Nikto is a more powerful version of a similar Perl script called Whisker.
In addition to what's been said about Nikto, it also offers the creation of
a neat output file, and has a built-in updating feature allowing it to
refresh its database with the latest vulnerabilities.
Brian Pomeroy
e-Transformation / e-Medicine Center
The Children's Hospital of Philadelphia
http://www.chop.edu/
pomeroy_at_email.chop.edu
Personal website: http://www.voicenet.com/~lunar/
-----Original Message-----
From: Mark Parter [mailto:m-parter_at_fife.ac.uk]
Sent: Tuesday, October 14, 2003 7:07 AM
To: webappsec_at_securityfocus.com
Subject: RE: Web App URL Scanner
Hi,
You could try a Perl script called Nikto. This doesn't necessarily return
all direcotries at a specific website but it will return any that it thinks
are vulnerable to attack and/or shouldn't be available to the general
public. See here for more info: http://www.cirt.net/code/nikto.shtml
Maybe not exactly what your looking for but it's a start.
HTH,
Mark Parter
-----Original Message-----
From: Jimi Thompson [mailto:jimit_at_myrealbox.com]
Sent: 14 October 2003 03:35
To: webappsec_at_securityfocus.com
Subject: Web App URL Scanner[Scanned]
All,
I'm currently seeking some software that will test all possible URL's
on an web application, much like a dictionary attack against a
password. I could probably write it but I'd rather just download
something if I can. I'd like to see if I'm able to discover URL's
that aren't normally accessible. If anyone has ideas, I'd be
grateful.
Thanks,
Ms. Jimi Thompson, CISSP
Received on Oct 14 2003
Intro
