Penetration Testing mailing list archives
Re: Scanner for old files (.bak, ~, .old, etc.)
From: Todd Haverkos <infosec () haverkos com>
Date: Tue, 30 Jun 2009 11:27:55 -0500
Juan Kinunt <kinunt () gmail com> writes:
Hi, I would like to know if anyone knows a tool that first spiders the web in order to enumerate al files and scripts it detects and then look for this same files but with another extension. For example, first spiders the web and enumerate: index.php news.php cart.php And then looks for index.php.bak, index.php.inc, index.php~, index.bak, index.old, etc. This tool will be useful supossing that programmers tend to change the extension of the file to store old files. I know Nikto, Wikto, etc... but this tools look for predefined files and I would like to target already existing files but with different extension.
Hi Juan, IBM Rational Appscan does this sorta thang (adaptive hunting for backup files/directories/tarfiles fuzzing on paths/files that have been found via spidering) rather well, but I'm guessing that's overkill for just this aspect of its functionality. In the free realm, WebScarab does this sorta thing http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project#Features "Extensions - automates checks for files that were mistakenly left in web server's root directory (e.g. .bak, ~, etc). Checks are performed for both, files and directories (e.g. /app/login.jsp will be checked for /app/login.jsp.bak, /app/login.jsp~, /app.zip, /app.tar.gz, etc). Extensions for files and directories can be edited by user. " You might also look into Paros Proxy's integrated scanner. Since I have Appscan, I haven't used it for this specifically in many years, but I quickly pulled apart the Paros jar file and see several class files named ExtensionScanner, Paros does have a spider in it as well, and have vague recollections from years ago that it would look for things like what you seek. I agree it's definitely something you want to heck for in custom web apps vs nikto's static approach. While Nikto does have the -mutate 1 option, it seems to just apply its static filename checks across all static CGIDIRS defined in db_tests. Best Regards, -- Todd Haverkos, LPT MsCompE http://haverkos.com/ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Scanner for old files (.bak, ~, .old, etc.) Juan Kinunt (Jun 30)
- Re: Scanner for old files (.bak, ~, .old, etc.) Andres Riancho (Jun 30)
- Re: Scanner for old files (.bak, ~, .old, etc.) Benjamin Greenfield (Jun 30)
- Re: Scanner for old files (.bak, ~, .old, etc.) Gabriele Zanoni (Jun 30)
- Re: Scanner for old files (.bak, ~, .old, etc.) Sandro Gauci (Jun 30)
- Re: Scanner for old files (.bak, ~, .old, etc.) John Lampe (Jun 30)
- Re: Scanner for old files (.bak, ~, .old, etc.) rajat swarup (Jun 30)
- Re: Scanner for old files (.bak, ~, .old, etc.) Rogan Dawes (Jun 30)
- Re: Scanner for old files (.bak, ~, .old, etc.) pUm (Jun 30)
- Re: Scanner for old files (.bak, ~, .old, etc.) Todd Haverkos (Jun 30)
- <Possible follow-ups>
- Re: Scanner for old files (.bak, ~, .old, etc.) jason_jones98 (Jun 30)