Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] New script http-backup-finder
From: Patrik Karlsson <patrik () cqure net>
Date: Thu, 15 Dec 2011 10:21:58 +0100

On Thu, Dec 15, 2011 at 7:48 AM, David Fifield <david () bamsoftware com>wrote:

On Sat, Dec 10, 2011 at 11:37:01AM +0100, Patrik Karlsson wrote:
Hi all,

I've made a bunch of improvements to the httpspider, made some changes to
the http-email-harvest script and just commited a new script called
http-backup-finder.
The new scripts crawls a site and then attempts to find backup files by
requesting known backup patterns eg: index.html~, index.bak etc.

Here's an article with some other passwords you might want to add. The
author did a survey of the most popular web sites and found a lot with
CMS configuration files stored in editor backups.

http://www.feross.org/cmsploit/

David Fifield


Thank's David. I'll add those backup templates to the list as well.
I think the files, with the different combinations, should be added to
http-enum as well as the spider is unlikely to hit pages like wp-config.php.

//Patrik
-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault