Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: RE: Website "Scanner"

RE: Website "Scanner"

From: <backed.up.by.2048.bit.encryption_at_hushmail.com>
Date: Wed, 8 Jan 2003 13:12:44 -0800

-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 08 Jan 2003 13:00:47 -0800 Chris Neppes <cneppes_at_port80software.com> wrote:
>A very rich list of hacker and other network security tools:
>
>http://www.insecure.org/tools.html

Nothing there that I can see. The concept's quite simple:-

say you even know the directory

http://www.microsoft.com/new_products/bigwinner2002.html

I want something that via dictionary or other, attacks all the files in "new_products" until it hits on something.

>Port80 Software, Inc.
>www.port80software.com
>
>5252 Balboa Ave., Ste. 605
>San Diego, CA 92117
>cneppes_at_port80software.com
>858.268.7960 voice
>619.606.2860 cell
>858.268.7760 fax
>
>Web server modules for Microsoft IIS.
>security. performance. user experience.
>
>
>
>-----Original Message-----
>From: backed.up.by.2048.bit.encryption_at_hushmail.com
>[mailto:backed.up.by.2048.bit.encryption_at_hushmail.com]
>Sent: Wednesday, January 08, 2003 12:54 PM
>To: webappsec_at_securityfocus.com
>Cc: vuln-dev_at_securityfocus.com
>Subject: Website "Scanner"
>
>
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Is there anything out there like a port scanner but for websites,
> where
>it dictionary attacks the files. For example you plug in the domain:
>
>http://www.foo.com
>
>and tries to find .html files (or other)
>
>http://www.foo.com - index.html
> ndex.html
> dex.html
> ex.html
>
>
>......etc
>
>where runs through numerous possibilities to hit on files on the
>server
>(and even) directories). If so, one could certainly hit on some
>sensitive information, say where the administrator has been testing
>something, or internal product infos etc.
>
>If there is nothing out there like this, why not?
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: Hush 2.2 (Java)
>Note: This signature can be verified at https://www.hushtools.com/verify
>
>wnUEARECADUFAj4cj18uHGJhY2tlZC51cC5ieS4yMDQ4LmJpdC5lbmNyeXB0aW9uQGh1
>c2htYWlsLmNvbQAKCRDEHQGvBp4eRJLBAKCPZpeToNzqtkqKkaIROClm91qhXgCfe4Eo
>/YwZbPRhApi54B5jewqOYCk=
>=d2v7
>-----END PGP SIGNATURE-----
>
>
>
>
>Concerned about your privacy? Follow this link to get
>FREE encrypted email: https://www.hushmail.com/?l=2
>
>Big $$$ to be made with the HushMail Affiliate Program:
>https://www.hushmail.com/about.php?subloc=affiliate&l=427
>
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wnUEARECADUFAj4ck9wuHGJhY2tlZC51cC5ieS4yMDQ4LmJpdC5lbmNyeXB0aW9uQGh1
c2htYWlsLmNvbQAKCRDEHQGvBp4eRKckAJ0RSnfBT9vI8BHnQrW1PFzUI9n+SgCdGGDd
jDhzEZgZ8aQ8F1YgqtYPCEQ=
=llxu
-----END PGP SIGNATURE-----

Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Big $$$ to be made with the HushMail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
Received on Jan 08 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos