The goal of this proposal is to create a custom “scan portal” on our site to allow a website owner or webmaster to scan a website daily for malware. A good example of this is:
http://www.sitesecuritymonitor.com/
There are others such as:
http://www.qualys.com/products/qg_suite/malware_detection/
http://www.hackscanner.com/
http://www.metasploit.com/
We will entertain bids for complete programming, integrated with or without free programming scripts using free open-source programs where possible, if they are available. We will need a two or three page website with a functional scanning engine. This scanning engine must be able to scan any website through its URL. The scanning engine should be able to be updated using updated definitions. An open source scanning engine is preferred with rights to resale the core services. The website need not be extravagant as this is a test marketing program to gage the need for such a service. The main feature of this portal must include: Account Management Interface:
Website must have the ability to create accounts with username and passwords for each client. The username would be the client’s primary email address, and the password would be auto-generated. Client needs to be identified by class of website by dropdown list with auto deletion of unwanted types of websites. Each client page needs a field for input of client contact email, cell phone number, and website URL with the ability to schedule time during each day for web server scan (within our ability), this will be listed where client can access and update this information at anytime. Upon scan the dashboard will list the time and date and if anything is detected. If anything is detected the system should flag the account and send a auto created email to email address and a text message to clients phone. Dashboard should also have an Integrated Calendar showings date of scans. The client needs to be able to email support from the client’s account. Replies by email should also be reflected in the clients account. Admin should be able to view a report and access/print/email all of our client’s information. Client Payment Client payment will allow purchase monthly or yearly through the use of a shopping cart operated by 1st Shopping cart.
Please be prepared in your proposal to tell me how your scanning engine will work and what it will be based upon. All source code will belong to me. A test site must be set-up and proven before project will be paid.
These are some resource pages and ideas for the scanning engine.
Free/OpenSource Tools, Grabber by Romain Gaucher, Grendel-Scan by David Byrne and Eric Duprey http://www.grendel-scan.com/download.htm, Nikto by Sullo, Pantera by Simon Roses Femerling (OWASP Project), Paros by Chinotec, Powerfuzzer by Marcin Kozlowski , Spike Proxy by Immunity (Now as OWASP Pantera), WebScarab by Rogan Dawes of Aspect Security (OWASP Project), Wapiti by Nicolas Surribas, W3AF by Andres Riancho,
The Web Application Security Consortium (WASC) has a list of web application security scanners.The Open Web Application Security Project (OWASP) Phoenix has a list of various web application testing. This is a must page to review:http://sectools.org/web-scanners.html
Nikto2 http://www.cirt.net/nikto2 Open Source (GPL) web server scanner
http://www.parosproxy.org/index.shtml for web application security assessment
http://wapiti.sourceforge.net/ vulnerability scanner / security auditor
http://www.ict-romulus.eu/web/wapiti
http://directory.fsf.org/project/tiger/
http://directory.fsf.org/project/LSAT/
http://directory.fsf.org/project/samhain/
http://directory.fsf.org/project/AntiExploit/
http://directory.fsf.org/project/integrit/
http://directory.fsf.org/project/incident.p l/
http://directory.fsf.org/project/sussen/
website url scanner
http://www.sitesecuritymonitor.com/