Penetration Testing mailing list archives

Re: Export results of spidering from WebScarab or Paros

From: vtlists () wyae de
Date: Mon, 15 Jun 2009 11:53:57 +0200

Alex Fiuvertiz writes:

I would suggest a go for the Burp instead (Burp Proxy)
Target->Site map->right click->spider this host
After spidering, right click and Copy URL:s/links

Or perhaps httrack or wget if you choose the command way.


...or the Thekla web spider (http://www.wyae.de/software/thekla/)

which was explicitly written to find forms and URLs with parametersthat can/should be tested in a web security pentest.


It conveniently lists the de-duplicated (!) URLs in a plain TXT file.
Additionally it lists them sorted with their referers (i.e. HTML
forms) - exactly the thing one needs in a web pentest.

But obviously I am biased.;-)


Bye

Volker


PS: Comments and suggestions are wholeheartedly welcome.

--

Volker Tanger    http://www.wyae.de/volker.tanger/
--------------------------------------------------
vtlists () wyae de                    PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC  8340 7424 6122 BB83 B8CB




------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Export results of spidering from WebScarab or Paros Juan Kinunt (Jun 10)
- Re: Export results of spidering from WebScarab or Paros Rogan Dawes (Jun 12)
- Re: Export results of spidering from WebScarab or Paros Martin Žember (Jun 12)
- Re: Export results of spidering from WebScarab or Paros Alex Fiuvertiz (Jun 12)
  - Re: Export results of spidering from WebScarab or Paros vtlists (Jun 15)