RE: Website "Scanner"

[<glyng () corsaire com>]

Hi,

It would be fairly straight-forward to use a dictionary generator in
conjunction with any of the mentioned cgi-scanners (e.g. nikto, whisker
etc.) - or simply piped through netcat - to achieve your aim.

As others have mentioned, the key limiter will be the time involved to
make so many requests to a server.

It would probably be more efficient to produce a list of 'likely' root
names (e.g. index, default, login) and extensions (htm, html, asp, php
etc.) and iterate through them based on selected or enumerated paths on
the target.

Glyn.

> -----Original Message-----
> From: backed.up.by.2048.bit.encryption () hushmail com 
> [mailto:backed.up.by.2048.bit.encryption () hushmail com] 
> Sent: 08 January 2003 21:13
> To: webappsec () securityfocus com; cneppes () port80software com
> Cc: vuln-dev () securityfocus com
> Subject: RE: Website "Scanner"
>
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
>
>
> On Wed, 08 Jan 2003 13:00:47 -0800 Chris Neppes 
> <cneppes () port80software com> wrote:
> > A very rich list of hacker and other network security tools:
> >
> > http://www.insecure.org/tools.html
>
> Nothing there that I can see.  The concept's quite simple:-
>
> say you even know the directory
>
> http://www.microsoft.com/new_products/bigwinner2002.html
>
> I want something that via dictionary or other, attacks all 
> the files in "new_products" until it hits on something.
>
>
> > Port80 Software, Inc.
> > www.port80software.com
> >
> > 5252 Balboa Ave., Ste. 605
> > San Diego, CA 92117
> > cneppes () port80software com
> > 858.268.7960 voice
> > 619.606.2860 cell
> > 858.268.7760 fax
> >
> > Web server modules for Microsoft IIS.
> > security. performance. user experience.
> >
> >
> >
> > -----Original Message-----
> > From: backed.up.by.2048.bit.encryption () hushmail com
> > [mailto:backed.up.by.2048.bit.encryption () hushmail com]
> > Sent: Wednesday, January 08, 2003 12:54 PM
> > To: webappsec () securityfocus com
> > Cc: vuln-dev () securityfocus com
> > Subject: Website "Scanner"
> >
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> >
> > Is there anything out there like a port scanner but for websites,  
> > where it dictionary attacks the files. For example you plug in the 
> > domain:
> >
> > http://www.foo.com
> >
> > and tries to find .html files (or other)
> >
> > http://www.foo.com - index.html
> >                      ndex.html
> >                       dex.html
> >                        ex.html
> >
> >
> > ......etc
> >
> > where runs through numerous possibilities to hit on files on 
> the server
> > (and even) directories).  If so, one could certainly hit on some
> > sensitive information, say where the administrator has been testing
> > something, or internal product infos etc.
> >
> > If there is nothing out there like this, why not?
> >
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: Hush 2.2 (Java)
> > Note: This signature can be verified at 
> > https://www.hushtools.com/verify
> >
> > wnUEARECADUFAj4cj18uHGJhY2tlZC51cC5ieS4yMDQ4LmJpdC5lbmNyeXB0aW9uQGh1
> > c2htYWlsLmNvbQAKCRDEHQGvBp4eRJLBAKCPZpeToNzqtkqKkaIROClm91qhXgCfe4Eo
> > /YwZbPRhApi54B5jewqOYCk=
> > =d2v7
> > -----END PGP SIGNATURE-----
> >
> >
> >
> >
> > Concerned about your privacy? Follow this link to get
> > FREE encrypted email: https://www.hushmail.com/?l=2
> >
> > Big $$$ to be made with the HushMail Affiliate Program: 
> > https://www.hushmail.com/about.php?subloc=affiliate&l=427
> -----BEGIN PGP SIGNATURE-----
> Version: Hush 2.2 (Java)
> Note: This signature can be verified at 
> https://www.hushtools.com/verify
>
>
> wnUEARECADUFAj4ck9wuHGJhY2tlZC51cC5ieS4yMDQ4LmJpdC5lbmNyeXB0aW9uQGh1
> c2htYWlsLmNvbQAKCRDEHQGvBp4eRKckAJ0RSnfBT9vI8BHnQrW1PFzUI9n+SgCdGGDd
> jDhzEZgZ8aQ8F1YgqtYPCEQ=
> =llxu
> -----END PGP SIGNATURE-----
>
>
>
>
> Concerned about your privacy? Follow this link to get
> FREE encrypted email: https://www.hushmail.com/?l=2 
>
> Big $$$ to be made with the HushMail Affiliate Program: 
> https://www.hushmail.com/about.php?subloc=affiliate&l=427