Idea for a security application

I think the best way to learn a new (programming) language is to address a real world problem :). So here is one, I want to solve in the next few months.

One of the things I like to do as part of a evaluation security process is to check the amount of public information available for a website. I frequently find that people find information leakage from websites they thought were secure or not publicly accessible.

The idea is to create a python script to do the following

  • Must have
    • Inject list of hostnames and do the following
      • Check whether they resolve to a public IP or not
      • If resolving to public IP, check the amount of data being exposed by this site by doing a quick google search
      • Report on the amount of information available sorted by amount
  • Nice to have
    • take domain name instead of hostnames and try to do a domain transfer and capture all hostnames in the domain
    • leverage Google API instead of web scraping
    • web interface to allow input and show output

Why python? Well, I have been trying to learn it for sometime now and I think it is time to put all that learning to use :).

Anyone interested in joining the fun?

One Reply to “Idea for a security application”

  1. Ill join in on the fun, but if you are learn so will I 🙂

    My Request:
    – Use Flask for the framework (I am a django guy, but heard nothing but good things about flask)
    – If we use a VPS to host it, we should use nginx (httpd for the longest but its time to move with the trend lest be left behind!)
    – Use Bootstrap 3 (or new html framework, I have been using Bootstrap 2 for almost a year now; in technology terms…outdated :p)
    – After we complete the project, we publish it on github for the world to use 🙂

    Feel free to reach out if you want to work on this!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.