Penetration Testing mailing list archives
Re: Scanner for old files (.bak, ~, .old, etc.)
From: D Adusumalli <asndpp () gmail com>
Date: Sat, 5 Sep 2009 18:49:48 +0530
All web application scanners have this feature built-in. - Durga On Thu, Jul 16, 2009 at 5:36 PM, Vedantam sekhar <sekhar56us () yahoo com> wrote:
I think w3af as well can do that and freeware. --- On Wed, 7/1/09, Robin Wood <dninja () gmail com> wrote:From: Robin Wood <dninja () gmail com> Subject: Re: Scanner for old files (.bak, ~, .old, etc.) To: "Juan Kinunt" <kinunt () gmail com> Cc: pen-test () securityfocus com Date: Wednesday, July 1, 2009, 1:33 PM 2009/6/30 Juan Kinunt <kinunt () gmail com>:Hi, I would like to know if anyone knows a tool that firstspiders the webin order to enumerate al files and scripts it detectsand then lookfor this same files but with another extension. Forexample, firstspiders the web and enumerate: index.php news.php cart.php And then looks for index.php.bak, index.php.inc,index.php~,index.bak, index.old, etc. This tool will be useful supossing that programmerstend to change theextension of the file to store old files. I know Nikto, Wikto, etc... but this tools look forpredefined filesand I would like to target already existing files butwith differentextension. If the tool does not exist I'll try to codesomething.Thanks.Webscarab can do this, find a page on the site then go to the Extensions tab where you can specify a list of extensions. The spider then goes off and checks the site and for all the pages it finds it tries them with the extra extensions. Robin ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Scanner for old files (.bak, ~, .old, etc.) D Adusumalli (Sep 09)
- Re: Scanner for old files (.bak, ~, .old, etc.) Radmilo Racic (Sep 09)