DevBUG - Keeping track so you don't have to

DevBUG is an idea that came to me while conducting a Vulnerability Assessment for University a few months back. We did a service scan on a web server and found that way too many ports and services were running! But that wasn't the problem, well, not for us anyway. The problem was, is that we had 20 different software services and versions to google and write about.

So what is the process? We needed to find the software package's homepage, find what the latest version of the package is for the development tree that was used, find out how old the version the web server was running was and then try to find any known vulnerabilities associated with that version. This is not too much hassle when you have to do it one to three times however when you have to do it twenty to fifty times it starts to become time consuming.

So in comes DevBUG. DevBUG is a web application which will be free for any one to use, no subscriptions or anything. It will be a search engine for software packages and their versions. Three times a day (every 8 hours) starting at 8AM GMT a backed spider will visit every software package's homepage looking for new versions, if it finds a new version this will be added to a database. So the idea is, to keep a record of software, their released versions, release dates and any vulnerabilities which may affect each version. So this is great to solve our original problem! We have a one stop shop for all the information we need! But what other uses does it have?

Taking Nikto as an example here but not aiming anything directly at it. Nikto when it finds a server header and version will tell you if it is out of date and what the latest version is. Now the latest versions of software are always changing and it's hard for a tool to keep this information up to date. I envision DevBUG being used by tools to provide their users with the latest information!

But that's not all! Each software package indexed by DevBUG will have it's own RSS feed. So if your a server administrator and say you have Apache, PHP and some FTP server running. You can add each software package's RSS feed to your RSS reader and be informed of new releases on the day they are released! Making it easier to keep track of software updates!

The real power of DevBUG will be in its database. The more software packages indexed the better the service will be. I plan to launch DevBUG with a few hundred indexed software packages however I will be continually updating and adding new software packages. I will monitor what people are searching for and if we are not indexing that software package, we will add it. So the more DevBUG is used the better it will become.

DevBUG BETA will be launching sometime in the next couple of months. If you would like a sneak preview before the official launch, reply to this thread and I will PM you as soon as it is ready.




Software information


Views: 138


You need to be a member of Dissecting The Hack to add comments!

Join Dissecting The Hack

Comment by MadJ on May 19, 2010 at 10:05am
seems a neat idea !

Latest Activity

Anton Vyacheslav is now a member of Dissecting The Hack
Dec 9, 2018
bernardorichard updated their profile
Nov 28, 2018
Sam Mccalla is now a member of Dissecting The Hack
Nov 19, 2018
bernardorichard is now a member of Dissecting The Hack
Oct 24, 2018

Stratagem 13 News Feed

© 2020   Created by Marcus J. Carey.   Powered by

Badges  |  Report an Issue  |  Terms of Service