Penetration Testing mailing list archives

Re: Scanner for old files (.bak, ~, .old, etc.)

From: Vedantam sekhar <sekhar56us () yahoo com>
Date: Thu, 16 Jul 2009 05:06:01 -0700 (PDT)


I think w3af as well can do that and freeware.



--- On Wed, 7/1/09, Robin Wood <dninja () gmail com> wrote:

From: Robin Wood <dninja () gmail com>
Subject: Re: Scanner for old files (.bak, ~, .old, etc.)
To: "Juan Kinunt" <kinunt () gmail com>
Cc: pen-test () securityfocus com
Date: Wednesday, July 1, 2009, 1:33 PM
2009/6/30 Juan Kinunt <kinunt () gmail com>:

Hi,

I would like to know if anyone knows a tool that first

spiders the web

in order to enumerate al files and scripts it detects

and then look

for this same files but with another extension. For

example, first

spiders the web and enumerate:

index.php
news.php
cart.php

And then looks for index.php.bak, index.php.inc,

index.php~,

index.bak, index.old, etc.

This tool will be useful supossing that programmers

tend to change the

extension of the file to store old files.

I know Nikto, Wikto, etc... but this tools look for

predefined files

and I would like to target already existing files but

with different

extension.

If the tool does not exist I'll try to code

something.


Thanks.


Webscarab can do this, find a page on the site then go to
the
Extensions tab where you can specify a list of extensions.
The spider
then goes off and checks the site and for all the pages it
finds it
tries them with the extra extensions.

Robin

------------------------------------------------------------------------
This list is sponsored by: Information Assurance
Certification Review Board

Prove to peers and potential employers without a doubt that
you can actually do a proper penetration test. IACRB CPT and
CEPT certs require a full practical examination in order to
become certified. 

http://www.iacertification.org
------------------------------------------------------------------------



      

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Re: Scanner for old files (.bak, ~, .old, etc.) Robin Wood (Jul 02)
- <Possible follow-ups>
- RE: Scanner for old files (.bak, ~, .old, etc.) Tal Argoni (Jul 02)
- Re: Scanner for old files (.bak, ~, .old, etc.) Nikhil Wagholikar (Jul 02)
  - Re: Scanner for old files (.bak, ~, .old, etc.) Jeremy Brown (Jul 02)
- Re: Scanner for old files (.bak, ~, .old, etc.) SD List (Jul 02)
- Re: Scanner for old files (.bak, ~, .old, etc.) Vedantam sekhar (Jul 17)