OWASP O2 Platform Blog

Mapping out the OWASP Mailman admins (from web exposed data)

There was a recent thread on the OWASP-leaders list about unsubscribing to that list. The problem was caused by the auto population of that list with the current admins of an owasp mailing list.

As you can see on https://lists.owasp.org/mailman/admin , the problem is that there are a LOT of OWASP mailing lists (466 to be specific) and it is not easy to find out who is the current admin of what list.

To help with these mappings, I just wrote a quick O2 script which allows the collection and visualization of that data.

The script is called OWASP Mailing Lists – admins mappings.h2 and this is what it looks like when executed:

And here is its source code:

var hideTableDuringLoad = true;
var topPanel = "OWASP Mailing Lists - List admin mappings/emails".popupWindow(1200,500);
//var topPanel = panel.clear().add_Panel();
var tableList = topPanel.add_GroupBox("OWASP Mailing list mappigs").add_TableList();
var browser = topPanel.insert_Right("List Admin WebPage").add_WebBrowser_Control();

tableList.afterSelect_get_Cell(3,
(href)=>{
browser.open(href);
});

tableList.add_Columns("#", "email", "list", "href" );
var tempDir = "_owasp-leaders_mainmanMappings".tempDir(false);

var baseUrl = "https://lists.owasp.org/mailman/admin";
Func<string, string> getHtml_UsingCache =
(urlToGet)=> {
var cacheFilePath = tempDir.pathCombine(urlToGet.safeFileName() + ".html");
return (cacheFilePath.fileExists())
? cacheFilePath.fileContents()
: urlToGet.uri()
.getHtml()
.saveAs(cacheFilePath)
.fileContents();
};

Func<string,string, List<HtmlNode>> getNodesFromHtmlPage =
(urlToGet, filter)=> {
var htmlDocument = getHtml_UsingCache(urlToGet).htmlDocument();
return htmlDocument.select(filter);
};
//return getNodesFromHtmlPage(baseUrl, "//a");

var linksToFollow = (from link in getNodesFromHtmlPage(baseUrl, "//a")
where link.attribute("href").value().contains("mailman/admin")
select link).toList();

tableList.visible(false);
var listNumber = 1;
foreach(var linkToFollow in linksToFollow)
{
var href = linkToFollow.attribute("href").value();
var links = getNodesFromHtmlPage(href, "//a");
foreach(var link in links)
if (link.InnerText.contains(" at "))
foreach(var email in link.InnerText.split(","))
tableList.add_Row(
email.replace(" at <a href="mailto:%22,%20%22@%22).trim().ToLower">", "@").trim().ToLower</a>(),
linkToFollow.InnerText,
listNumber++.str() ,
href);

}

tableList.setWidthToContent();
tableList.visible(true);
tableList.selectFirst();

return "done";
//using HtmlAgilityPack
//using O2.XRules.Database.Utils.ExtensionMethods
//O2File:HtmlAgilityPack_ExtensionMethods.cs
//O2Ref:O2_Misc_Microsoft_MPL_Libs.dll

November 12, 2011 - Posted by | Mailman, OWASP

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: