Penetration Testing (pen-test) Mailing List

Re: Scanner for old files (.bak, ~, .old, etc.)

Wed, 1 Jul 2009 18:11:57 +0200 (CEST)

Posted by SD List on Jul 1

Hi,
Definitively, a large number of tools and scanners are able to identify
such files.

Take a look here, we provide a list of tools (guyz in this list already
enumerated the best) you may need
(http://www.security-database.com/toolswatch/+-Application-Scanner-+.html)

Cheers

>...

Re: Scanner for old files (.bak, ~, .old, etc.)

Wed, 1 Jul 2009 08:46:19 +0530

Posted by Nikhil Wagholikar on Jul 1

Hello Juan Kinunt,

May be you can have a look at 'IntelliTamper'.

IntelliTamper is able to scan a website for unlisted files and folders
with a dictionary based scan.

More Info: http://www.intellitamper.com/
Or Email to : tamper_at_engineer.com

Hope this helps!!

--- Nikhil Wagholikar...

Re: Scanner for old files (.bak, ~, .old, etc.)

Thu, 2 Jul 2009 12:34:55 -0400

Posted by Jeremy Brown on Jul 2

I think I may find an alternative than touch IntelliTamper...

http://www.milw0rm.com/search.php?dong=intellitamper

On Tue, Jun 30, 2009 at 11:16 PM, Nikhil
Wagholikar<visitnikhil_at_gmail.com> wrote:
> Hello Juan Kinunt,
>
> May be you can have a look at 'IntelliTamper'.
...

SOURCE Barcelona Speaker Line-Up

Wed, 1 Jul 2009 22:14:55 +0200

Posted by Christian Martorella on Jul 1

SOURCE Barcelona 2009 Announcement
----------------------- ----------------------------------
www.sourceconference.com
September 21-22, 2009
EARLY BIRD RATE EXPIRES...

RE: Scanner for old files (.bak, ~, .old, etc.)

Wed, 1 Jul 2009 17:01:32 +0300

Posted by Tal Argoni on Jul 1

Hi,
Wikto is the perfect tool for this kind of job
http://www.sensepost.com

-----Original Message-----
From: listbounce_at_securityfocus.com [mailto:listbounce_at_securityfocus.com] On Behalf Of Juan Kinunt
Sent: Tuesday, June 30, 2009 3:47 PM
To: pen-test_at_securityfocus.com
...

Re: Scanner for old files (.bak, ~, .old, etc.)

Tue, 30 Jun 2009 11:27:55 -0500

Posted by Todd Haverkos on Jun 30

Juan Kinunt <kinunt_at_gmail.com> writes:

> Hi,
>
> I would like to know if anyone knows a tool that first spiders the web
> in order to enumerate al files and scripts it detects and then look
> for this same files but with another extension. For example, first
>...

Payloads for Burp Suite

Tue, 30 Jun 2009 12:53:43 -0400

Posted by Benjamin Greenfield on Jun 30

Does anyone know of a source of free and legal attack payloads for the
Burp Intruder?

I'm particularly interested in payloads for SQL injection where the
environment isn't known in advance. Having a predefined list of
payloads would be very helpful for me.

Thanks,

...

Re: Scanner for old files (.bak, ~, .old, etc.)

Tue, 30 Jun 2009 16:37:41 +0100

Posted by pUm on Jun 30

checkout the metasploit wmap extension. it is exactly what you're looking for.

2009/6/30 Juan Kinunt <kinunt_at_gmail.com>:
> Hi,
>
> I would like to know if anyone knows a tool that first spiders the web
> in order to enumerate al files and scripts it detects and then...

Re: Scanner for old files (.bak, ~, .old, etc.)

Tue, 30 Jun 2009 18:05:23 +0200

Posted by Rogan Dawes on Jun 30

Juan Kinunt wrote:
> Hi,
>
> I would like to know if anyone knows a tool that first spiders the web
> in order to enumerate al files and scripts it detects and then look
> for this same files but with another extension. For example, first
> spiders the web and enumerate:
...

Re: Scanner for old files (.bak, ~, .old, etc.)

Tue, 30 Jun 2009 13:56:23 -0400

Posted by rajat swarup on Jun 30

On Tue, Jun 30, 2009 at 8:47 AM, Juan Kinunt<kinunt_at_gmail.com> wrote:
> Hi,
>
> I would like to know if anyone knows a tool that first spiders the web
> in order to enumerate al files and scripts it detects and then look
> for this same files but with another...

Re: Scanner for old files (.bak, ~, .old, etc.)

30 Jun 2009 14:56:12 -0000

Posted by jason_jones98_at_hotmail.com on Jun 30

('binary' encoding is not supported, stored as-is) Hi.

Paros proxy does this well, if you view the scan policy you will see settings you require to enable. Also you could create your own list and input that into owasp directory buster.

...

Re: Scanner for old files (.bak, ~, .old, etc.)

Tue, 30 Jun 2009 11:56:01 -0500

Posted by John Lampe on Jun 30

Re: Scanner for old files (.bak, ~, .old, etc.)

Tue, 30 Jun 2009 17:23:13 +0200

Posted by Sandro Gauci on Jun 30

I guess this is a feature of many web application vulnerability
scanners (not Nikto but the XSS/SQLi etc type). I've used Acunetix's
WVS and it does exactly what you describe.

- sandro
w: http://enablesecurity.com/

On Tue, Jun 30, 2009 at 2:47 PM, Juan Kinunt<kinunt_at_gmail.com>...

Fwd: South Carolina amp Alaska Privacy Breach Notice Laws Go Into Effect July 1

Tue, 30 Jun 2009 16:41:27 -0400

Posted by Jeffrey Walton on Jun 30

>From the folks at Attrition and the Dataloss DB.

The other 44 sates and terrirories can be found at
http://www.ncsl.org/?tabid=13481.

---------- Forwarded message ----------
From: security curmudgeon <jericho_at_attrition.org>
Date: Tue, Jun 30, 2009 at 2:45 AM
Subject: South...

Re: Firewall Scan

Tue, 30 Jun 2009 14:48:08 -0400

Posted by Chris Brenton on Jun 30

Greets,

Actually, I believe Fydor dropped the Echo-Request probe in 4.x. nmap
simply hits TCP/80 with a SYN or ACK, depending on the version. Either
way, don't think this is nmap getting confused as hping produces similar
results and it never probes first.

IPv7,

Try setting some TCP...