Penetration Testing mailing list archives
Re: Scanner for old files (.bak, ~, .old, etc.)
From: Robin Wood <dninja () gmail com>
Date: Wed, 1 Jul 2009 09:03:07 +0100
2009/6/30 Juan Kinunt <kinunt () gmail com>:
Hi, I would like to know if anyone knows a tool that first spiders the web in order to enumerate al files and scripts it detects and then look for this same files but with another extension. For example, first spiders the web and enumerate: index.php news.php cart.php And then looks for index.php.bak, index.php.inc, index.php~, index.bak, index.old, etc. This tool will be useful supossing that programmers tend to change the extension of the file to store old files. I know Nikto, Wikto, etc... but this tools look for predefined files and I would like to target already existing files but with different extension. If the tool does not exist I'll try to code something. Thanks.
Webscarab can do this, find a page on the site then go to the Extensions tab where you can specify a list of extensions. The spider then goes off and checks the site and for all the pages it finds it tries them with the extra extensions. Robin ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Scanner for old files (.bak, ~, .old, etc.) Robin Wood (Jul 02)
- <Possible follow-ups>
- RE: Scanner for old files (.bak, ~, .old, etc.) Tal Argoni (Jul 02)
- Re: Scanner for old files (.bak, ~, .old, etc.) Nikhil Wagholikar (Jul 02)
- Re: Scanner for old files (.bak, ~, .old, etc.) Jeremy Brown (Jul 02)
- Re: Scanner for old files (.bak, ~, .old, etc.) SD List (Jul 02)
- Re: Scanner for old files (.bak, ~, .old, etc.) Vedantam sekhar (Jul 17)