|
|
Re: Website "Scanner": msg#00006security.vulnerabilities
Quoting backed.up.by.2048.bit.encryption@xxxxxxxxxxxx: > Is there anything out there like a port scanner but for websites, where it > dictionary attacks the files. For example you plug in the domain: Not that I know of. The closest I can think of are two functions I have in Nikto, which can do two similar things currently: 1) guess Apache user names in a similar manner For example ~a ~aa etc 2) take all the files an mix them with all the directories from the scan database, so that: /dir1/file1.html /dir2/file2.html /dir3/file3.html turns into requests for /dir1/file1.html /dir1/file2.html /dir1/file3.html /dir2/file1.html /dir2/file2.html /dir2/file3.html /dir3/file1.html /dir3/file2.html /dir3/file3.html With 2000+ entries in the db this makes for a *lot* of guesses, but is not exactly enumeration. > If there is nothing out there like this, why not? The biggest reason is the time it would take for a somewhat comprehensive scan. http://www.cirt.net/code/nikto.shtml -Sullo |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: Website "Scanner": 00006, Kevin Spett |
|---|---|
| Next by Date: | RE: Website "Scanner": 00006, Nelson Sampaio Araujo Junior |
| Previous by Thread: | Re: Website "Scanner"i: 00006, Dave Aitel |
| Next by Thread: | Re: Website "Scanner": 00006, Javier Fernandez-Sanguino |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |