mailing list archives
Re: [NSE] New script http-backup-finder
From: Patrik Karlsson <patrik () cqure net>
Date: Thu, 15 Dec 2011 10:21:58 +0100
On Thu, Dec 15, 2011 at 7:48 AM, David Fifield <david () bamsoftware com>wrote:
On Sat, Dec 10, 2011 at 11:37:01AM +0100, Patrik Karlsson wrote:
I've made a bunch of improvements to the httpspider, made some changes to
the http-email-harvest script and just commited a new script called
The new scripts crawls a site and then attempts to find backup files by
requesting known backup patterns eg: index.html~, index.bak etc.
Here's an article with some other passwords you might want to add. The
author did a survey of the most popular web sites and found a lot with
CMS configuration files stored in editor backups.
Thank's David. I'll add those backup templates to the list as well.
I think the files, with the different combinations, should be added to
http-enum as well as the spider is unlikely to hit pages like wp-config.php.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/