Hello list, I was playing with the idea making a JavaScript based network scanner / CSRF exploiting tool. I know the idea in itself isn't very new, but I feel somehow it never really got the credit that it deserved and still believe it's a valid attack vector and with some preparation and minimal tweaking/configuring of the scanning engine before sending it to a target will yield very good results. Anyways; I made a quick write-up of my ideas/findings. Any feedback on the matter would be greatly appreciated. http://allodox.wordpress.com/2012/04/21/javascript-based-network-scanners/ Regards, Raf

Hey, take a look at the port scanner we have in BeEF (http://beefproject.com). It is combining 3 techniques (img tags, WebSockets and CORS) and merge the results. You can find it under modules -> network -> portscanner Cheers antisnatchor On Sat, Apr 21, 2012 at 3:03 PM, allodoxa <spamhole@telenet.be> wrote: > Hello list, > > I was playing with the idea making a JavaScript based network scanner / > CSRF exploiting tool. I know the idea in itself isn't very new, but I > feel somehow it never really got the credit that it deserved and still > believe it's a valid attack vector and with some preparation and minimal > tweaking/configuring of the scanning engine before sending it to a > target will yield very good results. > Anyways; I made a quick write-up of my ideas/findings. Any feedback on > the matter would be greatly appreciated. > > http://allodox.wordpress.com/2012/04/21/javascript-based-network-scanners/ > > Regards, > > Raf > > > > _______________________________________________ > The Web Security Mailing List > > WebSecurity RSS Feed > http://www.webappsec.org/rss/websecurity.rss > > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > WASC on Twitter > http://twitter.com/wascupdates > > websecurity@lists.webappsec.org > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org -- /antisnatchor