Penetration Testing: Re: Scanner for old files (.bak, ~, .old, etc.)

[Gabriele Zanoni <gabrieleml () securenetwork it>]

Il Tuesday 30 June 2009 14:47:28 Juan Kinunt ha scritto:
> Hi,
>
> I would like to know if anyone knows a tool that first spiders the web
> in order to enumerate al files and scripts it detects and then look
> for this same files but with another extension. For example, first
> spiders the web and enumerate:
>
> index.php
> news.php
> cart.php
>
> And then looks for index.php.bak, index.php.inc, index.php~,
> index.bak, index.old, etc.
>
> This tool will be useful supossing that programmers tend to change the
> extension of the file to store old files.
>
> I know Nikto, Wikto, etc... but this tools look for predefined files
> and I would like to target already existing files but with different
> extension.
>
> If the tool does not exist I'll try to code something.
>
> Thanks.
Hi Juan,

Burp Intruder can be a useful choice, see the cluster bomb function at

http://portswigger.net/intruder/help.html

Best regards,
Gabriele



-- 

Cordiali saluti
Gabriele Zanoni

Secure Network S.r.l.
Via Venezia, 23 - 20099 Sesto San Giovanni (MI) - Italia
Tel: +39 02.24126788 Mobile: +39 340.4820795
email: g.zanoni () securenetwork it
web: www.securenetwork.it

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------