Penetration Testing mailing list archives

Re: Scanner for old files (.bak, ~, .old, etc.)

From: John Lampe <jwlampe () tenablesecurity com>
Date: Tue, 30 Jun 2009 11:56:01 -0500

Juan Kinunt wrote:

Hi,

I would like to know if anyone knows a tool that first spiders the web
in order to enumerate al files and scripts it detects and then look
for this same files but with another extension. For example, first
spiders the web and enumerate:

index.php
news.php
cart.php

And then looks for index.php.bak, index.php.inc, index.php~,
index.bak, index.old, etc.

Check out bakfiles.nasl which is a part of the Nessus scanner. Itshould be very close to what you're looking for (and maybe even a fewthat you don't list above)


John


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Scanner for old files (.bak, ~, .old, etc.) Juan Kinunt (Jun 30)
- Re: Scanner for old files (.bak, ~, .old, etc.) Andres Riancho (Jun 30)
- Re: Scanner for old files (.bak, ~, .old, etc.) Benjamin Greenfield (Jun 30)
- Re: Scanner for old files (.bak, ~, .old, etc.) Gabriele Zanoni (Jun 30)
- Re: Scanner for old files (.bak, ~, .old, etc.) Sandro Gauci (Jun 30)
- Re: Scanner for old files (.bak, ~, .old, etc.) John Lampe (Jun 30)
- Re: Scanner for old files (.bak, ~, .old, etc.) rajat swarup (Jun 30)
- Re: Scanner for old files (.bak, ~, .old, etc.) Rogan Dawes (Jun 30)
- Re: Scanner for old files (.bak, ~, .old, etc.) pUm (Jun 30)
- Re: Scanner for old files (.bak, ~, .old, etc.) Todd Haverkos (Jun 30)
- <Possible follow-ups>
- Re: Scanner for old files (.bak, ~, .old, etc.) jason_jones98 (Jun 30)