Re: Scanner for old files (.bak, ~, .old, etc.)

[D Adusumalli <asndpp () gmail com>]

All web application scanners have this feature built-in.

- Durga

On Thu, Jul 16, 2009 at 5:36 PM, Vedantam sekhar <sekhar56us () yahoo com> wrote:
> I think w3af as well can do that and freeware.
>
>
>
> --- On Wed, 7/1/09, Robin Wood <dninja () gmail com> wrote:
>
> > From: Robin Wood <dninja () gmail com>
> > Subject: Re: Scanner for old files (.bak, ~, .old, etc.)
> > To: "Juan Kinunt" <kinunt () gmail com>
> > Cc: pen-test () securityfocus com
> > Date: Wednesday, July 1, 2009, 1:33 PM
> > 2009/6/30 Juan Kinunt <kinunt () gmail com>:
> > > Hi,
> > >
> > > I would like to know if anyone knows a tool that first
> > spiders the web
> > > in order to enumerate al files and scripts it detects
> > and then look
> > > for this same files but with another extension. For
> > example, first
> > > spiders the web and enumerate:
> > >
> > > index.php
> > > news.php
> > > cart.php
> > >
> > > And then looks for index.php.bak, index.php.inc,
> > index.php~,
> > > index.bak, index.old, etc.
> > >
> > > This tool will be useful supossing that programmers
> > tend to change the
> > > extension of the file to store old files.
> > >
> > > I know Nikto, Wikto, etc... but this tools look for
> > predefined files
> > > and I would like to target already existing files but
> > with different
> > > extension.
> > >
> > > If the tool does not exist I'll try to code
> > something.
> > > Thanks.
> >
> > Webscarab can do this, find a page on the site then go to
> > the
> > Extensions tab where you can specify a list of extensions.
> > The spider
> > then goes off and checks the site and for all the pages it
> > finds it
> > tries them with the extra extensions.
> >
> > Robin
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Information Assurance
> > Certification Review Board
> >
> > Prove to peers and potential employers without a doubt that
> > you can actually do a proper penetration test. IACRB CPT and
> > CEPT certs require a full practical examination in order to
> > become certified.
> >
> > http://www.iacertification.org
> > ------------------------------------------------------------------------
>
>
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------