Penetration Testing mailing list archives

Re: listing directory structure within webserver root

From: Alexandre Verriere <maxwell () nskb net>
Date: Mon, 30 Aug 2004 18:27:00 +0200

Chuck Fullerton a écrit :

I would recommend a tool like Webreaper.  This will mirror the website onto your machine and allow you to inspect it 
closely.

Chuck Fullerton
CEH, OPST, CISSP, CSS1

-----Original Message-----
From: Jose Maria Lopez [mailto:jkerouac () bgsec com]
Sent: Sunday, August 29, 2004 12:59 PM
To: pen-test () securityfocus com
Subject: Re: listing directory structure within webserver root


El sáb, 28 de 08 de 2004 a las 21:04, Serg Belokamen escribió:

Hi All,
Is there a way to somehow enumerate a directory structur on a remotewebserver? Brute force springs to mind but thats mathematicallyimpossible, to go through all combinations, etc.
   Cheers,
      Serg


Nessus can tell you the directories in the root of your
web server and I think that also nikto can, so it could
be possible to traverse the directory tree.

Maybe you can give a try to intellitamper [1] wich will follow all linkswithout making a mirror onyour harddrive. For more complete listing you may search to exploit aflaw in the server if any.


[1]http://www.intellitamper.com/

--

                               ''~``
                              ( o o )
+------------------------.oooO--(_)--Oooo.-----------------------+

Alexandre Verriere (Maxwell) - Http://www.nskb.net


------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

Current thread:

listing directory structure within webserver root Serg Belokamen (Aug 29)
- Re: listing directory structure within webserver root Jose Maria Lopez (Aug 29)
  - RE: listing directory structure within webserver root Chuck Fullerton (Aug 29)
    - Re: RE: listing directory structure within webserver root dietrich (Aug 30)
    - Re: listing directory structure within webserver root Alexandre Verriere (Aug 30)
    - Re: listing directory structure within webserver root Serg Belokamen (Aug 31)
- Re: listing directory structure within webserver root grutz (Aug 29)
- Re: listing directory structure within webserver root Kurt Seifried (Aug 30)
- <Possible follow-ups>
- RE: listing directory structure within webserver root Sasa Jusic (Aug 30)