Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] New script http-backup-finder

From: David Fifield <david () bamsoftware com>
Date: Wed, 14 Dec 2011 22:48:44 -0800
On Sat, Dec 10, 2011 at 11:37:01AM +0100, Patrik Karlsson wrote:

Hi all,

I've made a bunch of improvements to the httpspider, made some changes to
the http-email-harvest script and just commited a new script called
http-backup-finder.
The new scripts crawls a site and then attempts to find backup files by
requesting known backup patterns eg: index.html~, index.bak etc.


Here's an article with some other passwords you might want to add. The
author did a survey of the most popular web sites and found a lot with
CMS configuration files stored in editor backups.

http://www.feross.org/cmsploit/

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: