Penetration Testing mailing list archives
Re: [PEN-TEST] (Web-Derived Custom Dictionary Creation Tools)
From: Mike Ahern <mc_ahern () YAHOO COM>
Date: Thu, 21 Sep 2000 07:34:07 -0700
I think an excellent set of tools for sucking down the contents of entire web sites and converting them to text files (or one large text file) are two products from Tennyson Maxwell. "Teleport Pro" does an excellent job of sucking down a web sites file contents, and can do so to a single directory if you like. "HTML2TEXT" converts the web content to text files - or to a single text file (removing all HTML tags). All that needs to be done to create a dictionary is to replace spaces and punctuation with CR-LF's, and then sort. You can go to the extra trouble of then removing duplicate words easily with std UNIX tools/scripts. The great thing is that you get a dictionary of company or industry specific names/words/acronyms. The downside is many times two or sometimes three names/words have special significance together (i.e., "Tiger Woods", as opposed to "Tiger" and "Woods"; or "Los Angeles" as opposed to "Los" and "Angeles". It is harder to pull these associations from an automated process (without getting alot of word associations that don't make sense together in with the ones that do). - mch On Wed, 20 Sep 2000, Loschiavo, Dave wrote: With checking out the website being a first step... Does anyone know if there is a tool that will comb through a website to pull nouns down into a dictionary file that you use for a customized dictionary attack specific to that company? I've been doing this, creating custom attack dictionaries for each penetration test, for several years. Nothing complex - just spidering all html and sorting all found strings (sans html markup, although those strings are already in my base dictionary). I use proprietary tools, but you could just as well use wget|find|strings|sort... __________________________________________________ Do You Yahoo!? Send instant messages & get email alerts with Yahoo! Messenger. http://im.yahoo.com/
Current thread:
- Re: [PEN-TEST] (Web-Derived Custom Dictionary Creation Tools) Mike Ahern (Sep 21)