Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Create a plugin for clustering a huge amount of scan results #17345
Most of existing plugins are based on static checks like searching for pre-defined patterns (for example, they can look for typical error messages from database servers). This approach allows to catch only issues which the plugins are aware of. But a scan may cause an application to behave in an unusual and unexpected way which actually may be a vulnerability. This may be a logical bug or just very application-specific. If such a behavior doesn't match to the patterns which used by plugins, then most probably no one notice the problem. In particular, the more extensive a scan is, and the less likely a tester notices a problem because it may require a (semi)manual analysis of a huge amount or scan logs.
To help a tester with analysis of scan results, we can add a plugin which applies some machine learning techniques to the scan results. For example, the plugin can apply a clustering algorithm to HTTP requests and responses which put similar ones to the same bucket (cluster). Then, the tester can review a couple of random samples from each cluster to make sure that the application behaved correctly.
This plugin doesn't guarantee that all issues are found during testing. In fact, it should be even fine if the plugin doesn't report issues at all. This plugin should be considered as a tool which helps with analysis of huge amount of scan results.
Hope I can find some time to prototype such a plugin. Meanwhile, I'd appreciate any feedback.
I read Backslash Powered Scanning: hunting unknown vulnerability classes, it looks a bit related but