RE: Scanner for old files (.bak, ~, .old, etc.)

[Tal Argoni <tala () 2bsecure co il>]

Hi,
Wikto is the perfect tool for this kind of job
http://www.sensepost.com

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Juan Kinunt
Sent: Tuesday, June 30, 2009 3:47 PM
To: pen-test () securityfocus com
Subject: Scanner for old files (.bak, ~, .old, etc.)

Hi,

I would like to know if anyone knows a tool that first spiders the web
in order to enumerate al files and scripts it detects and then look
for this same files but with another extension. For example, first
spiders the web and enumerate:

index.php
news.php
cart.php

And then looks for index.php.bak, index.php.inc, index.php~,
index.bak, index.old, etc.

This tool will be useful supossing that programmers tend to change the
extension of the file to store old files.

I know Nikto, Wikto, etc... but this tools look for predefined files
and I would like to target already existing files but with different
extension.

If the tool does not exist I'll try to code something.

Thanks.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------