Taras,
On Fri, Jan 28, 2011 at 10:15 AM, Taras <[email protected]> wrote:
> Hi, all!
>
> I'm thinking about using w3af to scan multiple domains in one session.
> But it looks like we have limitation on it:
> "...w3af only supports one target domain at the time."
Yep, we have that limitation.
> Could you please describe me what parts multiple targets will make influence
> in?
For example, finger[MSN|PKS|Google] will find email addresses
associated with the target website, which are then used during
bruteforce. Until now, we haven't really made a separation by domain
in any section of the code because we have the multiple targets
limitation; so a change like having multiple targets might require
some time to implement.
> Is it legacy or real problem?
Could be seen as one, yes.
I see the power or multiple targets for websites that have many
subdomains to organize content/view/users/modules/etc. For example we
could find www.google.com , images.google.com , mail.google.com and
I'm sure they are links from images.google.com to
ww.google.com/search?xyz , links that if you scan www.google.com
you'll never find... but for now, we have that limitation.
Created a ticket [0] to work on this. The issue is very hard to
solve and will need lots of testing, code changes, etc. If you want to
start with it, I would first recommend having a skype call with Javier
and me in order to see how to approach the issue.
[0] https://sourceforge.net/apps/trac/w3af/ticket/161357
Regards,
> --
> Taras
> http://oxdef.info
>
> ------------------------------------------------------------------------------
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> February 28th, so secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsight-sfd2d
> _______________________________________________
> W3af-develop mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>
--
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af
------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
W3af-develop mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-develop
