PaulDotCom mailing list archives

Re: Web App Crawlers

From: Ron Gula <rgula () tenable com>
Date: Mon, 11 Apr 2011 08:16:34 -0400

*From:*pauldotcom-bounces () pdc-mail pauldotcom com
[mailto:pauldotcom-bounces () pdc-mail pauldotcom com] *On Behalf Of
*Michael Lubinski
*Sent:* April 7, 2011 9:55 AM
*To:* PaulDotCom Security Weekly Mailing List
*Subject:* [Pauldotcom] Web App Crawlers

I am trying to find all of the web apps currently hosted in an
organization. What is a good crawler I could use? This is from the
defensive side of things, its a network that I have full control over.


Commercially, we have the Passive Vulnerability Scanner available from
Tenable. There are other solutions that sniff apps as well.

Sniffing web servers in realtime is useful because it is port
independent and you can also enumerate all of the web sites hosted on a
web server. Something like the PVS is advanced enough to identify
expired SSL certificates or web servers referencing javascript hosted on
third party servers as well.

-- 
Ron Gula, CEO
Tenable Network Security
http://www.tenable.com



_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

Web App Crawlers Michael Lubinski (Apr 07)
- Re: Web App Crawlers Williams, Marn PENC:EX (Apr 07)
  - Re: Web App Crawlers Denis Hancock (Apr 08)
  - Re: Web App Crawlers Chesmore, Michael [DAS] (Apr 08)
    - Re: Web App Crawlers Ron Gula (Apr 11)
- <Possible follow-ups>
- Re: Web App Crawlers Ryan Sears (Apr 08)