Webrute.pl, by Dennis Rand, may be able to help here.
I tried this on a test machine last week. It's noisy in the logs, but
thorough, and slow with large brute force combinations. Take a look - its at
cirt.dk, I think.
Lyal.
-----Original Message-----
From: Lists [mailto:sakaba_at_alexandria.cc]
Sent: Saturday, 8 January 2005 3:35 AM
To: webappsec_at_securityfocus.com
Subject: How to list all the URLs on a web server
Hi Everyone,
I am auditing a system where files are stored on a web server and
accessed without authentication directly by an application that knows
each file URL. I don't like it but the app owner wants me to
demonstrate that someone could guess the URLs. I have tried a number
of spider tools but they are based on links so they don't pull up
anything.
I am wondering if there is a tool or another method where I could find
out all the URLs on the web site. The funny thing is I saw this same
kind of system with the same explanation just the other week at another
company. Maybe its a new trend...
Regards,
sakaba
Received on Jan 09 2005
Intro
