Re: script locations

[Blue Boar <BlueBoar () thievco com>]

.pike

Should we include .htm, and .html as well, since those can be
mapped to be dynamic on most web servers?  (i.e. you can 
enable SSI on .html on Apache.)

I presume you're working on a web server scanner of
some sort.  It has occurred to me that it would be nice
to have a tool that would spider a site, and record all
URLs that are referred to via PUT or POST, or GET with
variable passing.  

I realize that a dumb spider wouldn't get all the default 
examples files that aren't normally referenced, but are sitting 
there half the time.  Nor would it get nested forms that require
the first form to have some intelligent input to proceed, but
it could be written to be somewhat interactive so that a person
could help it get past forms when needed.

Just a thought.  I've often wanted a tool that I could
point at a site, let run for a few hours, and come
back with a probably list of server side scripts to poke at.
Be nice if it produced lists of variables, too, while I'm
asking...

                                BB



Michal Zalewski wrote:

> I am looking for a list of common locations, filenames and file extensions
> for cgi scripts, servlets and parsed html on miscleanous servers.