Penetration Testing mailing list archives
RE: listing directory structure within webserver root
From: "Chuck Fullerton" <chuckf69 () ceinetworks com>
Date: Sun, 29 Aug 2004 15:47:23 -0400
I would recommend a tool like Webreaper. This will mirror the website onto your machine and allow you to inspect it closely. Chuck Fullerton CEH, OPST, CISSP, CSS1 -----Original Message----- From: Jose Maria Lopez [mailto:jkerouac () bgsec com] Sent: Sunday, August 29, 2004 12:59 PM To: pen-test () securityfocus com Subject: Re: listing directory structure within webserver root El sáb, 28 de 08 de 2004 a las 21:04, Serg Belokamen escribió:
Hi All,
Is there a way to somehow enumerate a directory structur on a remote
webserver? Brute force springs to mind but thats mathematically
impossible, to go through all combinations, etc.
Cheers,
Serg
Nessus can tell you the directories in the root of your web server and I think that also nikto can, so it could be possible to traverse the directory tree. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac () bgsec com bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÑA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road" ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------------- ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- listing directory structure within webserver root Serg Belokamen (Aug 29)
- Re: listing directory structure within webserver root Jose Maria Lopez (Aug 29)
- RE: listing directory structure within webserver root Chuck Fullerton (Aug 29)
- Re: RE: listing directory structure within webserver root dietrich (Aug 30)
- Re: listing directory structure within webserver root Alexandre Verriere (Aug 30)
- Re: listing directory structure within webserver root Serg Belokamen (Aug 31)
- RE: listing directory structure within webserver root Chuck Fullerton (Aug 29)
- Re: listing directory structure within webserver root Jose Maria Lopez (Aug 29)
- Re: listing directory structure within webserver root grutz (Aug 29)
- Re: listing directory structure within webserver root Kurt Seifried (Aug 30)
- <Possible follow-ups>
- RE: listing directory structure within webserver root Sasa Jusic (Aug 30)