RE: Website "Scanner"

-----BEGIN PGP SIGNED MESSAGE-----



On Wed, 08 Jan 2003 13:00:47 -0800 Chris Neppes <cneppes@xxxxxxxxxxxxxxxxxx> 
wrote:
>A very rich list of hacker and other network security tools:
>
>http://www.insecure.org/tools.html

Nothing there that I can see.  The concept's quite simple:-

say you even know the directory

http://www.microsoft.com/new_products/bigwinner2002.html

I want something that via dictionary or other, attacks all the files in 
"new_products" until it hits on something.


>Port80 Software, Inc.
>www.port80software.com
>
>5252 Balboa Ave., Ste. 605
>San Diego, CA 92117
>cneppes@xxxxxxxxxxxxxxxxxx
>858.268.7960 voice
>619.606.2860 cell
>858.268.7760 fax
>
>Web server modules for Microsoft IIS.
>security. performance. user experience.
>
>
>
>-----Original Message-----
>From: backed.up.by.2048.bit.encryption@xxxxxxxxxxxx
>[mailto:backed.up.by.2048.bit.encryption@xxxxxxxxxxxx]
>Sent: Wednesday, January 08, 2003 12:54 PM
>To: webappsec@xxxxxxxxxxxxxxxxx
>Cc: vuln-dev@xxxxxxxxxxxxxxxxx
>Subject: Website "Scanner"
>
>
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Is there anything out there like a port scanner but for websites,
> where
>it dictionary attacks the files. For example you plug in the domain:
>
>http://www.foo.com
>
>and tries to find .html files (or other)
>
>http://www.foo.com - index.html
>                      ndex.html
>                       dex.html
>                        ex.html
>
>
>......etc
>
>where runs through numerous possibilities to hit on files on the
>server
>(and even) directories).  If so, one could certainly hit on some
>sensitive information, say where the administrator has been testing
>something, or internal product infos etc.
>
>If there is nothing out there like this, why not?
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: Hush 2.2 (Java)
>Note: This signature can be verified at https://www.hushtools.com/verify
>
>wnUEARECADUFAj4cj18uHGJhY2tlZC51cC5ieS4yMDQ4LmJpdC5lbmNyeXB0aW9uQGh1
>c2htYWlsLmNvbQAKCRDEHQGvBp4eRJLBAKCPZpeToNzqtkqKkaIROClm91qhXgCfe4Eo
>/YwZbPRhApi54B5jewqOYCk=
>=d2v7
>-----END PGP SIGNATURE-----
>
>
>
>
>Concerned about your privacy? Follow this link to get
>FREE encrypted email: https://www.hushmail.com/?l=2
>
>Big $$$ to be made with the HushMail Affiliate Program:
>https://www.hushmail.com/about.php?subloc=affiliate&l=427
>
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wnUEARECADUFAj4ck9wuHGJhY2tlZC51cC5ieS4yMDQ4LmJpdC5lbmNyeXB0aW9uQGh1
c2htYWlsLmNvbQAKCRDEHQGvBp4eRKckAJ0RSnfBT9vI8BHnQrW1PFzUI9n+SgCdGGDd
jDhzEZgZ8aQ8F1YgqtYPCEQ=
=llxu
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2 

Big $$$ to be made with the HushMail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427