Re: How to list all the URLs on a web server

[Dan Connelly <connellyd () gmail com>]

I have used Nikto, Paros, and Webscarab to look for vulnerabilities in
web applications, and might be useful in your case.  They all have
their strengths, if the hidden page is in a common directory (ie
cgi-bin, samples, etc..) most scanners should be able to find it.  I
would definately download and run Nikto as a first try because of its
ease of use (./nikto.pl -h <target>).  Paros and Webscarab might be a
little more than you need at this point but would be worth a try if
Nikto doesn't find anything.
Hope this helps...
Dan


On Sat, 8 Jan 2005 01:35:08 +0900, Lists <sakaba () alexandria cc> wrote:
> Hi Everyone,
>
> I am auditing a system where files are stored on a web server and
> accessed without authentication directly by an application that knows
> each file URL.  I don't like it but the app owner wants me to
> demonstrate that someone could guess the URLs.  I have tried a number
> of spider tools but they are based on links so they don't pull up
> anything.
>
> I am wondering if there is a tool or another method where I could find
> out all the URLs on the web site.   The funny thing is I saw this same
> kind of system with the same explanation just the other week at another
> company.  Maybe its a new trend...
>
> Regards,
> sakaba