WebApp Sec mailing list archives
Re: Website "Scanner"
From: Javier Fernandez-Sanguino <jfernandez () germinus com>
Date: Thu, 09 Jan 2003 13:57:14 +0100
sullo () cirt net wrote:
Well, the user enumeration plugin could be trivially be modified to do a brute force attack of filenames too. The problem being, however, that the number of requests you are going to make are quite high (and increase exponentially). Maybe it would be better to try to first index the site (spider like), and then attempt to retrieve "mutated" filenames. For example, if you see index.html try: index.html.old, index.html.bak...Quoting backed.up.by.2048.bit.encryption () hushmail com:Is there anything out there like a port scanner but for websites, where it dictionary attacks the files. For example you plug in the domain:Not that I know of. The closest I can think of are two functions I have in Nikto, which can do two similar things currently:1) guess Apache user names in a similar manner For example~a ~aa etc
Regards Javi
Current thread:
- Website "Scanner" backed . up . by . 2048 . bit . encryption (Jan 08)
- Re: Website "Scanner" Kevin Spett (Jan 08)
- Re: Website "Scanner" Dave Aitel (Jan 08)
- Re: Website "Scanner" sullo (Jan 08)
- Re: Website "Scanner" Javier Fernandez-Sanguino (Jan 09)
- Re: Website "Scanner" Martin Eiszner (Jan 11)
- Re: Website "Scanner" Javier Fernandez-Sanguino (Jan 09)
- RE: Website "Scanner" Nelson Sampaio Araujo Junior (Jan 08)
- Re: Website "Scanner" Chris Reining (Jan 08)
- Re: Website "Scanner" Nicolas Waisman (Jan 11)
- <Possible follow-ups>
- RE: Website "Scanner" Chris Neppes (Jan 08)
- RE: Website "Scanner" Zimin, Alex (Jan 08)
- Re: Website "Scanner" Joris De Donder (Jan 08)
- RE: Website "Scanner" backed . up . by . 2048 . bit . encryption (Jan 08)
- RE: Website "Scanner" glyng (Jan 08)
- Re: Website "Scanner" Kurt Seifried (Jan 08)
- RE: Website "Scanner" glyng (Jan 08)
(Thread continues...)
- Re: Website "Scanner" Kevin Spett (Jan 08)