Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OWASP DirBuster 0.11.1 Released

From: William McAfee <sec-community () thegoodhacker com>
Date: Wed, 20 Aug 2008 12:34:48 -0400
A pen tester could use it to see if they can use it to find directories
for admin scripts that rely on the assumption that the attacker does not
know where to find it.

On Wed, 2008-08-20 at 10:05 -0500, Robert Holgstad wrote:

so does owasp do anything useful or just cater to script kiddies?

On Wed, Aug 20, 2008 at 9:42 AM, James Fisher
<dirbuster () sittinglittleduck com> wrote:
        
        A new version of the OWASP DirBuster Project is ready to be
        downloaded.
        
        If you are not familiar with this OWASP project, DirBuster is
        a multi
        threaded java application designed to brute force directories
        and
        files names on web/application servers. Often is the case now
        of what
        looks like a web server in a state of default installation is
        actually
        not, and has pages and applications hidden within. DirBuster
        attempts
        to find these.
        
        Features include:
        
            * Multi threaded has been recorded at over 6000
        requests/sec
            * Works over both http and https
            * Scan for both directory and files
            * Will recursively scan deeper into directories it finds
            * Able to perform a list based or pure brute force scan
            * DirBuster can be started on any directory
            * Custom HTTP headers can be added
            * Proxy support
            * Auto switching between HEAD and GET requests
            * Content analysis mode when failed attempts come back as
        200
            * Custom file extensions can be used
            * Performance can be adjusted while the program in running
            * Supports Basic, Digest and NTLM auth
        
        Further information and downloads can be found at
        https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project
        
        James Fisher
        
        ----------------------------------------------------------------
        This message was sent using IMP, the Internet Messaging
        Program.
        
        _______________________________________________
        Full-Disclosure - We believe in it.
        Charter: http://lists.grok.org.uk/full-disclosure-charter.html
        Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: