Re: [PEN-TEST] Finding Web Admin Pages

[Fyodor <fygrave () TIGERTEAM NET>]

On Sun, Mar 25, 2001 at 11:59:28AM +0100, Julian Niemeyer wrote:
> Some Web servers seem to allow administration via HTTP. Obviously, there is
> not a link on the home page "Click here to administer the server"!
> Instead, the pages are hidden away - security through obscurity.  I want to
> be able to find them.
>
> For a tool, I am first going to look at elza from www.stoev.org before
> writing anything.  I recon it will be easy to check if a search returns a
> 404, 403 or 401.

#!/usr/bin/perl

use HTTP::Request::Common;
use LWP::UserAgent;

$ua = new LWP::UserAgent;
$ua->agent("Blah");

$url = "http://ww.yourfolks.com/";;

while(<STDIN>) {

    chomp;
    my $req = GET  $url . $_;
    $res = $ua->request($req);
    if ($res->code != 404 &&
        $res->code != 403 &&
        $res->code != 401) {
        # do your logging here...
        print "Content: ",$res->as_string, "\n";
    }
}

-/cut here/-
use it as cat your_word_file | ./this_script.pl | tee logs, or something :)