Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: RE: Website "Scanner"

RE: Website "Scanner"

From: Zimin, Alex <alex_at_towerrecords.com>
Date: Wed, 8 Jan 2003 13:02:47 -0800

You can try "Nikto" web server scanner:
http://www.cirt.net/code/nikto.shtml

Alex.

-----Original Message-----
From: backed.up.by.2048.bit.encryption_at_hushmail.com [mailto:backed.up.by.2048.bit.encryption_at_hushmail.com]
Sent: Wednesday, January 08, 2003 12:54 PM
To: webappsec_at_securityfocus.com
Cc: vuln-dev_at_securityfocus.com
Subject: Website "Scanner"

-----BEGIN PGP SIGNED MESSAGE-----

Is there anything out there like a port scanner but for websites, where it dictionary attacks the files. For example you plug in the domain:

http://www.foo.com

and tries to find .html files (or other)

http://www.foo.com - index.html
                      ndex.html
                       dex.html
                        ex.html

......etc

where runs through numerous possibilities to hit on files on the server (and even) directories). If so, one could certainly hit on some sensitive information, say where the administrator has been testing something, or internal product infos etc.

If there is nothing out there like this, why not?
Received on Jan 08 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos