Tarantula is under active development as we use it internally to police our apps. If you grab the bits from this morning (R243 or later in the repository), you will see that stack traces in the log report now link back into TextMate.
We have a ton of features we would like to add, and I bet the community can think of plenty more. Please add comments to this post, or post into Trac, letting us know what features you would like to see next. Here's some possible choices to get you started:
- a "Johnny Droptables" fuzzer that tries specific SQL injection attacks
- docs detailing the kinds of errors we have been finding and how to fix them
- an XSS fuzzer that tries to inject script tags (this is challenging because it isn't obvious how to automatically detect the symptom)
- CSS validation
- JS validation
- UI features to make the reports more navigable and usable (be specific!)
- integration with RSpec
- blacklist of files your server should never return
- Ajax crawling (Tarantula currently simulates plain old web requests)
- Integration with other IDEs (you'll probably have to send us a tested patch because we're happy with TextMate)
Get your votes in today and we can look at them during open source Friday.