WebApp Sec mailing list archives

Re: How to list all the URLs on a web server

From: skill2die4 () secguru com
Date: Fri, 7 Jan 2005 17:19:13 -0600 (CST)


accessed without authentication directly by an application that knows
each file URL.


I was in similar situation where the site i was testing had urls based
upon client names, but then how to enumerate all the clients in order to
move further ?

eg... www.xyz.com/<client-name>/login.asp

So, i googled -> site:"xyz.com"

but got nothing as they blocked the spiders ...damn ! now what .. hummm ?

then i googled -> link:"xyz.com"

which produced the links of all their client pages which were pointing to
xyz.com and helped me in moving further with my tests ;-)

Try other options like , inurl etc.. think like a spider !

HTH,

-=skillz=-
www.secguru.com/webapptest-cheatsheet.html



.

Current thread:

How to list all the URLs on a web server Lists (Jan 07)
- Re: How to list all the URLs on a web server skill2die4 (Jan 08)
- RE: How to list all the URLs on a web server Lyal Collins (Jan 08)
- Re: How to list all the URLs on a web server GuidoZ (Jan 08)
- Re: How to list all the URLs on a web server Dan Connelly (Jan 09)
- Re: How to list all the URLs on a web server PCSage Information Services (Jan 10)
- <Possible follow-ups>
- RE: How to list all the URLs on a web server Ofer Shezaf (Jan 08)
  - Re: How to list all the URLs on a web server Rafael San Miguel Carrasco (Jan 09)
  - Re: How to list all the URLs on a web server tie (Jan 09)
- Re: How to list all the URLs on a web server michaelsilk (Jan 08)
- RE: How to list all the URLs on a web server Ofer Shezaf (Jan 10)