Caleb and I joke that the conference talk we most want to give, but (for various legal reasons) will never be able to give, is how to write a modern web scanner.

This architecture looks a lot like what we would discuss. But, as always, there are things that are essential that it fails to address (so far)

-Manual JavaScript? Can a brother get some Spidermonkey?
-Captcha?
-Flash? Anyone?
-Two factor?

I need to take this for a spin. Multiple threads, authentication, log out detection, URL aliasing, transparent proxies, load balancers, and thread management are either not mentioned or are *way* too glossed over in the presentation. These are things people think are easy that become Hard Problems(tm) when scaling to enterprise environments.

If you are fingerprinting with HTTPrint you have a lot to learn.

The nod to client-side static analysis of code was nice and sounded very familiar... [looks at open Visual Studio currently in debugging]... very familiar indeed...

Keep your eye on this project.