Hi guys!
I like the idea, it's actually a very good one. Some comments though:
>
> * The penalty for using scapy is that the user needs to be root, and
> we don't want to ask users to run w3af as root for running a simple
> scan. On the other side, the idea is good and should be implemented,
> so what I recommend is to have something that looks like this:
>
>
I agree!!
if user_running_as_root():
> start_sniffing()
> send_requests_that_will_ping_back_to_us()
> stop_sniffing()
> analyze_packets()
> else:
> warn_user_that_technique_is_only_available_when_root()
>
>
Some comments about the code layout:
You can develop that using Python's decorator instead of if-else statment.
The code could look like :
@require_root
def my_custom_scan(params, kwds_params):
start_sniffing()
send_requests_that_will_ping_back_to_us()
stop_sniffing()
analyze_packets()
That way is more flexible, and you are able to focus just in the logic of
the *process*(scan, exploit, etc)
I hope you find it useful,
Cheers,
--
Alderete, Martin Nicolas
NINJA-IDE Core Developer
Senior Python Developer
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
