RE: Website detection

["Password Crackers, Inc." <pwcrack () pwcrack com>]

Check robots.txt to see if they have listed the websites there.  If not,
you'll certainly want to try Google.

Bob Weiss
Password Crackers, Inc. 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of 3 shool
Sent: Monday, February 19, 2007 5:09 AM
To: pen-test () securityfocus com
Subject: Website detection

Hello Everyone,

We are doing a PT for one of our customers with 5 webservers. None of these
webservers have the website on the main url like http://xxx.xxx.xxx.xxx but
they have confirmed that they have critical applications running on all the
5 web servers and for security purposes they have moved the websites to
something like http://xxx.xxx.xxx.xxx/yyy.

Now manually I guess it will take years to identify the correct URL having
the critical website by using guessing techniques. I was wondering if there
is a tool that could try various popular and brute force combinations to
automatically guess the possible URLs.

I'm sure many of you would have wonderful ideas to address this problem.
Pls. enlighten.

THNX

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=70160000
0008bOW
------------------------------------------------------------------------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------