WebApp Sec mailing list archives
RE: Website "Scanner"
From: "Ian Griffiths" <ian.griffiths () liv-coll ac uk>
Date: Sat, 11 Jan 2003 17:23:53 -0000
What about some Perl arrays and trusty old wget? -----Original Message----- From: backed.up.by.2048.bit.encryption () hushmail com [mailto:backed.up.by.2048.bit.encryption () hushmail com] Sent: 08 January 2003 23:22 To: sullo () cirt net Cc: webappsec () securityfocus com; vuln-dev () securityfocus com Subject: Re: Website "Scanner" -----BEGIN PGP SIGNED MESSAGE----- On Wed, 08 Jan 2003 14:21:16 -0800 sullo () cirt net wrote:
2) take all the files an mix them with all the directories from the scan database, so that: /dir1/file1.html /dir2/file2.html /dir3/file3.html turns into requests for /dir1/file1.html /dir1/file2.html /dir1/file3.html /dir2/file1.html /dir2/file2.html /dir2/file3.html /dir3/file1.html /dir3/file2.html /dir3/file3.html
Yes, this is more the idea. We are not looking for vulns. or xploits, rather trying to intelligently "guess" what else is in that directory. Either through dictionary use or other use.
Current thread:
- Re: Website "Scanner", (continued)
- Re: Website "Scanner" Kurt Seifried (Jan 08)
- Re: Website "Scanner" sullo (Jan 09)
- Re: Website "Scanner" backed . up . by . 2048 . bit . encryption (Jan 08)
- Re: Website "Scanner" Nelson Sampaio Araujo Junior (Jan 09)
- Re: Website "Scanner" Chris Wysopal (Jan 09)
- Re: Website "Scanner" Mary Landesman (Jan 21)
- Re: Website "Scanner" Dave Aitel (Jan 09)
- Re: Website "Scanner" Kevin Spett (Jan 11)
- Re: Website "Scanner" Nelson Sampaio Araujo Junior (Jan 09)
- RE: Website "Scanner" glyn (Jan 10)
- Re: Website "Scanner" Todd Charron (Jan 11)