Penetration Testing mailing list archives
Re: Automatic web application security profiling
From: Meenal Mukadam <meenal.mukadam () niiconsulting com>
Date: Thu, 10 Sep 2009 14:32:07 +0530
Hello Jeff, Try Xenu. http://home.snafu.de/tilman/xenulink.html Regards, Meenal A. Mukadam Information Security Consultant Network Intelligence (I) Pvt. Ltd. [NII Consulting] Mobile (India) : +91 97 66 58 57 53 Office : +91-22-2839 2628 Web: http://www.niiconsulting.com/ Information Security Training - http://iisecurity.in/
On Wed, Sep 9, 2009 at 2:30 PM, Volker Tanger <vtlists () wyae de> wrote:Hi! Am Sat, 5 Sep 2009 18:52:01 +0530 schrieb D Adusumalli <asndpp () gmail com>:Open source web proxies BURP, WebScarab have spidering ability. On Thu, Jul 16, 2009 at 7:12 AM, John Beck<jbeck59 () hotmail com> wrote:I am about to start an application layer security assessment of a webapplication and I am searching for a quick method of identifying "most" of the inputs of a JSP/tomcat web application (remotely, without source code access).Burp, WebScarab et al. don't summarize form usage - if you have a search form on each page, every single page will be listed as form. :-/ Thus I wrote the "Thekla" spider for exactly this purpose http://www.wyae.de/software/thekla/ It consolidates all forms and their resulting action CGI interface as well as parameter-laden URLs into neat text/CSV files. I fyou use it, comments and suggestions are welcome. Bye Volker -- Volker Tanger http://www.wyae.de/volker.tanger/ -------------------------------------------------- vtlists () wyae de PGP Fingerprint 378A 7DA7 4F20 C2F3 5BCC 8340 7424 6122 BB83 B8CB ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Automatic web application security profiling D Adusumalli (Sep 08)
- Re: Automatic web application security profiling Volker Tanger (Sep 09)
- Message not available
- Re: Automatic web application security profiling Meenal Mukadam (Sep 14)
- Message not available
- Re: Automatic web application security profiling Anthony Cicalla (Sep 14)
- Re: Automatic web application security profiling Volker Tanger (Sep 09)