RE: Web App URL Scanner

["Brian Pomeroy" <lunar () voicenet com>]

Nikto is a more powerful version of a similar Perl script called Whisker.
In addition to what's been said about Nikto, it also offers the creation of
a neat output file, and has a built-in updating feature allowing it to
refresh its database with the latest vulnerabilities.

Brian Pomeroy
e-Transformation / e-Medicine Center
The Children's Hospital of Philadelphia
http://www.chop.edu/
pomeroy () email chop edu
Personal website:  http://www.voicenet.com/~lunar/


-----Original Message-----
From: Mark Parter [mailto:m-parter () fife ac uk] 
Sent: Tuesday, October 14, 2003 7:07 AM
To: webappsec () securityfocus com
Subject: RE: Web App URL Scanner

Hi,

You could try a Perl script called Nikto. This doesn't necessarily  return
all direcotries at a specific website but it will return any that it thinks
are vulnerable to attack and/or shouldn't be available to the general
public. See here for more info: http://www.cirt.net/code/nikto.shtml

Maybe not exactly what your looking for but it's a start.

HTH,

Mark Parter

-----Original Message-----
From: Jimi Thompson [mailto:jimit () myrealbox com]
Sent: 14 October 2003 03:35
To: webappsec () securityfocus com
Subject: Web App URL Scanner[Scanned]


All,

I'm currently seeking some software that will test all possible URL's 
on an web application, much like a dictionary attack against a 
password.  I could probably write it but I'd rather just download 
something if I can.  I'd like to see if I'm able to discover URL's 
that aren't normally accessible.  If anyone has ideas, I'd be 
grateful.

Thanks,

Ms. Jimi Thompson, CISSP