Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

[Tool Update Announcement] inspathx - Path Disclosure Finder

From: YGN Ethical Hacker Group <lists () yehg net>
Date: Tue, 1 Feb 2011 18:12:53 +0800
Check the update via

svn checkout http://inspathx.googlecode.com/svn/trunk/ inspathx


CHANGELOG
===========

covered remaining checks (empty array, null cookie) in
Full_Path_Disclosure
(http://www.owasp.org/index.php/Full_Path_Disclosure) of OWASP
Application Security Desk Reference (ASDR) Project
(http://www.owasp.org/index.php/Category:OWASP_ASDR_Project)

added support for generating path definition file and you can now use
-d with path-definition file to check in addition to cms directory
path

added support for reading gzip/deflate compressed response from server

added regexp support (use your own regexp rules to search in returned
responses in addition to built-in regexp error messages)

added null session cookie  support
        --null-cookie [will auto null session for all languages ]
        
added custom headers  support
        --headers "cookie: sid[%00]=1\r\nX-pingback:: %00"
        
added data (GET/POST)  support
        --data (var=1&var=2)
        
added method (get by default)  support
        --method post
        
added follow redirect support
        --follow-redirect
        
added cold fusion language support; when feeded by large inputs, cold
fusion apps tend to reveal source code disclosure if without boundary
checks when used as IIS ISAPI extensions

added --rm option to remove directory used to generate path list
[suggestion by Brendan Coles]

cleaned *-vuln-path.txt file content to make it ready for path definition file

added support for [] , querystring in path definition file [suggestion
by Brendan Coles]

Added supported for username and web root path extraction for both
*nux and windows [suggestion by Brendan Coles]

added detection support for html_errors being set as off in php.ini
[suggestion by Sebastien Damaye]



THANKS
=======


Ryan Dewhurst (http://www.ethicalhack3r.co.uk) for his suggestion to
cover all checks (empty array, null cookie) of
http://www.owasp.org/index.php/Full_Path_Disclosure
 --data, --param-array, -n/--null-session options.


Brendan Coles (http://itsecuritysolutions.org/, http://whatweb.net/)
for his suggestion that known web application paths should be bundled
for convenience and time saving. I've done files with dozens of
open-source web app known paths under 'paths' directory. You can do it
for your desired CMS/application by -d and -g options. See EXAMPLES
for more details. Submit latest path files to inspathx at yehg.net.


Sebastien.damaye for his write-up about inspathx tutorial ,
http://www.aldeid.com/index.php/Inspathx


And finally to developers community, their common coding practice,
their belief on path disclosure as server side issue
that make this tool meaningful and usable for current plus future web apps



100+ Web Apps with Full Path Disclosure using inspathx
===========================================

https://code.google.com/p/inspathx/source/browse/#svn%2Ftrunk%2Fpaths_vuln


* Send bugs/suggestions to inspathx at yehg.net

---------------------------------
Best regards,
YGN Ethical Hacker Group
Yangon, Myanmar
http://yehg.net
Our Lab | http://yehg.net/lab
Our Directory | http://yehg.net/hwd

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: