Re: HTTP scanners?

[MSTOREY () UK IBM COM (Matt Storey)]

> Rory, to the best of my knowledge, there aren't any http scanners

I do believe that the late and great Rhino9 security team created one, i think
if my memory serves me correct
it was Grinder.

You, have to specify a certain path and it scans a subnet looking for HTTP
daemons serving that extension.

For example if you serched for Index.html, it show all HTTP daemons in that
subnet that has Index.html on the
Daemon.  It also shows makes/versions of HTTP daemons as well...  Im not sure if
it shows the port No. Unfortunatly
But thats another thing that could be looked at to be implemented in.

All Rhino9 products are able to be downloaded from
http://packetstorm.securify.com/archives

>  -- if you
> want something like that, nmap or {nessus | cops | satan | ...} are your
> best bets; you can scan directly the http and https ports for quick, or all
> ports for sure; as for make/version, the best way I can think of is a little
> script interface to netcat or telnet to show you the real output of each
> port.

> > On Sat, Jan 15, 2000 at 03:55:23AM -0500, Scorpus Kahn wrote:
> > I don't know if I am asking the right question or not, but I want to know if
> > there is
> > such a thing as a HTTP scanner? A small utility that allows you to scan
> > networks/domains
> > for all hosts that have a httpd running on them and will return the port
> > number
> > of the http server, and the make/version of the software. Possibly into a
> > nicely sorted
> > log or database. If there is such a thing what is it called?
>
> > -Rory Savage

> --
> Seth Arnold | http://www.willamette.edu/~sarnold/
> Hate spam? See http://maps.vix.com/rbl/ for help
> Hi! I'm a .signature virus! Copy me into
> your ~/.signature to help me spread!

Heh....

Matt.

Regards

Matt Storey,
IBM Network Computer Division EMEA
Internet - http://www.ibm.com/nc