WebApp Sec mailing list archives
new tool, File Disclosure Browser
From: Robin Wood <robin () digininja org>
Date: Tue, 27 Sep 2011 13:40:27 +0100
Hi I've released a new tool, the File Disclosure Browser. The app takes .DS_Store files found on websites and parses through them to find a list of all potential files in the directory. It can then either just display the URLs for the files or if you give it a proxy it can browse to the files itself. I wrote it after reading the PDC blog post on passing DirBuster through Burp and figured doing the same thing for the contents of DS_Store files would be useful. I plan to extend it in the future to handle dwsync from Dreamweaver and other common files that disclose the names of files on the server. It is written in Perl and is my first attempt at writing a app from scratch so there is little error checking and potentially some bad code but it seems to work for most of the cases I've tried. You can download it from here https://www.damart.co.uk/ Feel free to give feedback. Robin This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- new tool, File Disclosure Browser Robin Wood (Sep 30)
- Re: new tool, File Disclosure Browser Robin Wood (Sep 30)