RE: Website "Scanner"

Hi,

It would be fairly straight-forward to use a dictionary generator in
conjunction with any of the mentioned cgi-scanners (e.g. nikto, whisker
etc.) - or simply piped through netcat - to achieve your aim.

As others have mentioned, the key limiter will be the time involved to
make so many requests to a server.

It would probably be more efficient to produce a list of 'likely' root
names (e.g. index, default, login) and extensions (htm, html, asp, php
etc.) and iterate through them based on selected or enumerated paths on
the target.

Glyn.

> -----Original Message-----
> From: backed.up.by.2048.bit.encryption@xxxxxxxxxxxx 
> [mailto:backed.up.by.2048.bit.encryption@xxxxxxxxxxxx] 
> Sent: 08 January 2003 21:13
> To: webappsec@xxxxxxxxxxxxxxxxx; cneppes@xxxxxxxxxxxxxxxxxx
> Cc: vuln-dev@xxxxxxxxxxxxxxxxx
> Subject: RE: Website "Scanner"
> 
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> 
> 
> On Wed, 08 Jan 2003 13:00:47 -0800 Chris Neppes 
> <cneppes@xxxxxxxxxxxxxxxxxx> wrote:
> >A very rich list of hacker and other network security tools:
> >
> >http://www.insecure.org/tools.html
> 
> Nothing there that I can see.  The concept's quite simple:-
> 
> say you even know the directory
> 
> http://www.microsoft.com/new_products/bigwinner2002.html
> 
> I want something that via dictionary or other, attacks all 
> the files in "new_products" until it hits on something.
> 
> 
> >Port80 Software, Inc.
> >www.port80software.com
> >
> >5252 Balboa Ave., Ste. 605
> >San Diego, CA 92117
> >cneppes@xxxxxxxxxxxxxxxxxx
> >858.268.7960 voice
> >619.606.2860 cell
> >858.268.7760 fax
> >
> >Web server modules for Microsoft IIS.
> >security. performance. user experience.
> >
> >
> >
> >-----Original Message-----
> >From: backed.up.by.2048.bit.encryption@xxxxxxxxxxxx
> >[mailto:backed.up.by.2048.bit.encryption@xxxxxxxxxxxx]
> >Sent: Wednesday, January 08, 2003 12:54 PM
> >To: webappsec@xxxxxxxxxxxxxxxxx
> >Cc: vuln-dev@xxxxxxxxxxxxxxxxx
> >Subject: Website "Scanner"
> >
> >
> >-----BEGIN PGP SIGNED MESSAGE-----
> >
> >Is there anything out there like a port scanner but for websites,  
> >where it dictionary attacks the files. For example you plug in the 
> >domain:
> >
> >http://www.foo.com
> >
> >and tries to find .html files (or other)
> >
> >http://www.foo.com - index.html
> >                      ndex.html
> >                       dex.html
> >                        ex.html
> >
> >
> >......etc
> >
> >where runs through numerous possibilities to hit on files on 
> the server
> >(and even) directories).  If so, one could certainly hit on some
> >sensitive information, say where the administrator has been testing
> >something, or internal product infos etc.
> >
> >If there is nothing out there like this, why not?
> >
> >
> >-----BEGIN PGP SIGNATURE-----
> >Version: Hush 2.2 (Java)
> >Note: This signature can be verified at 
> >https://www.hushtools.com/verify
> >
> >wnUEARECADUFAj4cj18uHGJhY2tlZC51cC5ieS4yMDQ4LmJpdC5lbmNyeXB0aW9uQGh1
> >c2htYWlsLmNvbQAKCRDEHQGvBp4eRJLBAKCPZpeToNzqtkqKkaIROClm91qhXgCfe4Eo
> >/YwZbPRhApi54B5jewqOYCk=
> >=d2v7
> >-----END PGP SIGNATURE-----
> >
> >
> >
> >
> >Concerned about your privacy? Follow this link to get
> >FREE encrypted email: https://www.hushmail.com/?l=2
> >
> >Big $$$ to be made with the HushMail Affiliate Program: 
> >https://www.hushmail.com/about.php?subloc=affiliate&l=427
> >
> -----BEGIN PGP SIGNATURE-----
> Version: Hush 2.2 (Java)
> Note: This signature can be verified at 
> https://www.hushtools.com/verify
> 
> 
> wnUEARECADUFAj4ck9wuHGJhY2tlZC51cC5ieS4yMDQ4LmJpdC5lbmNyeXB0aW9uQGh1
> c2htYWlsLmNvbQAKCRDEHQGvBp4eRKckAJ0RSnfBT9vI8BHnQrW1PFzUI9n+SgCdGGDd
> jDhzEZgZ8aQ8F1YgqtYPCEQ=
> =llxu
> -----END PGP SIGNATURE-----
> 
> 
> 
> 
> Concerned about your privacy? Follow this link to get
> FREE encrypted email: https://www.hushmail.com/?l=2 
> 
> Big $$$ to be made with the HushMail Affiliate Program: 
> https://www.hushmail.com/about.php?subloc=affiliate&l=427
>