Re: [NSE] http-dir-brute

[Patrik Karlsson <patrik () cqure net>]

On Sun, Nov 20, 2011 at 4:07 PM, Hani Benhabiles <kroosec () gmail com> wrote:

> Hi Patrik,
>
> I know of http-enum but this script serves a rather different purpose. It
> works like tools such as OWASP DirBuster, relying on response code to HEAD
> requests to discover directories (from http-folders.txt) independently of
> the web app. http-enum uses a larger and more general fingerprints file
> that requests certain files (and parse the response content in some cases)
> to identify the specific web applications (e.g if '/wordpress/wp-login.php'
> contains 'ver=20080708' => WordPress 2.6.x)
Well, that's not entirely true, since 891 of the 894 directories in
http-folders.txt are already checked by http-enum.
Most of them are in the miscellaneous category so you filter on that using
the http-enum.category argument.
Maybe I'm not seeing it right, but I'm not sure that I understand how this
script is any different than what http-enum does.
I'm familiar with OWASPs DirBuster, but I haven't used it for sometime now,
but as I remember it does file, suffix and nested directory checks too?

Cheers,
//Patrik
-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/