WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Website "Scanner"

From: "Zimin, Alex" <alex () towerrecords com>
Date: Wed, 8 Jan 2003 13:02:47 -0800

You can try "Nikto" web server scanner:
http://www.cirt.net/code/nikto.shtml

Alex.

-----Original Message-----
From: backed.up.by.2048.bit.encryption () hushmail com [mailto:backed.up.by.2048.bit.encryption () hushmail com] 
Sent: Wednesday, January 08, 2003 12:54 PM
To: webappsec () securityfocus com
Cc: vuln-dev () securityfocus com
Subject: Website "Scanner"


-----BEGIN PGP SIGNED MESSAGE-----

Is there anything out there like a port scanner but for websites, where it dictionary attacks the files. For example 
you plug in the domain:

http://www.foo.com

and tries to find .html files (or other)

http://www.foo.com - index.html
                      ndex.html
                       dex.html
                        ex.html


......etc

where runs through numerous possibilities to hit on files on the server (and even) directories).  If so, one could 
certainly hit on some sensitive information, say where the administrator has been testing something, or internal 
product infos etc.

If there is nothing out there like this, why not?
Previous By Date Next
Previous By Thread Next

Current thread: