PaulDotCom mailing list archives
Re: Web App Crawlers
From: Ron Gula <rgula () tenable com>
Date: Mon, 11 Apr 2011 08:16:34 -0400
*From:*pauldotcom-bounces () pdc-mail pauldotcom com [mailto:pauldotcom-bounces () pdc-mail pauldotcom com] *On Behalf Of *Michael Lubinski *Sent:* April 7, 2011 9:55 AM *To:* PaulDotCom Security Weekly Mailing List *Subject:* [Pauldotcom] Web App Crawlers I am trying to find all of the web apps currently hosted in an organization. What is a good crawler I could use? This is from the defensive side of things, its a network that I have full control over.
Commercially, we have the Passive Vulnerability Scanner available from Tenable. There are other solutions that sniff apps as well. Sniffing web servers in realtime is useful because it is port independent and you can also enumerate all of the web sites hosted on a web server. Something like the PVS is advanced enough to identify expired SSL certificates or web servers referencing javascript hosted on third party servers as well. -- Ron Gula, CEO Tenable Network Security http://www.tenable.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Web App Crawlers Michael Lubinski (Apr 07)
- Re: Web App Crawlers Williams, Marn PENC:EX (Apr 07)
- Re: Web App Crawlers Denis Hancock (Apr 08)
- Re: Web App Crawlers Chesmore, Michael [DAS] (Apr 08)
- Re: Web App Crawlers Ron Gula (Apr 11)
- <Possible follow-ups>
- Re: Web App Crawlers Ryan Sears (Apr 08)
- Re: Web App Crawlers Williams, Marn PENC:EX (Apr 07)