Taras,
On Tue, Mar 8, 2011 at 7:08 AM, Taras <ox...@oxdef.info> wrote:
> Hi, all!
>
> I want to introduce new outplut plugin - emailReport
> You can get it from my branch [0]. This plugin sends short vuln report
> on specified address. It's useful to use in scheduled scans.
Nice! I like the idea!
> NB! Plugin uses experimental false-positive manager to prevent sending a
> lot of trash to your email. But I can switch off this feature.
For now the falsePositive thing is too experimental, but the
emailReport.py plugin is very nice, so I would recommend you remove
the falsePositive manager from it and commit it to the trunk. Here are
some other comments about the plugin:
- self.smtpServer, self.smtpPort = smtpServer.split(":") , I would
validate there that the smtpPort is really an int, and not in server =
smtplib.SMTP(self.smtpServer, int(self.smtpPort))
- getLongDesc() output should be LONG :) Please see the other outputs,
where we describe the parameters, etc.
- msg['Subject'] = 'W3AF report on %s' % self.targets[0] , I would
change that from "W3AF" to "w3af"
- '''Email reporter class.''' , please remember that this is shown in
the consoleUi when a user lists all plugins. It should be more
descriptive, something like "Email report to specified addresses".
> What do you think about it? Any comments are welcome!
I haven't been able to run pylint over the plugin, does it pass
without any errors?
> [0]
> http://w3af.svn.sourceforge.net/viewvc/w3af/branches/taras/plugins/output/emailReport.py
Great stuff! :)
> --
> Taras
> http://oxdef.info
> ----
> "Software is like sex: it's better when it's free." - Linus Torvalds
>
>
>
> ------------------------------------------------------------------------------
> What You Don't Know About Data Connectivity CAN Hurt You
> This paper provides an overview of data connectivity, details
> its effect on application quality, and explores various alternative
> solutions. http://p.sf.net/sfu/progress-d2d
> _______________________________________________
> W3af-develop mailing list
> W3af-develop@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>
--
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af
------------------------------------------------------------------------------
What You Don't Know About Data Connectivity CAN Hurt You
This paper provides an overview of data connectivity, details
its effect on application quality, and explores various alternative
solutions. http://p.sf.net/sfu/progress-d2d
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
