Taras,
On Mon, Feb 21, 2011 at 5:57 PM, Taras <ox...@oxdef.info> wrote:
> Hi, Andres!
>
> I can't find the last letter with discussion about support scanning of
> more then one target domain...But my 2 coins at the current moment.
> I made simple wrapper over w3afCore + usual steps like InitPlugins and
> env and tested (it is like w3af_console but suppports only command line
> params like target). This wrapper in loop tests different targets.
Interesting hack, would you mind sharing it? Just send the patch
as an attachment to the mailing list and I'll approve the email at the
mailing list administrator if the attachment is too big.
> Result was that I got "too many open files" [0].
It makes me happy to see these errors. Before we simply crashed
for stupid things, right now the bugs are more "rare" and are related
to "scannning big/multiple sites". This is good news.
Thanks for the bug report, Javier (aka the keepalive.py master)
will fix this.
> And it looks like it
> will be really difficult to add multiple domain target testing into w3af
It will be difficult, yes. Your approach was something similar to
(if I understood ok):
"""
for target in target_list:
start_w3af_scan( target )
"""
What I would do is:
- Create a generic "is_target" function that returns True if the URL
that's passed as parameter is a target for this scan. Maybe this
function should be in targetSettings.py ?
- Find all the places where w3af verifies if the "new URL that is
found during crawling" is a target or not (example [0]), and start
using this generic "is_target" function
Once that's done, we just need to identify EXACTLY how that
function should behave. That way, we can scan something like
www.google.com , images.google.com , maps.google.com , all in one
scan.
[0]
http://sourceforge.net/apps/trac/w3af/browser/trunk/plugins/discovery/webSpider.py#L179
> (do we really need it?...). I plan to make some little research =)
>
> [0] https://sourceforge.net/apps/trac/w3af/ticket/161572
>
>
> --
> Taras
> http://oxdef.info
> ----
> "Software is like sex: it's better when it's free." - Linus Torvalds
>
>
>
--
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af
------------------------------------------------------------------------------
Free Software Download: Index, Search & Analyze Logs and other IT data in
Real-Time with Splunk. Collect, index and harness all the fast moving IT data
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business
insights. http://p.sf.net/sfu/splunk-dev2dev
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
