WebApp Sec mailing list archives
Re: Website "Scanner"
From: sullo () cirt net
Date: Wed, 8 Jan 2003 17:21:16 -0500
Quoting backed.up.by.2048.bit.encryption () hushmail com:
Is there anything out there like a port scanner but for websites, where it dictionary attacks the files. For example you plug in the domain:
Not that I know of. The closest I can think of are two functions I have in Nikto, which can do two similar things currently: 1) guess Apache user names in a similar manner For example ~a ~aa etc 2) take all the files an mix them with all the directories from the scan database, so that: /dir1/file1.html /dir2/file2.html /dir3/file3.html turns into requests for /dir1/file1.html /dir1/file2.html /dir1/file3.html /dir2/file1.html /dir2/file2.html /dir2/file3.html /dir3/file1.html /dir3/file2.html /dir3/file3.html With 2000+ entries in the db this makes for a *lot* of guesses, but is not exactly enumeration.
If there is nothing out there like this, why not?
The biggest reason is the time it would take for a somewhat comprehensive scan. http://www.cirt.net/code/nikto.shtml -Sullo
Current thread:
- Website "Scanner" backed . up . by . 2048 . bit . encryption (Jan 08)
- Re: Website "Scanner" Kevin Spett (Jan 08)
- Re: Website "Scanner" Dave Aitel (Jan 08)
- Re: Website "Scanner" sullo (Jan 08)
- Re: Website "Scanner" Javier Fernandez-Sanguino (Jan 09)
- Re: Website "Scanner" Martin Eiszner (Jan 11)
- Re: Website "Scanner" Javier Fernandez-Sanguino (Jan 09)
- RE: Website "Scanner" Nelson Sampaio Araujo Junior (Jan 08)
- Re: Website "Scanner" Chris Reining (Jan 08)
- Re: Website "Scanner" Nicolas Waisman (Jan 11)
- <Possible follow-ups>
- RE: Website "Scanner" Chris Neppes (Jan 08)
- RE: Website "Scanner" Zimin, Alex (Jan 08)
- Re: Website "Scanner" Joris De Donder (Jan 08)
- RE: Website "Scanner" backed . up . by . 2048 . bit . encryption (Jan 08)
- RE: Website "Scanner" glyng (Jan 08)
(Thread continues...)
- Re: Website "Scanner" Kevin Spett (Jan 08)