it would be good to implement parsing of <link rel icon> tag, so plugin
>> >> can
>> >> identify favicon.ico in not-usual locations...
>> >>
>> >>> - I added a test script named
>> >>> "scripts/script-favicon_identification.w3af" that helps test the
>> >>> plugin you created by running "./w3af_console -s
>> >>> scripts/script-favicon_identification.w3af"
>> >>
>> >> Just checked it and i'm sending patch to fix it as it has some
>> >> leftovers.
>> >>
>> >>> To sum up, I did nothing and you did a great job ;) If you perform a
>> >>> "svn up" of w3af's trunk, you'll find your plugin there.
>> >>
>> >> Thanks. I plan and hope I will contribute more (plugins & code).
>> >>
>> >>>> In order to learn more about it to, refer to:
>> >>>> http://kost.com.hr/favicon.phpiimplement mplement
>> >>
>> >> My error, link should be: http://kost.com.hr/favicon.php
>> >>
>> >>>    I see that you guys are trying to expand this database by running
>> >>> "Internet wide" scans. I have a server that could be used for this
>> >>> purpose, if you send me a couple of commands that you need me to run,
>> >>> I'll be more than happy to run them and then send you the response.
>> >>> Maybe you could assign me the address range for Argentina, Chile,
>> >>> Uruguay, Bolivia and Paraguay, and I would the results back to you?
>> >>
>> >> Sure. As I have donated all my work to OWASP and we're just building
>> >>  it as
>> >> OWASP project, feel free to join the mailing list at:
>> >> https://lists.owasp.org/mailman/listinfo/owasp-favicon-database
>> >>
>> >> Current process of crawling is described here:
>> >> http://www.owasp.org/index.php/OWASP_favicon_database_crawl
>> >> ...and scripts can be downloaded here:
>> >> http://kost.com.hr/favicon.php
>> >>
>> >> Although, I'm not sure that we can separate it per country (in terms of
>> >> nmap
>> >> -iR), but any idea on performing the internet wide survey is welcomed!
>> >>
>> >>>    Thank you for supporting w3af, and other open source projects like
>> >>> openvas and nessus!
>> >>
>> >> You're welcome. As we talk about OpenVAS, maybe it's good time and
>> >> place to
>> >> ask about it. My plan is to write OpenVAS NVT (NASL) script which would
>> >> run
>> >> w3af automatically if http(s) port(s) is found (similar to nikto NASL
>> >> plugin). I think this mailing list is best place (and you Andres) to
>> >> ask
>> >> what is the best command line for w3af for automatic vulnerability
>> >> discovery? i.e. so NASL can launch w3af and parse the results and
>> >> report it
>> >> through standard OpenVAS reporting mechanism. Any help would be
>> >> appreciated.
>> >>
>> >> Also if you (or anyone else) have some ideas about other OpenVAS<=>w3af
>> >> cooperation/partnership, let me know!
>> >>
>> >> Kost
>> >>
>> >>
>> >> ------------------------------------------------------------------------------
>> >> Come build with us! The BlackBerry(R) Developer Conference in SF, CA
>> >> is the only developer event you need to attend this year. Jumpstart
>> >> your
>> >> developing skills, take BlackBerry mobile applications to market and
>> >> stay
>> >> ahead of the curve. Join us from November 9 - 12, 2009. Register now!
>> >> http://p.sf.net/sfu/devconference
>> >> _______________________________________________
>> >> W3af-develop mailing list
>> >> W3a...@li...
>> >> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>> >>
>> >>
>> >
>> >
>> > ------------------------------------------------------------------------------
>> > Come build with us! The BlackBerry(R) Developer Conference in SF, CA
>> > is the only developer event you need to attend this year. Jumpstart your
>> > developing skills, take BlackBerry mobile applications to market and
>> > stay
>> > ahead of the curve. Join us from November 9 - 12, 2009. Register now!
>> > http://p.sf.net/sfu/devconference
>> > _______________________________________________
>> > W3af-develop mailing list
>> > W3a...@li...
>> > https://lists.sourceforge.net/lists/listinfo/w3af-develop
>> >
>>
>>
>>
>> --
>> --
>> Ulises U. Cuñé
>> Web: http://www.ulises2k.com.ar
>>
>
>
>
> --
> Ulises U. Cuñé
> Web: http://www.ulises2k.com.ar
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus
> on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> W3af-develop mailing list
> W3a...@li...
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>
>



-- 
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/

Re: [W3af-develop] new plugin - favicon identification implementation

[Matt T. <mte...@gm...>]

How about starting an OWASP project on this?  OWASP is a nice neutral
3rd party.

OWASP already has a wiki where anyone can add hashes to the list.

About all the project lead would need to do is set a watch on that page
and re-generate archive of the list after any new ones are added
   or
you could just scrape that wiki page.  The printable view would be cake
to scrape.

My 2 cents.

-  
-- Matt Tesauro
OWASP Live CD Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site


On Mon, 2009-11-23 at 17:24 -0300, Andres Riancho wrote:
> Vlatko,
> 
> On Mon, Nov 23, 2009 at 4:26 PM, Ulises2k <uli...@gm...> wrote:
> > more md5´s
> >
> > http://nmap.org/nsedoc/scripts/http-favicon.html
> > http://nmap.org/svn/nselib/data/favicon-db
> 
> I think that you should somehow centralize the efforts to keep an
> updated database. If every piece of software keeps its own database,
> we'll be wasting our times. What do you think about keeping it in your
> website, and then everybody can download the latest from there?
> 
> Cheers,
> 
> >
> > On Thu, Oct 22, 2009 at 12:29, Ulises2k <uli...@gm...> wrote:
> >>
> >> I  found the same md5sum as the following one in Plex Favicon:
> >> - dcea02a5797ce9e36f19b7590752563e:Apache (seen on CentOS/Debian/Fedora)
> >>
> >> Plex Favicon:
> >> $ wget https://plesk86.demo.parallels.com:8443/favicon.ico
> >> --no-check-certificate
> >> $ md5sum favicon.ico
> >> dcea02a5797ce9e36f19b7590752563e  favicon.ico
> >>
> >> Can you check if the md5sum of the Apache favicon is ok?
> >>
> >>
> >> On Thu, Oct 22, 2009 at 07:06, Raul Siles <rau...@gm...> wrote:
> >> > Vlakto,
> >> > Have you checked the Nikto db_favicon file? It contains a few
> >> > fingerprints.
> >> > Get first auth. from the Nikto project.
> >> >
> >> > Cheers,
> >> > --
> >> > Raul Siles
> >> > www.raulsiles.com
> >> >
> >> >
> >> >
> >> > On Fri, Oct 16, 2009 at 5:50 PM, Vlatko Kosturjak <ko...@li...> wrote:
> >> >> Andres Riancho wrote:
> >> >>>
> >> >>>    I love this plugin! I loved the idea when you told me about it in
> >> >>> France, and I love it much more now that I see how simple the code is.
> >> >>
> >> >> Thanks, it was great to meet you at Besancon.
> >> >>
> >> >>> These are the things I modified in the plugin before commiting it to
> >> >>> the trunk:
> >> >>> - There were lines with tab indentation instead of the PEP-8
> >> >>> recommended 4-space indentation. I changed them.
> >> >>
> >> >> OK. Now, I know what you prefer for patches.
> >> >>
> >> >>> - Changed the reporting a little bit. Now an information object is
> >> >>> only saved to the kb if the favicon.ico is actually identified.
> >> >>
> >> >> I had different idea. Usually, assessor/tester of the target site
> >> >> should be
> >> >> aware if there's favicon there. Maybe we could not identify it
> >> >> automatically, but assessor could see that there is favicon.ico, so he
> >> >> can
> >> >> see it visually and get some clue about the website/CMS/... As it tests
> >> >> for
> >> >> 404, it will display only existing favicon.ico.
> >> >> Also, it would ease the contribution of MD5 back to the project...
> >> >> It's my point of view which could be wrong...
> >> >>
> >> >>> - Removed the unused "self._fuzzableRequests = []" and "dirs = []"
> >> >>
> >> >> There's few things to implement in future versions. First of all,
> >> >> support
> >> >> for different dirs. i.e. on single web site, there could be different
> >> >> software versions, e.g.:
> >> >> http://website/phpbb
> >> >> http://website/drupal
> >> >> So, it would be good to have it run after the crawler, so it can
> >> >> identify
> >> >> different versions. Here I would need your help. Also,
> >> >> it would be good to implement parsing of <link rel icon> tag, so plugin
> >> >> can
> >> >> identify favicon.ico in not-usual locations...
> >> >>
> >> >>> - I added a test script named
> >> >>> "scripts/script-favicon_identification.w3af" that helps test the
> >> >>> plugin you created by running "./w3af_console -s
> >> >>> scripts/script-favicon_identification.w3af"
> >> >>
> >> >> Just checked it and i'm sending patch to fix it as it has some
> >> >> leftovers.
> >> >>
> >> >>> To sum up, I did nothing and you did a great job ;) If you perform a
> >> >>> "svn up" of w3af's trunk, you'll find your plugin there.
> >> >>
> >> >> Thanks. I plan and hope I will contribute more (plugins & code).
> >> >>
> >> >>>> In order to learn more about it to, refer to:
> >> >>>> http://kost.com.hr/favicon.phpiimplement mplement
> >> >>
> >> >> My error, link should be: http://kost.com.hr/favicon.php
> >> >>
> >> >>>    I see that you guys are trying to expand this database by running
> >> >>> "Internet wide" scans. I have a server that could be used for this
> >> >>> purpose, if you send me a couple of commands that you need me to run,
> >> >>> I'll be more than happy to run them and then send you the response.
> >> >>> Maybe you could assign me the address range for Argentina, Chile,
> >> >>> Uruguay, Bolivia and Paraguay, and I would the results back to you?
> >> >>
> >> >> Sure. As I have donated all my work to OWASP and we're just building
> >> >>  it as
> >> >> OWASP project, feel free to join the mailing list at:
> >> >> https://lists.owasp.org/mailman/listinfo/owasp-favicon-database
> >> >>
> >> >> Current process of crawling is described here:
> >> >> http://www.owasp.org/index.php/OWASP_favicon_database_crawl
> >> >> ...and scripts can be downloaded here:
> >> >> http://kost.com.hr/favicon.php
> >> >>
> >> >> Although, I'm not sure that we can separate it per country (in terms of
> >> >> nmap
> >> >> -iR), but any idea on performing the internet wide survey is welcomed!
> >> >>
> >> >>>    Thank you for supporting w3af, and other open source projects like
> >> >>> openvas and nessus!
> >> >>
> >> >> You're welcome. As we talk about OpenVAS, maybe it's good time and
> >> >> place to
> >> >> ask about it. My plan is to write OpenVAS NVT (NASL) script which would
> >> >> run
> >> >> w3af automatically if http(s) port(s) is found (similar to nikto NASL
> >> >> plugin). I think this mailing list is best place (and you Andres) to
> >> >> ask
> >> >> what is the best command line for w3af for automatic vulnerability
> >> >> discovery? i.e. so NASL can launch w3af and parse the results and
> >> >> report it
> >> >> through standard OpenVAS reporting mechanism. Any help would be
> >> >> appreciated.
> >> >>
> >> >> Also if you (or anyone else) have some ideas about other OpenVAS<=>w3af
> >> >> cooperation/partnership, let me know!
> >> >>
> >> >> Kost
> >> >>
> >> >>
> >> >> ------------------------------------------------------------------------------
> >> >> Come build with us! The BlackBerry(R) Developer Conference in SF, CA
> >> >> is the only developer event you need to attend this year. Jumpstart
> >> >> your
> >> >> developing skills, take BlackBerry mobile applications to market and
> >> >> stay
> >> >> ahead of the curve. Join us from November 9 - 12, 2009. Register now!
> >> >> http://p.sf.net/sfu/devconference
> >> >> _______________________________________________
> >> >> W3af-develop mailing list
> >> >> W3a...@li...
> >> >> https://lists.sourceforge.net/lists/listinfo/w3af-develop
> >> >>
> >> >>
> >> >
> >> >
> >> > ------------------------------------------------------------------------------
> >> > Come build with us! The BlackBerry(R) Developer Conference in SF, CA
> >> > is the only developer event you need to attend this year. Jumpstart your
> >> > developing skills, take BlackBerry mobile applications to market and
> >> > stay
> >> > ahead of the curve. Join us from November 9 - 12, 2009. Register now!
> >> > http://p.sf.net/sfu/devconference
> >> > _______________________________________________
> >> > W3af-develop mailing list
> >> > W3a...@li...
> >> > https://lists.sourceforge.net/lists/listinfo/w3af-develop
> >> >
> >>
> >>
> >>
> >> --
> >> --
> >> Ulises U. Cuñé
> >> Web: http://www.ulises2k.com.ar
> >>
> >
> >
> >
> > --
> > Ulises U. Cuñé
> > Web: http://www.ulises2k.com.ar
> >
> > ------------------------------------------------------------------------------
> > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> > trial. Simplify your report design, integration and deployment - and focus
> > on
> > what you do best, core application coding. Discover what's new with
> > Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> > _______________________________________________
> > W3af-develop mailing list
> > W3a...@li...
> > https://lists.sourceforge.net/lists/listinfo/w3af-develop
> >
> >
> 
> 
> 
> -- 
> Andrés Riancho
> Founder, Bonsai - Information Security
> http://www.bonsai-sec.com/
> http://w3af.sf.net/
> 
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
> trial. Simplify your report design, integration and deployment - and focus on 
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> W3af-develop mailing list
> W3a...@li...
> https://lists.sourceforge.net/lists/listinfo/w3af-develop

Re: [W3af-develop] new plugin - favicon identification implementation

[Andres R. <and...@gm...>]

Matt,

On Mon, Nov 23, 2009 at 5:30 PM, Matt Tesauro <mte...@gm...> wrote:
> How about starting an OWASP project on this?  OWASP is a nice neutral
> 3rd party.

I agree, that could be a nice idea.

> OWASP already has a wiki where anyone can add hashes to the list.

+1

> About all the project lead would need to do is set a watch on that page
> and re-generate archive of the list after any new ones are added
>   or
> you could just scrape that wiki page.  The printable view would be cake
> to scrape.

+1, but "the creator" of the favicon thing is Vlatko, and he should be
the one that decides what to do with that,

Cheers,

> My 2 cents.
>
> -
> -- Matt Tesauro
> OWASP Live CD Project Lead
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
> http://AppSecLive.org - Community and Download site
>
>
> On Mon, 2009-11-23 at 17:24 -0300, Andres Riancho wrote:
>> Vlatko,
>>
>> On Mon, Nov 23, 2009 at 4:26 PM, Ulises2k <uli...@gm...> wrote:
>> > more md5´s
>> >
>> > http://nmap.org/nsedoc/scripts/http-favicon.html
>> > http://nmap.org/svn/nselib/data/favicon-db
>>
>> I think that you should somehow centralize the efforts to keep an
>> updated database. If every piece of software keeps its own database,
>> we'll be wasting our times. What do you think about keeping it in your
>> website, and then everybody can download the latest from there?
>>
>> Cheers,
>>
>> >
>> > On Thu, Oct 22, 2009 at 12:29, Ulises2k <uli...@gm...> wrote:
>> >>
>> >> I  found the same md5sum as the following one in Plex Favicon:
>> >> - dcea02a5797ce9e36f19b7590752563e:Apache (seen on CentOS/Debian/Fedora)
>> >>
>> >> Plex Favicon:
>> >> $ wget https://plesk86.demo.parallels.com:8443/favicon.ico
>> >> --no-check-certificate
>> >> $ md5sum favicon.ico
>> >> dcea02a5797ce9e36f19b7590752563e  favicon.ico
>> >>
>> >> Can you check if the md5sum of the Apache favicon is ok?
>> >>
>> >>
>> >> On Thu, Oct 22, 2009 at 07:06, Raul Siles <rau...@gm...> wrote:
>> >> > Vlakto,
>> >> > Have you checked the Nikto db_favicon file? It contains a few
>> >> > fingerprints.
>> >> > Get first auth. from the Nikto project.
>> >> >
>> >> > Cheers,
>> >> > --
>> >> > Raul Siles
>> >> > www.raulsiles.com
>> >> >
>> >> >
>> >> >
>> >> > On Fri, Oct 16, 2009 at 5:50 PM, Vlatko Kosturjak <ko...@li...> wrote:
>> >> >> Andres Riancho wrote:
>> >> >>>
>> >> >>>    I love this plugin! I loved the idea when you told me about it in
>> >> >>> France, and I love it much more now that I see how simple the code is.
>> >> >>
>> >> >> Thanks, it was great to meet you at Besancon.
>> >> >>
>> >> >>> These are the things I modified in the plugin before commiting it to
>> >> >>> the trunk:
>> >> >>> - There were lines with tab indentation instead of the PEP-8
>> >> >>> recommended 4-space indentation. I changed them.
>> >> >>
>> >> >> OK. Now, I know what you prefer for patches.
>> >> >>
>> >> >>> - Changed the reporting a little bit. Now an information object is
>> >> >>> only saved to the kb if the favicon.ico is actually identified.
>> >> >>
>> >> >> I had different idea. Usually, assessor/tester of the target site
>> >> >> should be
>> >> >> aware if there's favicon there. Maybe we could not identify it
>> >> >> automatically, but assessor could see that there is favicon.ico, so he
>> >> >> can
>> >> >> see it visually and get some clue about the website/CMS/... As it tests
>> >> >> for
>> >> >> 404, it will display only existing favicon.ico.
>> >> >> Also, it would ease the contribution of MD5 back to the project...
>> >> >> It's my point of view which could be wrong...
>> >> >>
>> >> >>> - Removed the unused "self._fuzzableRequests = []" and "dirs = []"
>> >> >>
>> >> >> There's few things to implement in future versions. First of all,
>> >> >> support
>> >> >> for different dirs. i.e. on single web site, there could be different
>> >> >> software versions, e.g.:
>> >> >> http://website/phpbb
>> >> >> http://website/drupal
>> >> >> So, it would be good to have it run after the crawler, so it can
>> >> >> identify
>> >> >> different versions. Here I would need your help. Also,
>> >> >> it would be good to implement parsing of <link rel icon> tag, so plugin
>> >> >> can
>> >> >> identify favicon.ico in not-usual locations...
>> >> >>
>> >> >>> - I added a test script named
>> >> >>> "scripts/script-favicon_identification.w3af" that helps test the
>> >> >>> plugin you created by running "./w3af_console -s
>> >> >>> scripts/script-favicon_identification.w3af"
>> >> >>
>> >> >> Just checked it and i'm sending patch to fix it as it has some
>> >> >> leftovers.
>> >> >>
>> >> >>> To sum up, I did nothing and you did a great job ;) If you perform a
>> >> >>> "svn up" of w3af's trunk, you'll find your plugin there.
>> >> >>
>> >> >> Thanks. I plan and hope I will contribute more (plugins & code).
>> >> >>
>> >> >>>> In order to learn more about it to, refer to:
>> >> >>>> http://kost.com.hr/favicon.phpiimplement mplement
>> >> >>
>> >> >> My error, link should be: http://kost.com.hr/favicon.php
>> >> >>
>> >> >>>    I see that you guys are trying to expand this database by running
>> >> >>> "Internet wide" scans. I have a server that could be used for this
>> >> >>> purpose, if you send me a couple of commands that you need me to run,
>> >> >>> I'll be more than happy to run them and then send you the response.
>> >> >>> Maybe you could assign me the address range for Argentina, Chile,
>> >> >>> Uruguay, Bolivia and Paraguay, and I would the results back to you?
>> >> >>
>> >> >> Sure. As I have donated all my work to OWASP and we're just building
>> >> >>  it as
>> >> >> OWASP project, feel free to join the mailing list at:
>> >> >> https://lists.owasp.org/mailman/listinfo/owasp-favicon-database
>> >> >>
>> >> >> Current process of crawling is described here:
>> >> >> http://www.owasp.org/index.php/OWASP_favicon_database_crawl
>> >> >> ...and scripts can be downloaded here:
>> >> >> http://kost.com.hr/favicon.php
>> >> >>
>> >> >> Although, I'm not sure that we can separate it per country (in terms of
>> >> >> nmap
>> >> >> -iR), but any idea on performing the internet wide survey is welcomed!
>> >> >>
>> >> >>>    Thank you for supporting w3af, and other open source projects like
>> >> >>> openvas and nessus!
>> >> >>
>> >> >> You're welcome. As we talk about OpenVAS, maybe it's good time and
>> >> >> place to
>> >> >> ask about it. My plan is to write OpenVAS NVT (NASL) script which would
>> >> >> run
>> >> >> w3af automatically if http(s) port(s) is found (similar to nikto NASL
>> >> >> plugin). I think this mailing list is best place (and you Andres) to
>> >> >> ask
>> >> >> what is the best command line for w3af for automatic vulnerability
>> >> >> discovery? i.e. so NASL can launch w3af and parse the results and
>> >> >> report it
>> >> >> through standard OpenVAS reporting mechanism. Any help would be
>> >> >> appreciated.
>> >> >>
>> >> >> Also if you (or anyone else) have some ideas about other OpenVAS<=>w3af
>> >> >> cooperation/partnership, let me know!
>> >> >>
>> >> >> Kost
>> >> >>
>> >> >>
>> >> >> ------------------------------------------------------------------------------
>> >> >> Come build with us! The BlackBerry(R) Developer Conference in SF, CA
>> >> >> is the only developer event you need to attend this year. Jumpstart
>> >> >> your
>> >> >> developing skills, take BlackBerry mobile applications to market and
>> >> >> stay
>> >> >> ahead of the curve. Join us from November 9 - 12, 2009. Register now!
>> >> >> http://p.sf.net/sfu/devconference
>> >> >> _______________________________________________
>> >> >> W3af-develop mailing list
>> >> >> W3a...@li...
>> >> >> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>> >> >>
>> >> >>
>> >> >
>> >> >
>> >> > ------------------------------------------------------------------------------
>> >> > Come build with us! The BlackBerry(R) Developer Conference in SF, CA
>> >> > is the only developer event you need to attend this year. Jumpstart your
>> >> > developing skills, take BlackBerry mobile applications to market and
>> >> > stay
>> >> > ahead of the curve. Join us from November 9 - 12, 2009. Register now!
>> >> > http://p.sf.net/sfu/devconference
>> >> > _______________________________________________
>> >> > W3af-develop mailing list
>> >> > W3a...@li...
>> >> > https://lists.sourceforge.net/lists/listinfo/w3af-develop
>> >> >
>> >>
>> >>
>> >>
>> >> --
>> >> --
>> >> Ulises U. Cuñé
>> >> Web: http://www.ulises2k.com.ar
>> >>
>> >
>> >
>> >
>> > --
>> > Ulises U. Cuñé
>> > Web: http://www.ulises2k.com.ar
>> >
>> > ------------------------------------------------------------------------------
>> > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
>> > trial. Simplify your report design, integration and deployment - and focus
>> > on
>> > what you do best, core application coding. Discover what's new with
>> > Crystal Reports now.  http://p.sf.net/sfu/bobj-july
>> > _______________________________________________
>> > W3af-develop mailing list
>> > W3a...@li...
>> > https://lists.sourceforge.net/lists/listinfo/w3af-develop
>> >
>> >
>>
>>
>>
>> --
>> Andrés Riancho
>> Founder, Bonsai - Information Security
>> http://www.bonsai-sec.com/
>> http://w3af.sf.net/
>>
>> ------------------------------------------------------------------------------
>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
>> trial. Simplify your report design, integration and deployment - and focus on
>> what you do best, core application coding. Discover what's new with
>> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
>> _______________________________________________
>> W3af-develop mailing list
>> W3a...@li...
>> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>
>



-- 
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/

Re: [W3af-develop] new plugin - favicon identification implementation

[Martin T. <mar...@gm...>]

Andres/Matt

2009/11/23 Andres Riancho <and...@gm...>:
> Matt,
>
> On Mon, Nov 23, 2009 at 5:30 PM, Matt Tesauro <mte...@gm...> wrote:
>> How about starting an OWASP project on this?  OWASP is a nice neutral
>> 3rd party.
>
> I agree, that could be a nice idea.
>
>> OWASP already has a wiki where anyone can add hashes to the list.
>
> +1
>
>> About all the project lead would need to do is set a watch on that page
>> and re-generate archive of the list after any new ones are added
>>   or
>> you could just scrape that wiki page.  The printable view would be cake
>> to scrape.
>
> +1, but "the creator" of the favicon thing is Vlatko, and he should be
> the one that decides what to do with that,
>

+1 There are a wiki page [1] about this topic and the Project Leader
is Vlatko Kosturjak =)

[1] http://www.owasp.org/index.php?title=GPC_Project_Details/OWASP_Favicon_Database_Project&setlang=es

....and a maling list...
(https://lists.owasp.org/mailman/listinfo/owasp-favicon-database)

> Cheers,
>
>> My 2 cents.
>>
>> -
>> -- Matt Tesauro
>> OWASP Live CD Project Lead
>> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>> http://AppSecLive.org - Community and Download site
>>
>>
>> On Mon, 2009-11-23 at 17:24 -0300, Andres Riancho wrote:
>>> Vlatko,
>>>
>>> On Mon, Nov 23, 2009 at 4:26 PM, Ulises2k <uli...@gm...> wrote:
>>> > more md5´s
>>> >
>>> > http://nmap.org/nsedoc/scripts/http-favicon.html
>>> > http://nmap.org/svn/nselib/data/favicon-db
>>>
>>> I think that you should somehow centralize the efforts to keep an
>>> updated database. If every piece of software keeps its own database,
>>> we'll be wasting our times. What do you think about keeping it in your
>>> website, and then everybody can download the latest from there?
>>>
>>> Cheers,
>>>
>>> >
>>> > On Thu, Oct 22, 2009 at 12:29, Ulises2k <uli...@gm...> wrote:
>>> >>
>>> >> I  found the same md5sum as the following one in Plex Favicon:
>>> >> - dcea02a5797ce9e36f19b7590752563e:Apache (seen on CentOS/Debian/Fedora)
>>> >>
>>> >> Plex Favicon:
>>> >> $ wget https://plesk86.demo.parallels.com:8443/favicon.ico
>>> >> --no-check-certificate
>>> >> $ md5sum favicon.ico
>>> >> dcea02a5797ce9e36f19b7590752563e  favicon.ico
>>> >>
>>> >> Can you check if the md5sum of the Apache favicon is ok?
>>> >>
>>> >>
>>> >> On Thu, Oct 22, 2009 at 07:06, Raul Siles <rau...@gm...> wrote:
>>> >> > Vlakto,
>>> >> > Have you checked the Nikto db_favicon file? It contains a few
>>> >> > fingerprints.
>>> >> > Get first auth. from the Nikto project.
>>> >> >
>>> >> > Cheers,
>>> >> > --
>>> >> > Raul Siles
>>> >> > www.raulsiles.com
>>> >> >
>>> >> >
>>> >> >
>>> >> > On Fri, Oct 16, 2009 at 5:50 PM, Vlatko Kosturjak <ko...@li...> wrote:
>>> >> >> Andres Riancho wrote:
>>> >> >>>
>>> >> >>>    I love this plugin! I loved the idea when you told me about it in
>>> >> >>> France, and I love it much more now that I see how simple the code is.
>>> >> >>
>>> >> >> Thanks, it was great to meet you at Besancon.
>>> >> >>
>>> >> >>> These are the things I modified in the plugin before commiting it to
>>> >> >>> the trunk:
>>> >> >>> - There were lines with tab indentation instead of the PEP-8
>>> >> >>> recommended 4-space indentation. I changed them.
>>> >> >>
>>> >> >> OK. Now, I know what you prefer for patches.
>>> >> >>
>>> >> >>> - Changed the reporting a little bit. Now an information object is
>>> >> >>> only saved to the kb if the favicon.ico is actually identified.
>>> >> >>
>>> >> >> I had different idea. Usually, assessor/tester of the target site
>>> >> >> should be
>>> >> >> aware if there's favicon there. Maybe we could not identify it
>>> >> >> automatically, but assessor could see that there is favicon.ico, so he
>>> >> >> can
>>> >> >> see it visually and get some clue about the website/CMS/... As it tests
>>> >> >> for
>>> >> >> 404, it will display only existing favicon.ico.
>>> >> >> Also, it would ease the contribution of MD5 back to the project...
>>> >> >> It's my point of view which could be wrong...
>>> >> >>
>>> >> >>> - Removed the unused "self._fuzzableRequests = []" and "dirs = []"
>>> >> >>
>>> >> >> There's few things to implement in future versions. First of all,
>>> >> >> support
>>> >> >> for different dirs. i.e. on single web site, there could be different
>>> >> >> software versions, e.g.:
>>> >> >> http://website/phpbb
>>> >> >> http://website/drupal
>>> >> >> So, it would be good to have it run after the crawler, so it can
>>> >> >> identify
>>> >> >> different versions. Here I would need your help. Also,
>>> >> >> it would be good to implement parsing of <link rel icon> tag, so plugin
>>> >> >> can
>>> >> >> identify favicon.ico in not-usual locations...
>>> >> >>
>>> >> >>> - I added a test script named
>>> >> >>> "scripts/script-favicon_identification.w3af" that helps test the
>>> >> >>> plugin you created by running "./w3af_console -s
>>> >> >>> scripts/script-favicon_identification.w3af"
>>> >> >>
>>> >> >> Just checked it and i'm sending patch to fix it as it has some
>>> >> >> leftovers.
>>> >> >>
>>> >> >>> To sum up, I did nothing and you did a great job ;) If you perform a
>>> >> >>> "svn up" of w3af's trunk, you'll find your plugin there.
>>> >> >>
>>> >> >> Thanks. I plan and hope I will contribute more (plugins & code).
>>> >> >>
>>> >> >>>> In order to learn more about it to, refer to:
>>> >> >>>> http://kost.com.hr/favicon.phpiimplement mplement
>>> >> >>
>>> >> >> My error, link should be: http://kost.com.hr/favicon.php
>>> >> >>
>>> >> >>>    I see that you guys are trying to expand this database by running
>>> >> >>> "Internet wide" scans. I have a server that could be used for this
>>> >> >>> purpose, if you send me a couple of commands that you need me to run,
>>> >> >>> I'll be more than happy to run them and then send you the response.
>>> >> >>> Maybe you could assign me the address range for Argentina, Chile,
>>> >> >>> Uruguay, Bolivia and Paraguay, and I would the results back to you?
>>> >> >>
>>> >> >> Sure. As I have donated all my work to OWASP and we're just building
>>> >> >>  it as
>>> >> >> OWASP project, feel free to join the mailing list at:
>>> >> >> https://lists.owasp.org/mailman/listinfo/owasp-favicon-database
>>> >> >>
>>> >> >> Current process of crawling is described here:
>>> >> >> http://www.owasp.org/index.php/OWASP_favicon_database_crawl
>>> >> >> ...and scripts can be downloaded here:
>>> >> >> http://kost.com.hr/favicon.php
>>> >> >>
>>> >> >> Although, I'm not sure that we can separate it per country (in terms of
>>> >> >> nmap
>>> >> >> -iR), but any idea on performing the internet wide survey is welcomed!
>>> >> >>
>>> >> >>>    Thank you for supporting w3af, and other open source projects like
>>> >> >>> openvas and nessus!
>>> >> >>
>>> >> >> You're welcome. As we talk about OpenVAS, maybe it's good time and
>>> >> >> place to
>>> >> >> ask about it. My plan is to write OpenVAS NVT (NASL) script which would
>>> >> >> run
>>> >> >> w3af automatically if http(s) port(s) is found (similar to nikto NASL
>>> >> >> plugin). I think this mailing list is best place (and you Andres) to
>>> >> >> ask
>>> >> >> what is the best command line for w3af for automatic vulnerability
>>> >> >> discovery? i.e. so NASL can launch w3af and parse the results and
>>> >> >> report it
>>> >> >> through standard OpenVAS reporting mechanism. Any help would be
>>> >> >> appreciated.
>>> >> >>
>>> >> >> Also if you (or anyone else) have some ideas about other OpenVAS<=>w3af
>>> >> >> cooperation/partnership, let me know!
>>> >> >>
>>> >> >> Kost
>>> >> >>
>>> >> >>
>>> >> >> ------------------------------------------------------------------------------
>>> >> >> Come build with us! The BlackBerry(R) Developer Conference in SF, CA
>>> >> >> is the only developer event you need to attend this year. Jumpstart
>>> >> >> your
>>> >> >> developing skills, take BlackBerry mobile applications to market and
>>> >> >> stay
>>> >> >> ahead of the curve. Join us from November 9 - 12, 2009. Register now!
>>> >> >> http://p.sf.net/sfu/devconference
>>> >> >> _______________________________________________
>>> >> >> W3af-develop mailing list
>>> >> >> W3a...@li...
>>> >> >> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>>> >> >>
>>> >> >>
>>> >> >
>>> >> >
>>> >> > ------------------------------------------------------------------------------
>>> >> > Come build with us! The BlackBerry(R) Developer Conference in SF, CA
>>> >> > is the only developer event you need to attend this year. Jumpstart your
>>> >> > developing skills, take BlackBerry mobile applications to market and
>>> >> > stay
>>> >> > ahead of the curve. Join us from November 9 - 12, 2009. Register now!
>>> >> > http://p.sf.net/sfu/devconference
>>> >> > _______________________________________________
>>> >> > W3af-develop mailing list
>>> >> > W3a...@li...
>>> >> > https://lists.sourceforge.net/lists/listinfo/w3af-develop
>>> >> >
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> --
>>> >> Ulises U. Cuñé
>>> >> Web: http://www.ulises2k.com.ar
>>> >>
>>> >
>>> >
>>> >
>>> > --
>>> > Ulises U. Cuñé
>>> > Web: http://www.ulises2k.com.ar
>>> >
>>> > ------------------------------------------------------------------------------
>>> > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
>>> > trial. Simplify your report design, integration and deployment - and focus
>>> > on
>>> > what you do best, core application coding. Discover what's new with
>>> > Crystal Reports now.  http://p.sf.net/sfu/bobj-july
>>> > _______________________________________________
>>> > W3af-develop mailing list
>>> > W3a...@li...
>>> > https://lists.sourceforge.net/lists/listinfo/w3af-develop
>>> >
>>> >
>>>
>>>
>>>
>>> --
>>> Andrés Riancho
>>> Founder, Bonsai - Information Security
>>> http://www.bonsai-sec.com/
>>> http://w3af.sf.net/
>>>
>>> ------------------------------------------------------------------------------
>>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
>>> trial. Simplify your report design, integration and deployment - and focus on
>>> what you do best, core application coding. Discover what's new with
>>> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
>>> _______________________________________________
>>> W3af-develop mailing list
>>> W3a...@li...
>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>>
>>
>
>
>
> --
> Andrés Riancho
> Founder, Bonsai - Information Security
> http://www.bonsai-sec.com/
> http://w3af.sf.net/
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> W3af-develop mailing list
> W3a...@li...
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>



-- 
Martin Tartarelli
Linux User #476492
http://owasp.org/index.php/Argentina
--

Re: [W3af-develop] new plugin - favicon identification implementation

[Matt T. <mte...@gm...>]

On Mon, 2009-11-23 at 18:30 -0300, Martin Tartarelli wrote:
> Andres/Matt
> 
[snip]
> 
> +1 There are a wiki page [1] about this topic and the Project Leader
> is Vlatko Kosturjak =)
> 
> [1] http://www.owasp.org/index.php?title=GPC_Project_Details/OWASP_Favicon_Database_Project&setlang=es
> 
> ....and a maling list...
> (https://lists.owasp.org/mailman/listinfo/owasp-favicon-database)
> 
> > Cheers,
> >
> >> My 2 cents.
Doh!

Problem solved (already).

-  
-- Matt Tesauro
OWASP Live CD Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site

[snip]
> >>
> >> -

Re: [W3af-develop] new plugin - favicon identification implementation

[Vlatko K. <ko...@li...>]

On Mon, Nov 23, 2009 at 06:30:29PM -0300, Martin Tartarelli wrote:
> >> OWASP already has a wiki where anyone can add hashes to the list.
> >> About all the project lead would need to do is set a watch on that page
> >> and re-generate archive of the list after any new ones are added
> >>   or
> >> you could just scrape that wiki page.  The printable view would be cake
> >> to scrape.
> > +1, but "the creator" of the favicon thing is Vlatko, and he should be
> > the one that decides what to do with that,
> +1 There are a wiki page [1] about this topic and the Project Leader
> is Vlatko Kosturjak =)
> [1] http://www.owasp.org/index.php?title=GPC_Project_Details/OWASP_Favicon_Database_Project&setlang=es
> ....and a maling list...
> (https://lists.owasp.org/mailman/listinfo/owasp-favicon-database)

It seems that great minds think the same :)

To be serious, yes, it's there and I have just released new version of
favicon database, it's available here:
http://www.owasp.org/index.php/File:Favicon-md5-20100222.zip

Thanks to all contributions/ideas/suggestions people on this list:
Andres, Ulises2k, Raul Siles, Matt Tesauro, Martin Tartarelli.

Andres, could you update the database on w3af subversion?

I have also invited nmap people to participate on nmap-dev mailing
list but I got no response, I'll try to bump it again. I'll check
with the Nikto people as well... 

Note that you can contribute directly by editing wiki database:
http://www.owasp.org/index.php/OWASP_favicon_database

Of course, you can still contribute via twitter by sending it
with @OWASPfavicon if that's easier for you, we'll update the
wiki database...

Looking forward to hear from you,
-- 
Vlatko Kosturjak - KoSt                                  ICQ: 3631122