Hello,
I would like a tool constructed that
1) compiled a list of all .pl & .cgi files present upon a system.
2) Step through the list running a 'google' search
using googles API to determine if script name + vulnerability
was returned.
2a) Perhaps qualify this list by targetting results from
a known databank of vulnerabilites such as cert or securityfocus.
3) Return a list via email
4) Audit protections so the script can only be run by
authorized users such as root, and not be turned against a
system by a blackhat to find exploits.
There are quite a few CPAN modules for accessing the google SOAP API.
Suggestions leading to final bidable work welcome.
Stephen
## Deliverables
1) Complete and fully-functional working program(s) in executable form as well as complete source code of all work done.
2) Deliverables must be in ready-to-run condition, as follows (depending on the nature of the deliverables):
a) For web sites or other server-side deliverables intended to only ever exist in one place in the Buyer's environment--Deliverables must be installed by the Seller in ready-to-run condition in the Buyer's environment.
b) For all others including desktop software or software the buyer intends to distribute: A software installation package that will install the software in ready-to-run condition on the platform(s) specified in this bid request.
3) All deliverables will be considered "work made for hire" under U.S. Copyright law. Buyer will receive exclusive and complete copyrights to all work purchased. (No GPL, GNU, 3rd party components, etc. unless all copyright ramifications are explained AND AGREED TO by the buyer on the site per the coder's Seller Legal Agreement).
## Platform
Perl 5.6.1 onwards
possibly C/C++ ?
Java?
Ideally some form of cross platform capability would be good.