Vulnerability Development mailing list archives
Re: script locations
From: "spi" <securityguru () earthlink net>
Date: Thu, 7 Jun 2001 20:34:56 -0400
Just a thought. I've often wanted a tool that I could point at a site, let run for a few hours, and come back with a probably list of server side scripts to poke at. Be nice if it produced lists of variables, too, while I'm asking...
Webinspect is your tool, http://www.spidynamics.com/download.html ----- Original Message ----- From: "Blue Boar" <BlueBoar () thievco com> To: <vuln-dev () securityfocus com> Sent: Thursday, June 07, 2001 5:15 PM Subject: Re: script locations
.pike Should we include .htm, and .html as well, since those can be mapped to be dynamic on most web servers? (i.e. you can enable SSI on .html on Apache.) I presume you're working on a web server scanner of some sort. It has occurred to me that it would be nice to have a tool that would spider a site, and record all URLs that are referred to via PUT or POST, or GET with variable passing. I realize that a dumb spider wouldn't get all the default examples files that aren't normally referenced, but are sitting there half the time. Nor would it get nested forms that require the first form to have some intelligent input to proceed, but it could be written to be somewhat interactive so that a person could help it get past forms when needed. Just a thought. I've often wanted a tool that I could point at a site, let run for a few hours, and come back with a probably list of server side scripts to poke at. Be nice if it produced lists of variables, too, while I'm asking... BB Michal Zalewski wrote:I am looking for a list of common locations, filenames and file
extensions
for cgi scripts, servlets and parsed html on miscleanous servers.
Current thread:
- script locations Michal Zalewski (Jun 07)
- RE: script locations Zane Hill (Jun 07)
- Re: script locations Dougal Campbell (Jun 07)
- Re: script locations Blue Boar (Jun 07)
- Re: script locations spi (Jun 07)
- Re: script locations Vitaly Osipov (Jun 08)
- <Possible follow-ups>
- RE: script locations Alex Andrews (Jun 07)
- RE: script locations Michal Zalewski (Jun 07)
- Re: script locations Benjamin Elijah Griffin (Jun 07)
- Re: script locations spi (Jun 07)
- Re: script locations securityforums (Jun 14)