There was a thread back in 2008 where someone was considering writing a Firefox Plugin that would emulate a search engine spider. I could used that for my hobby blog, but I also have a professional interest. I do incident response for a university.

I have a slightly different application of a web browser plugin. We have had a website that was compromised and began to host malware. The developers for the site asked me to scan it. But I only have a vulnerability scanner. They looked at the web pages in the mySql database, but they would really like a scan of the site for malware. I know that Finjan (now M86) Secure Browsing and the Dr Web Firefox plugins do some sort of page analysis before they show the page. I thought that if I combined them with a website spider plugin, that I would get an understanding of the health of the website. If this is too convoluted, and there is an easier way, I will confess to being no web expert, and plead ignorance.

I have a related question as well. We found some obfuscated javascript on a website once. I am familiar with file entropy scanners for PE executables (for example Mandian't Red Curtain). I was wondering if there was something out there to check for obfuscated Javascript or some of the other interpretive languages (both client side, and server side.) I would think that some of the constructs for obfuscation would not be common in normal programming.

Thanks,

Jim