WebApp Sec mailing list archives

RE: Website "Scanner"

From: "Ian Griffiths" <ian.griffiths () liv-coll ac uk>
Date: Sat, 11 Jan 2003 17:23:53 -0000

What about some Perl arrays and trusty old wget?

-----Original Message-----
From: backed.up.by.2048.bit.encryption () hushmail com
[mailto:backed.up.by.2048.bit.encryption () hushmail com] 
Sent: 08 January 2003 23:22
To: sullo () cirt net
Cc: webappsec () securityfocus com; vuln-dev () securityfocus com
Subject: Re: Website "Scanner"


-----BEGIN PGP SIGNED MESSAGE-----


On Wed, 08 Jan 2003 14:21:16 -0800 sullo () cirt net wrote:

2) take all the files an mix them with all the directories from
the scan
database, so that:
 /dir1/file1.html
 /dir2/file2.html
 /dir3/file3.html
turns into requests for
 /dir1/file1.html
 /dir1/file2.html
 /dir1/file3.html
 /dir2/file1.html
 /dir2/file2.html
 /dir2/file3.html
 /dir3/file1.html
 /dir3/file2.html
 /dir3/file3.html



Yes, this is more the idea.  We are not looking for vulns. or xploits,
rather trying to intelligently "guess" what else is in that directory.
Either through dictionary use or other use.

Current thread:

Re: Website "Scanner", (continued)
- - - Re: Website "Scanner" Kurt Seifried (Jan 08)
    - Re: Website "Scanner" sullo (Jan 09)
- Re: Website "Scanner" backed . up . by . 2048 . bit . encryption (Jan 08)
  - Re: Website "Scanner" Nelson Sampaio Araujo Junior (Jan 09)
    - Re: Website "Scanner" Chris Wysopal (Jan 09)
    - Re: Website "Scanner" Mary Landesman (Jan 21)
    - Re: Website "Scanner" Dave Aitel (Jan 09)
    - Re: Website "Scanner" Kevin Spett (Jan 11)
    - RE: Website "Scanner" glyn (Jan 10)
    - Re: Website "Scanner" Todd Charron (Jan 11)
  - RE: Website "Scanner" Ian Griffiths (Jan 11)
  - Re: Website "Scanner" Mike Shaw (Jan 21)
- Re: Website "Scanner" Pig Monkey (Jan 09)
- RE: Website "Scanner" Brass, Phil (ISS Atlanta) (Jan 10)