Re: Website "Scanner"

Some lines of Python....

from socket import *
import string,sys
s=socket(AF_INET, SOCK_STREAM)
s.connect( (sys.argv[1], 80))
bleh=sys.argv[2]
s.send("GET /"+ bleh + " HTTP/1.0\n\r\n\r")
if s.recv(1024).find("HTTP/1.1 404") > -1:
        print "WIIIIIIIIIIIIIIIIIIIII"
s.close()

You can make lots of  improvements to this... in 4 lines and 3 minutes of code 
:D
Bye
Nico


backed.up.by.2048.bit.encryption@xxxxxxxxxxxx wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
>
> Is there anything out there like a port scanner but for websites, where it 
> dictionary attacks the files. For example you plug in the domain:
>
> http://www.foo.com
>
> and tries to find .html files (or other)
>
> http://www.foo.com - index.html
>                      ndex.html
>                       dex.html
>                        ex.html
>
>
> ......etc
>
> where runs through numerous possibilities to hit on files on the server (and 
> even) directories).  If so, one could certainly hit on some sensitive 
> information, say where the administrator has been testing something, or 
> internal product infos etc.
>
> If there is nothing out there like this, why not?
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: Hush 2.2 (Java)
> Note: This signature can be verified at https://www.hushtools.com/verify
>
> wnUEARECADUFAj4cj18uHGJhY2tlZC51cC5ieS4yMDQ4LmJpdC5lbmNyeXB0aW9uQGh1
> c2htYWlsLmNvbQAKCRDEHQGvBp4eRJLBAKCPZpeToNzqtkqKkaIROClm91qhXgCfe4Eo
> /YwZbPRhApi54B5jewqOYCk=
> =d2v7
> -----END PGP SIGNATURE-----
>
>
>
>
> Concerned about your privacy? Follow this link to get
> FREE encrypted email: https://www.hushmail.com/?l=2 
>
> Big $$$ to be made with the HushMail Affiliate Program: 
> https://www.hushmail.com/about.php?subloc=affiliate&l=427
>
>
>