Martin, On Wed, Aug 29, 2012 at 3:01 PM, Martin Alderete <malder...@gmail.com> wrote: > Hi guys! > >> I like the idea, it's actually a very good one. Some comments though: >> >> * The penalty for using scapy is that the user needs to be root, and >> we don't want to ask users to run w3af as root for running a simple >> scan. On the other side, the idea is good and should be implemented, >> so what I recommend is to have something that looks like this: >> > > I agree!! > >> if user_running_as_root(): >> start_sniffing() >> send_requests_that_will_ping_back_to_us() >> stop_sniffing() >> analyze_packets() >> else: >> warn_user_that_technique_is_only_available_when_root() >> > > Some comments about the code layout: > You can develop that using Python's decorator instead of if-else statment. > The code could look like : > > @require_root > def my_custom_scan(params, kwds_params): > start_sniffing() > send_requests_that_will_ping_back_to_us() > stop_sniffing() > analyze_packets() > > That way is more flexible, and you are able to focus just in the logic of > the *process*(scan, exploit, etc)
Agreed, implementation looks nicer with something like that, and when we implement the second, third, N-th technique that requires root, code will look even nicer than the if-else option. > I hope you find it useful, Sure! PD: Bienvenido a la lista, es bueno ver mas Argentinos por aqui :) > Cheers, > > > -- > Alderete, Martin Nicolas > NINJA-IDE Core Developer > Senior Python Developer > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > W3af-develop mailing list > W3af-develop@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-develop > -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
