RE: Website "Scanner"

["Chris Neppes" <cneppes () port80software com>]

A very rich list of hacker and other network security tools:

http://www.insecure.org/tools.html 

    ::::::::::     ::::::::::

Chris Neppes 
Director of Sales & Marketing 
Port80 Software, Inc. 
www.port80software.com   

5252 Balboa Ave., Ste. 605 
San Diego, CA 92117 
cneppes () port80software com
858.268.7960 voice
619.606.2860 cell 
858.268.7760 fax

Web server modules for Microsoft IIS.
security. performance. user experience.



-----Original Message-----
From: backed.up.by.2048.bit.encryption () hushmail com
[mailto:backed.up.by.2048.bit.encryption () hushmail com] 
Sent: Wednesday, January 08, 2003 12:54 PM
To: webappsec () securityfocus com
Cc: vuln-dev () securityfocus com
Subject: Website "Scanner"


-----BEGIN PGP SIGNED MESSAGE-----

Is there anything out there like a port scanner but for websites, where
it dictionary attacks the files. For example you plug in the domain:

http://www.foo.com

and tries to find .html files (or other)

http://www.foo.com - index.html
                      ndex.html
                       dex.html
                        ex.html


......etc

where runs through numerous possibilities to hit on files on the server
(and even) directories).  If so, one could certainly hit on some
sensitive information, say where the administrator has been testing
something, or internal product infos etc.

If there is nothing out there like this, why not?


-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wnUEARECADUFAj4cj18uHGJhY2tlZC51cC5ieS4yMDQ4LmJpdC5lbmNyeXB0aW9uQGh1
c2htYWlsLmNvbQAKCRDEHQGvBp4eRJLBAKCPZpeToNzqtkqKkaIROClm91qhXgCfe4Eo
/YwZbPRhApi54B5jewqOYCk=
=d2v7
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2 

Big $$$ to be made with the HushMail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427