<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

WebApp Sec: Re: How to list all the URLs on a web server

Re: How to list all the URLs on a web server

From: <skill2die4_at_secguru.com>
Date: Fri, 7 Jan 2005 17:19:13 -0600 (CST)

>
> accessed without authentication directly by an application that knows
> each file URL.
>

I was in similar situation where the site i was testing had urls based
upon client names, but then how to enumerate all the clients in order to
move further ?

eg... www.xyz.com/<client-name>/login.asp

So, i googled -> site:"xyz.com"

but got nothing as they blocked the spiders ...damn ! now what .. hummm ?

then i googled -> link:"xyz.com"

which produced the links of all their client pages which were pointing to
xyz.com and helped me in moving further with my tests ;-)

Try other options like , inurl etc.. think like a spider !

HTH,

-=skillz=-
www.secguru.com/webapptest-cheatsheet.html

.
Received on Jan 09 2005

This message: [ Message body ]
Next message: Lyal Collins: "RE: How to list all the URLs on a web server"
Previous message: Paul Laudanski: "Re: Content monitorting in Application Security"
In reply to: Lists: "How to list all the URLs on a web server"
Next in thread: Lyal Collins: "RE: How to list all the URLs on a web server"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]