WebApp Sec mailing list archives
Re: Website "Scanner"
From: Dave Aitel <dave () immunitysec com>
Date: Wed, 8 Jan 2003 18:09:21 -0500
SPIKE Proxy (http://www.immunitysec.com/spike.html) has this feature (actually, it has it twice since it also supports Whisker DB via VulnXML, etc). Let me know if you have any problems with it. Dave Aitel Immunity, Inc. On Wed, 8 Jan 2003 16:12:27 -0500 "Kevin Spett" <kspett () spidynamics com> wrote:
Whisker, Metis, nikto (whisker-based) CGI scanners have open libraries that would allow you to add these kinds of checks. http://www.wiretrip.net/rfp/ If you're interested in a commerical solution, WebInspect does this also. Kevin Spett SPI Labs http://www.spidynamics.com/ ----- Original Message ----- From: <backed.up.by.2048.bit.encryption () hushmail com> To: <webappsec () securityfocus com> Cc: <vuln-dev () securityfocus com> Sent: Wednesday, January 08, 2003 3:53 PM Subject: Website "Scanner"-----BEGIN PGP SIGNED MESSAGE----- Is there anything out there like a port scanner but for websites, where itdictionary attacks the files. For example you plug in the domain:http://www.foo.com and tries to find .html files (or other) http://www.foo.com - index.html ndex.html dex.html ex.html ......etc where runs through numerous possibilities to hit on files on the server(and even) directories). If so, one could certainly hit on some sensitive information, say where the administrator has been testing something, or internal product infos etc.If there is nothing out there like this, why not? -----BEGIN PGP SIGNATURE----- Version: Hush 2.2 (Java) Note: This signature can be verified at https://www.hushtools.com/verify wnUEARECADUFAj4cj18uHGJhY2tlZC51cC5ieS4yMDQ4LmJpdC5lbmNyeXB0aW9uQGh1 c2htYWlsLmNvbQAKCRDEHQGvBp4eRJLBAKCPZpeToNzqtkqKkaIROClm91qhXgCfe4Eo /YwZbPRhApi54B5jewqOYCk= =d2v7 -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
Current thread:
- Website "Scanner" backed . up . by . 2048 . bit . encryption (Jan 08)
- Re: Website "Scanner" Kevin Spett (Jan 08)
- Re: Website "Scanner" Dave Aitel (Jan 08)
- Re: Website "Scanner" sullo (Jan 08)
- Re: Website "Scanner" Javier Fernandez-Sanguino (Jan 09)
- Re: Website "Scanner" Martin Eiszner (Jan 11)
- Re: Website "Scanner" Javier Fernandez-Sanguino (Jan 09)
- RE: Website "Scanner" Nelson Sampaio Araujo Junior (Jan 08)
- Re: Website "Scanner" Chris Reining (Jan 08)
- Re: Website "Scanner" Nicolas Waisman (Jan 11)
- <Possible follow-ups>
- RE: Website "Scanner" Chris Neppes (Jan 08)
- RE: Website "Scanner" Zimin, Alex (Jan 08)
- Re: Website "Scanner" Joris De Donder (Jan 08)
- RE: Website "Scanner" backed . up . by . 2048 . bit . encryption (Jan 08)
(Thread continues...)
- Re: Website "Scanner" Kevin Spett (Jan 08)