w3af-svn-notify Mailing List for w3af (Page 256)
Status: Beta
Brought to you by:
andresriancho
Menu
▾
▴
w3af-svn-notify — This mailing list has a copy of the SVN Commit logs and each modified file
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
(235) |
Mar
(336) |
Apr
(280) |
May
(278) |
Jun
(159) |
Jul
(270) |
Aug
(240) |
Sep
(121) |
Oct
(110) |
Nov
(199) |
Dec
(228) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(251) |
Feb
(206) |
Mar
(115) |
Apr
(45) |
May
(27) |
Jun
(67) |
Jul
(49) |
Aug
(38) |
Sep
(10) |
Oct
(131) |
Nov
(89) |
Dec
(38) |
| 2010 |
Jan
(85) |
Feb
(71) |
Mar
(45) |
Apr
(23) |
May
(12) |
Jun
|
Jul
(11) |
Aug
(7) |
Sep
(81) |
Oct
(79) |
Nov
(165) |
Dec
(62) |
| 2011 |
Jan
(134) |
Feb
(73) |
Mar
(34) |
Apr
(63) |
May
(147) |
Jun
(43) |
Jul
(21) |
Aug
(26) |
Sep
(43) |
Oct
(34) |
Nov
(44) |
Dec
(112) |
| 2012 |
Jan
(47) |
Feb
(44) |
Mar
(72) |
Apr
(209) |
May
(54) |
Jun
(279) |
Jul
(151) |
Aug
(332) |
Sep
(39) |
Oct
(268) |
Nov
(116) |
Dec
(368) |
| 2013 |
Jan
(73) |
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: SourceForge.net <no...@so...> - 2008-04-05 14:00:51
|
Task #147537 has been updated. Project: w3af Subproject: documentation Summary: Update installation procedure Complete: 0% Status: Open Authority : andresriancho Assigned to: nobody Description: Update installation procedure, keep in mind that for windows we will have an w3af-setup.exe with all the dependencies included. ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=147537&group_id=170274&group_project_id=56046 |
|
From: SourceForge.net <no...@so...> - 2008-04-05 13:57:27
|
Task #147536 has been updated. Project: w3af Subproject: documentation Summary: Howto - Perform a fast scan Complete: 0% Status: Open Authority : andresriancho Assigned to: nobody Description: This should be a step by step guide on how to find the low hanging fruits. This is done by using two simple discovery plugins: webSpider, yahooSiteExplorer and if the site has a lot of javascript the documentation should recommend the usage of spiderMan; and finally the documentation should encourage the user to enable all grep plugins (document that they don't affect the run time because they don't send requests!) and all audit plugins, in order to FIND those vulns. Objective: Let the user know how to perform a fast scan. User interface: consoleUi (./w3af) ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=147536&group_id=170274&group_project_id=56046 |
|
From: SourceForge.net <no...@so...> - 2008-04-05 13:48:47
|
Task #147533 has been updated. Project: w3af Subproject: documentation Summary: Howto - Find subdomains Complete: 0% Status: Open Authority : andresriancho Assigned to: nobody Description: This should be a step by step guide on how to find subdomains and other domains that are hosted on the same host. Objective: Let the user know about the existence and usage of discovery.findvhost. User interface: consoleUi (./w3af) Follow-Ups: ------------------------------------------------------- Date: 2008-04-05 10:48 By: andresriancho Comment: discovery.sharedHosting is also important and should be mentioned here. ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=147533&group_id=170274&group_project_id=56046 |
|
From: SourceForge.net <no...@so...> - 2008-04-05 13:47:28
|
Task #147535 has been updated. Project: w3af Subproject: documentation Summary: Howto - Analyze sites with javascript Complete: 0% Status: Open Authority : andresriancho Assigned to: nobody Description: This should be a step by step guide on how to analyze web applications that heavily rely on javascript. This is mostly a "you should use discovery.spiderMan" howto. Objective: Let the user know about the existence and usage of discovery.spiderMan. User interface: consoleUi (./w3af) See scripts: scripts/script-spiderMan.w3af ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=147535&group_id=170274&group_project_id=56046 |
|
From: SourceForge.net <no...@so...> - 2008-04-05 13:45:17
|
Task #147534 has been updated. Project: w3af Subproject: documentation Summary: Howto - find users and bruteforce a login Complete: 0% Status: Open Authority : andresriancho Assigned to: nobody Description: This should be a step by step guide on how to find all the related email addresses for a target domain; and how to use that knowledge to bruteforce a login. Objective: Let the user know how to use discovery.finger* and bruteforce.* ; also, a lot of emphasis should be put on the fact that plugins SHARE the information. User interface: consoleUi (./w3af) See scripts: scripts/script-basicAuthBrute-* ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=147534&group_id=170274&group_project_id=56046 |
|
From: SourceForge.net <no...@so...> - 2008-04-05 13:42:31
|
Task #147533 has been updated. Project: w3af Subproject: documentation Summary: Howto - Find subdomains Complete: 0% Status: Open Authority : andresriancho Assigned to: nobody Description: This should be a step by step guide on how to find subdomains and other domains that are hosted on the same host. Objective: Let the user know about the existence and usage of discovery.findvhost. User interface: consoleUi (./w3af) ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=147533&group_id=170274&group_project_id=56046 |
|
From: SourceForge.net <no...@so...> - 2008-04-05 13:39:59
|
Task #147532 has been updated. Project: w3af Subproject: documentation Summary: Howto - map the remote HTTP infrastructure Complete: 0% Status: Open Authority : andresriancho Assigned to: nobody Description: This should be a step by step guide on how to: - identify reverse proxies - identify transparent proxies - identify web application firewalls - identify active filters - identify the remote http server (hmap) - identify HTTP load balancers (halberd) Objective: Let the user know how the framework can be used to map the remote HTTP infrastructure. User interface: consoleUi (./w3af) ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=147532&group_id=170274&group_project_id=56046 |
|
From: SourceForge.net <no...@so...> - 2008-04-05 13:35:06
|
Task #147531 has been updated. Project: w3af Subproject: documentation Summary: Howto - Find XSS vulnerabilities Complete: 0% Status: Open Authority : andresriancho Assigned to: nobody Description: This should be a step by step guide on how to find XSS vulnerabilities. Objective: Let the user know about the usage of audit.xss and it's options. User interface: consoleUi (./w3af) ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=147531&group_id=170274&group_project_id=56046 |
|
From: SourceForge.net <no...@so...> - 2008-04-05 13:33:41
|
Task #147530 has been updated. Project: w3af Subproject: documentation Summary: Howto - find [blind] sql injections Complete: 0% Status: Open Authority : andresriancho Assigned to: nobody Description: This should be a step by step guide on how to find [blind] sql injections on a web application. Objective: Let the user know how to use bSqli and sqli User interface: consoleUi (./w3af) ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=147530&group_id=170274&group_project_id=56046 |
|
From: SourceForge.net <no...@so...> - 2008-04-05 13:32:23
|
Task #147529 has been updated. Project: w3af Subproject: documentation Summary: Howto - Exploit sql injections Complete: 0% Status: Open Authority : andresriancho Assigned to: nobody Description: This should be a step by step guide on how to exploit the [blind]sql injections that are found by the audit plugins. Objective: Let the user know about the usage of sqlmap and it's options. User interface: consoleUi (./w3af) ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=147529&group_id=170274&group_project_id=56046 |
|
From: SourceForge.net <no...@so...> - 2008-04-05 01:31:19
|
Task #147520 has been updated. Project: w3af Subproject: Plugin TODO v1.10 Summary: log file should show everything Complete: 0% Status: Open Authority : andresriancho Assigned to: nobody Description: Right now I'm not showing: - The plugins that were enabled - The commands that the user run to enable the plugins One bug is that when I enable the textfile plugin I start recording things to the file when it is enabled, all previous messages are lost. ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=147520&group_id=170274&group_project_id=55629 |
|
From: SourceForge.net <no...@so...> - 2008-04-05 00:42:48
|
Task #146771 has been updated. Project: w3af Subproject: gtkUi - Phase 3 Summary: Profiles in scan configuration tab Complete: 95% Status: Open Authority : andresriancho Assigned to: facundobatista Description: They should be to the left of the plugin configuration. Profiles can be copied (not cloned) from the user interface. When starting a scan, the UI should notice a change in the profile and fire up a dialog to save the profile. This task depends on "Tabs refactoring" and in Andres creating the "Profile feature" in the core. Maybe this won't happend in a short time. Follow-Ups: ------------------------------------------------------- Date: 2008-04-04 21:42 By: andresriancho Comment: Ok, the core features needed for profiles is done. PLEASE read the FIXME comments in profiles.py; we have some problems there that should be fixed by you. Core features done in r917. ------------------------------------------------------- Date: 2008-04-03 20:02 By: facundobatista Comment: Transform the "copyProfile" method to something like "saveCurrentConfigurationAsNewProfile" (but, with a shorter name, :p ). ------------------------------------------------------- Date: 2008-03-24 23:24 By: facundobatista Comment: All is done except calling some core methods that still to be implemented: - Save the profile - Save the actual state in a new profile - Delete a profile Bug #1924832 is open regarding this. When that's closed, this task could be reassigned to me. ------------------------------------------------------- Date: 2008-03-22 05:19 By: facundobatista Comment: Closer.... ------------------------------------------------------- Date: 2008-03-22 03:27 By: facundobatista Comment: Major structural changes are done, now I need to deal with the profile actions. ------------------------------------------------------- Date: 2008-03-10 21:47 By: facundobatista Comment: As talked with Andres, you will not be able to change Profile if you didn't save it before. ------------------------------------------------------- Date: 2008-03-10 13:21 By: facundobatista Comment: Advanced a little. Lack of support from the core makes it impossible to continue. Andres, I'm assigning this to you, as we need to talk about this: or more support from the core is added, or profiles should be re-designed. ------------------------------------------------------- Date: 2008-03-02 14:20 By: andresriancho Comment: Loading of profiles based on ini files already work in the consoleUi. ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=146771&group_id=170274&group_project_id=55113 |
|
From: <and...@us...> - 2008-04-05 00:42:35
|
Revision: 917
http://w3af.svn.sourceforge.net/w3af/?rev=917&view=rev
Author: andresriancho
Date: 2008-04-04 17:42:33 -0700 (Fri, 04 Apr 2008)
Log Message:
-----------
The core now works as expected with profiles.
Modified Paths:
--------------
trunk/core/controllers/w3afCore.py
trunk/core/data/profile/profile.py
trunk/core/ui/gtkUi/profiles.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-04-05 00:41:52
|
Revision: 916
http://w3af.svn.sourceforge.net/w3af/?rev=916&view=rev
Author: andresriancho
Date: 2008-04-04 17:41:50 -0700 (Fri, 04 Apr 2008)
Log Message:
-----------
Changing order of tabs and also the default tab after starting scan.
Modified Paths:
--------------
trunk/core/ui/gtkUi/main.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: SourceForge.net <no...@so...> - 2008-04-04 13:50:07
|
Task #146767 has been updated. Project: w3af Subproject: gtkUi - Phase 3 Summary: Log tab should have an XY plot of the results Complete: 0% Status: Open Authority : andresriancho Assigned to: andresriancho Description: Log tab should have an XY plot of the results as seen with Eduardo today. The idea is to have X: Time and Y: Severity of the finding. With this information create a graphic that can be used to easily see what vulns were found. Remember that vulns have 3 severities LOW / MID / HIGH and that info objects have a severity of INFO. All other objects don't have severity. Keep in mind that the vuln objects that are in the KB are the ones with severity; not the ones that are written in the gtkOutput plugin. If mouse over vuln, tooltip. If mouse click on vuln; go to the tab were I can see more information about it. Follow-Ups: ------------------------------------------------------- Date: 2008-04-04 10:50 By: andresriancho Comment: Idea: Try to put the debug info also in the graph. The debug info is something that appears more than once every second, almost all the time w3af is running; while information messages arrive less than 1 every 10 seconds in average. ------------------------------------------------------- Date: 2008-04-03 21:51 By: facundobatista Comment: VulnHigh, VulnMed, VulnLow, and Info, are three different levels in the vertical positions. Instead of points, use a circle of three pixels width.. The X dimension must resize itself when time goes for too long. The initial scale is 40ms per pixel. Reassigned to Andres for him to allow the log to receive the vulnerability meta information (then reassign to me). ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=146767&group_id=170274&group_project_id=55113 |
|
From: <and...@us...> - 2008-04-04 12:33:22
|
Revision: 915
http://w3af.svn.sourceforge.net/w3af/?rev=915&view=rev
Author: andresriancho
Date: 2008-04-04 05:33:13 -0700 (Fri, 04 Apr 2008)
Log Message:
-----------
Fixed a bug that showed ugly stuff to stdout when trying to render an empty response in gtkhtml2.
Modified Paths:
--------------
trunk/core/ui/gtkUi/reqResViewer.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: SourceForge.net <no...@so...> - 2008-04-04 12:25:39
|
Task #147516 has been updated. Project: w3af Subproject: gtkUi - Phase 3 Summary: http log tab in results tab - don't show search results Complete: 0% Status: Open Authority : andresriancho Assigned to: facundobatista Description: http log tab in results tab - don't show search results "by default". When the http log tab was outside the results tab, it only showed the search result widget after the user searched for something that returned more than one result. Now, (and most likely because of a .show_all() ) it shows that widget by default; which isn't good. ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=147516&group_id=170274&group_project_id=55113 |
|
From: SourceForge.net <no...@so...> - 2008-04-04 03:59:40
|
Task #145772 has been updated. Project: w3af Subproject: gtkUi - Phase 3 Summary: review prompt.py Complete: 15% Status: Open Authority : andresriancho Assigned to: facundobatista Description: See: https://projects.nesl.ucla.edu/view/viewcvs.cgi/sos-2x/trunk/tools/pysoscc/include/pyshell.py?rev=626 It has really nice features like: - history - autocompletion (not usefull for w3af) - saving shell output - handles loooooong commands - follows the output properly Follow-Ups: ------------------------------------------------------- Date: 2008-04-04 00:59 By: facundobatista Comment: Now you can't erase the prompt. ------------------------------------------------------- Date: 2008-04-03 20:35 By: facundobatista Comment: Functionality: - Up/down arrows just show the previous/next lines (entered in the past, like readline). You should be able to modify the previous line before executing it. - It should have a toolbar, with a save button (opens a "save file dialog", and lets the user to save that text anywhere). - When issuing a command with long output, the vertical scrollbar should go to the bottom. - The user can not erase the prompt! - It shouldn't be a horizontal scrollbar, wrap the text!!! ------------------------------------------------------- Date: 2008-04-02 13:05 By: facundobatista Comment: We need to agree which functionality to include in prompt.py (the actual one complies with the original requirements). ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=145772&group_id=170274&group_project_id=55113 |
|
From: <fac...@us...> - 2008-04-04 03:59:22
|
Revision: 914
http://w3af.svn.sourceforge.net/w3af/?rev=914&view=rev
Author: facundobatista
Date: 2008-04-03 20:59:19 -0700 (Thu, 03 Apr 2008)
Log Message:
-----------
Now you can not erase the prompt.
Modified Paths:
--------------
trunk/core/ui/gtkUi/prompt.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-04-04 03:47:23
|
Revision: 913
http://w3af.svn.sourceforge.net/w3af/?rev=913&view=rev
Author: andresriancho
Date: 2008-04-03 20:40:17 -0700 (Thu, 03 Apr 2008)
Log Message:
-----------
Changed tab order.
Modified Paths:
--------------
trunk/core/ui/gtkUi/scanrun.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: SourceForge.net <no...@so...> - 2008-04-04 03:23:55
|
Task #147511 has been updated. Project: w3af Subproject: gtkUi - Phase 3 Summary: The result tab must have a notebook inside Complete: 100% Status: Closed Authority : facundobatista Assigned to: facundobatista Description: ...with the following tabs: - urls - kbtree - req/resp Follow-Ups: ------------------------------------------------------- Date: 2008-04-04 00:23 By: facundobatista Comment: Done in r912. ------------------------------------------------------- Date: 2008-04-04 00:23 By: facundobatista Comment: Done in r912. ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=147511&group_id=170274&group_project_id=55113 |
|
From: SourceForge.net <no...@so...> - 2008-04-04 03:23:43
|
Task #147511 has been updated. Project: w3af Subproject: gtkUi - Phase 3 Summary: The result tab must have a notebook inside Complete: 0% Status: Closed Authority : facundobatista Assigned to: facundobatista Description: ...with the following tabs: - urls - kbtree - req/resp Follow-Ups: ------------------------------------------------------- Date: 2008-04-04 00:23 By: facundobatista Comment: Done in r912. ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=147511&group_id=170274&group_project_id=55113 |
|
From: <fac...@us...> - 2008-04-04 03:23:31
|
Revision: 912
http://w3af.svn.sourceforge.net/w3af/?rev=912&view=rev
Author: facundobatista
Date: 2008-04-03 20:23:27 -0700 (Thu, 03 Apr 2008)
Log Message:
-----------
Results is now a big notebook with all the info
in different tabs.
Modified Paths:
--------------
trunk/core/ui/gtkUi/main.py
trunk/core/ui/gtkUi/scanrun.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-04-04 02:21:51
|
Revision: 911
http://w3af.svn.sourceforge.net/w3af/?rev=911&view=rev
Author: andresriancho
Date: 2008-04-03 19:21:47 -0700 (Thu, 03 Apr 2008)
Log Message:
-----------
Removed some ugly dots of the splash image.
Modified Paths:
--------------
trunk/core/ui/gtkUi/data/splash.png
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: SourceForge.net <no...@so...> - 2008-04-04 01:08:24
|
Task #147511 has been updated. Project: w3af Subproject: gtkUi - Phase 3 Summary: The result tab must have a notebook inside Complete: 0% Status: Open Authority : facundobatista Assigned to: facundobatista Description: ...with the following tabs: - urls - kbtree - req/resp ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=147511&group_id=170274&group_project_id=55113 |
