WebApp Sec mailing list archives

RE: Web App URL Scanner

From: Jimi Thompson <jimit () myrealbox com>
Date: Fri, 17 Oct 2003 17:50:23 -0500

Thanks to everyone for the good input. I was sure that I was not thefirst person to encounter a need for this.


Thanks again,

Jimi

At 2:59 PM +0200 10/17/03, Lluis Mora wrote:

Hi Jimi,

Perhaps you might want to try DIRB (http://www.t0s.org/), it performs a
dictionary attack searching for directories on webservers. It has a few
predefined dictionaries that work pretty well, although it is easily
customizable.

Cheers,

Lluis
.

 -----Original Message-----
 From: Jimi Thompson [mailto:jimit () myrealbox com]
 Sent: Tuesday, October 14, 2003 4:35 AM
 To: webappsec () securityfocus com
 Subject: Web App URL Scanner

 All,

 I'm currently seeking some software that will test all possible URL's
 on an web application, much like a dictionary attack against a
 password.  I could probably write it but I'd rather just download
 something if I can.  I'd like to see if I'm able to discover URL's
 that aren't normally accessible.  If anyone has ideas, I'd be
 grateful.

 Thanks,

 Ms. Jimi Thompson, CISSP

Current thread:

Web App URL Scanner Jimi Thompson (Oct 14)
- RE: Web App URL Scanner roshen.chandran (Oct 14)
- Re: Web App URL Scanner Jon Hart (Oct 14)
- RE: Web App URL Scanner Lluis Mora (Oct 17)
  - RE: Web App URL Scanner Jimi Thompson (Oct 17)
- <Possible follow-ups>
- RE: Web App URL Scanner Mark Parter (Oct 14)
  - RE: Web App URL Scanner Brian Pomeroy (Oct 14)
- RE: Web App URL Scanner Dawes, Rogan (ZA - Johannesburg) (Oct 14)