|
osdir.com mailing list archive |
|
Subject: RE: Web App URL Scanner - msg#00034List: security.web-applicationsecho $i (echo "GET $i HTTP/1.0 " echo "Host: ${server}:${port}" echo ) nc -v ${server} ${port} | head -1 done | tee mylogfile Where: list is a file containing the list of URL's that you would like to test for $server is the name or IP address of the server under test (preferably the name) $port is the port on which the server is running (typically 80) mylogfile is a file to write the results into If the server is an SSL server, you can use openssl instead of netcat, with a command line like echo ) | openssl s_client -connect ${server}:${port} -ign_eof | head -1 in the appropriate place. How you build the list of paths is entirely up to you. It may be worth using a proxy tool such as WebScarab (http://www.owasp.org/development/webscarab) to get an idea of exactly what paths currently exist, so that you can construct your list more accurately. Eventually, I hope to build this kind of functionality into WebScarab, but it is not there yet. Rogan > -----Original Message----- > From: Jimi Thompson [mailto:jimit@xxxxxxxxxxxxx] > Sent: 14 October 2003 04:35 AM > To: webappsec@xxxxxxxxxxxxxxxxx > Subject: Web App URL Scanner > > > All, > > I'm currently seeking some software that will test all possible URL's > on an web application, much like a dictionary attack against a > password. I could probably write it but I'd rather just download > something if I can. I'd like to see if I'm able to discover URL's > that aren't normally accessible. If anyone has ideas, I'd be > grateful. > > Thanks, > > Ms. Jimi Thompson, CISSP > Important Notice: This email is subject to important restrictions, qualifications and disclaimers ("the Disclaimer") that must be accessed and read by clicking here or by copying and pasting the following address into your Internet browser's address bar: http://www.Deloitte.co.za/Disc.htm. The Disclaimer is deemed to form part of the content of this email in terms of Section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you cannot access the Disclaimer, please obtain a copy thereof from us by sending an email to ClientServiceCentre@xxxxxxxxxxxxxxx Thread at a glance:
Previous Message by Date: click to view message previewRE: Web App URL ScannerHi, You could try a Perl script called Nikto. This doesn't necessarily return all direcotries at a specific website but it will return any that it thinks are vulnerable to attack and/or shouldn't be available to the general public. See here for more info: http://www.cirt.net/code/nikto.shtml Maybe not exactly what your looking for but it's a start. HTH, Mark Parter -----Original Message----- From: Jimi Thompson [mailto:jimit@xxxxxxxxxxxxx] Sent: 14 October 2003 03:35 To: webappsec@xxxxxxxxxxxxxxxxx Subject: Web App URL Scanner[Scanned] All, I'm currently seeking some software that will test all possible URL's on an web application, much like a dictionary attack against a password. I could probably write it but I'd rather just download something if I can. I'd like to see if I'm able to discover URL's that aren't normally accessible. If anyone has ideas, I'd be grateful. Thanks, Ms. Jimi Thompson, CISSP Next Message by Date: click to view message previewRE: Web App URL Scanner>I'd like to see if I'm able to discover URL's that aren't normally accessible. Not sure if this is what you're looking for, but SpikeProxy crawls the web server for typical URLs that aren't normally accessible: http://www.immunitysec.com/spikeproxy.html Roshen Paladion Networks http://www.paladion.net Previous Message by Thread: click to view message previewRE: Web App URL ScannerNikto is a more powerful version of a similar Perl script called Whisker. In addition to what's been said about Nikto, it also offers the creation of a neat output file, and has a built-in updating feature allowing it to refresh its database with the latest vulnerabilities. Brian Pomeroy e-Transformation / e-Medicine Center The Children's Hospital of Philadelphia http://www.chop.edu/ pomeroy@xxxxxxxxxxxxxx Personal website: http://www.voicenet.com/~lunar/ -----Original Message----- From: Mark Parter [mailto:m-parter@xxxxxxxxxx] Sent: Tuesday, October 14, 2003 7:07 AM To: webappsec@xxxxxxxxxxxxxxxxx Subject: RE: Web App URL Scanner Hi, You could try a Perl script called Nikto. This doesn't necessarily return all direcotries at a specific website but it will return any that it thinks are vulnerable to attack and/or shouldn't be available to the general public. See here for more info: http://www.cirt.net/code/nikto.shtml Maybe not exactly what your looking for but it's a start. HTH, Mark Parter -----Original Message----- From: Jimi Thompson [mailto:jimit@xxxxxxxxxxxxx] Sent: 14 October 2003 03:35 To: webappsec@xxxxxxxxxxxxxxxxx Subject: Web App URL Scanner[Scanned] All, I'm currently seeking some software that will test all possible URL's on an web application, much like a dictionary attack against a password. I could probably write it but I'd rather just download something if I can. I'd like to see if I'm able to discover URL's that aren't normally accessible. If anyone has ideas, I'd be grateful. Thanks, Ms. Jimi Thompson, CISSP Next Message by Thread: click to view message previewSecuring Outlook Web Access (OWA)hello! I am currently looking for a way to secure the deployment of several Outlook Web Access servers (WebMail for MS Exchange 2000). These are our project specifications: We have about 20 OWA servers over a worldwide Intranet. Each OWA server is autonomous (Independent list of addresses) but with a unique point of access available via the Internet. Thus each user (regardless of the OWA server hosting the user Box) connects with a unique URL: https://mail.mycompany.com The HTTP reverse proxy must perform the following operations: - Perform a user authentication with X509 client certificate - If the X509 certificate is valid : HTTP authentication via an LDAP server - If the authentication is valid then redirect automatically to the appropriate OWA server (owa-x.mycompany.com). The redirection changes the hostname but all the flows redirected must pass by the Reverse Proxy (unique point of entry obligatory for all the Webmail flows). - The authentication must be (if possible) Single Sign On, which means that the user doesn?t have to reauthenticate himself when reaching the final OWA server. - An applicative flow control must be integrated to avoid all OWA server attacks (XSS, SQL injection, Session hijacking, etc?) One LDAP list of addresses for all the users is used. It contains the following elements: - Login user name(For HTTP authentication) - Login user password (For HTTP authentication) - DN field for X509 certificate (to verify the username/certificate association) - URL for the OWA server associated with the user (for the redirection) The connection between the Reverse Proxy and the LDAP server must be secure (LDAPS). I am in the process of testing Axiliance?s RealSentry Appliance. The product seems to correspond perfectly to our needs and I would like to know if you have any feedback on your experience of this product. If you know an other product meeting these specifications, I would be very grateful if you would contact me. Best Regards, Pierre Luc LEVASSEUR pierre-luc.levasseur@xxxxxxxxxxx Accédez au courrier électronique de La Poste : www.laposte.net ; 3615 LAPOSTENET (0,34?/mn) ; tél : 08 92 68 13 50 (0,34?/mn) Loading Comments...
|
|
