Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Re: Website "Scanner"

Re: Website "Scanner"

From: Dave Aitel <dave_at_immunitysec.com>
Date: Wed, 8 Jan 2003 18:09:21 -0500

SPIKE Proxy (http://www.immunitysec.com/spike.html) has this feature
(actually, it has it twice since it also supports Whisker DB via
VulnXML, etc). Let me know if you have any problems with it.

Dave Aitel
Immunity, Inc.

On Wed, 8 Jan 2003 16:12:27 -0500
"Kevin Spett" <kspett_at_spidynamics.com> wrote:

> Whisker, Metis, nikto (whisker-based) CGI scanners have open libraries
> that would allow you to add these kinds of checks.
>
> http://www.wiretrip.net/rfp/
>
> If you're interested in a commerical solution, WebInspect does this
> also.
>
>
>
> Kevin Spett
> SPI Labs
> http://www.spidynamics.com/
>
> ----- Original Message -----
> From: <backed.up.by.2048.bit.encryption_at_hushmail.com>
> To: <webappsec_at_securityfocus.com>
> Cc: <vuln-dev_at_securityfocus.com>
> Sent: Wednesday, January 08, 2003 3:53 PM
> Subject: Website "Scanner"
>
>
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> >
> > Is there anything out there like a port scanner but for websites,
> > where it
> dictionary attacks the files. For example you plug in the domain:
> >
> > http://www.foo.com
> >
> > and tries to find .html files (or other)
> >
> > http://www.foo.com - index.html
> > ndex.html
> > dex.html
> > ex.html
> >
> >
> > ......etc
> >
> > where runs through numerous possibilities to hit on files on the
> > server
> (and even) directories). If so, one could certainly hit on some
> sensitive information, say where the administrator has been testing
> something, or internal product infos etc.
> >
> > If there is nothing out there like this, why not?
> >
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: Hush 2.2 (Java)
> > Note: This signature can be verified at
> > https://www.hushtools.com/verify
> >
> > wnUEARECADUFAj4cj18uHGJhY2tlZC51cC5ieS4yMDQ4LmJpdC5lbmNyeXB0aW9uQGh1
> > c2htYWlsLmNvbQAKCRDEHQGvBp4eRJLBAKCPZpeToNzqtkqKkaIROClm91qhXgCfe4Eo
> > /YwZbPRhApi54B5jewqOYCk=
> > =d2v7
> > -----END PGP SIGNATURE-----
> >
> >
> >
> >
> > Concerned about your privacy? Follow this link to get
> > FREE encrypted email: https://www.hushmail.com/?l=2
> >
> > Big $$$ to be made with the HushMail Affiliate Program:
> > https://www.hushmail.com/about.php?subloc=affiliate&l=427
> >
>
>
Received on Jan 08 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos