This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Unmaskme Project"

From OWASP
Jump to: navigation, search
(Main)
(Main)
 
Line 14: Line 14:
 
Do we really need to care about metadata?. This is the question that so many people ask. In order to try answer this question in relation to web metadata this project does exist.
 
Do we really need to care about metadata?. This is the question that so many people ask. In order to try answer this question in relation to web metadata this project does exist.
  
'''Unmaskme''': project exposed all kind of web metadata as possible referencing the technology behind that metadata. The goal of this project is to raise web security awareness among web owners, webmasters, web designers or even people without security knowledge through the interpretation of all [[Web-metadata]] extracted from any website.
+
'''Unmaskme''': project exposing all kind of web metadata as possible referencing the technology behind that metadata. The goal of this project is to raise web security awareness among web owners, webmasters, web designers or even people without security knowledge through the interpretation of all [[Web-metadata]] extracted from any website.
  
  

Latest revision as of 08:14, 17 September 2014



OWASP Inactive Banner.jpg

Main

Metadata is a data that gives information about other data. The metadata of any data can give information about its characteristics, quality, creator information, versions, architecture, geographical location and more characteristics.

Do we really need to care about metadata?. This is the question that so many people ask. In order to try answer this question in relation to web metadata this project does exist.

Unmaskme: project exposing all kind of web metadata as possible referencing the technology behind that metadata. The goal of this project is to raise web security awareness among web owners, webmasters, web designers or even people without security knowledge through the interpretation of all Web-metadata extracted from any website.


Think in this project as a central information resource which anyone -not only penetration testers- could use with their own tools to perform a fingerprinting with added capabilities and intelligence.


Description Compromised websites are often used by attackers to deliver badware or to host phising pages designed to steal private information from their victims. Unfortunately, most of the targeted websites are managed by users with little or no security background. Unmaskme will help the webmasters to highlight the importance of keep update, protect or do some hardening in their websites in order to avoid they become victims of badware.

Usually a no security aware webmaster will left a newly deployed website by default and normally will pass months or even years without any update on the website. As result cibercriminals will take advantage of this behaviour and the website will be part of the compromised website statistics. Web hosting providers -who play a key role in this scene- are not doing any effort to help with this problem.

Unmaskme project is only a open source project to collect the metadata. Anyone is free to use this data under the corresponding license. Please find the main section of this project in: https://www.owasp.org/index.php/Web-metadata and feel free to collaborate with more metadata information.

A proof of concept tool to use this data collected is available in: http://desenmascara.me

Project About

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Unmaskme Project (home page)
Purpose: The goal of this tool is to raise security awareness among web owners in order to help decrease the constant rise of compromised websites.

Public resource which will extract metadata from any website (either domain name or IP address, no resource) and will explain it in a brief summary. The extraction will be totally passive just like browsing the website, otherwise the tool couldn't be online for public use. It's based mainly on HTTP headers and metadata. Some features of the tool are:

Easy to use, only enter a website address to see what's behind the scenes Brief summary about the website configuration Different report colours to highlight web security awareness Detection of CMSs and versions (whatweb core) Warnings about old software being exploited in the wild like joomla-1.5, RoR CVE-2013-0156... Detection of hardening signs such as WAF, CDN, reverse proxy... Detection of blacklisted websites by GoogleSafeBrowsing Detection of suspicious iframes or hidden spam Detection of defacements, directory listings, private IP address in comments... Stats about general web security awareness and some details of compromised websites

PoC (Spanish): http://desenmascara.me

License: GNU AGPL v3 License (similar to GPL but modified for use with web applications and web interfaces)
who is working on this project?
Project Leader(s):
  • Emilio Casbas @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact Emilio Casbas @ to contribute to this project
  • Contact Emilio Casbas @ to review or sponsor this project
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases