WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Website "Scanner"

From: Nicolas Waisman <nwaisman () dsnsecurity com>
Date: Fri, 29 Mar 2002 17:36:11 -0300
Some lines of Python....

from socket import *
import string,sys
s=socket(AF_INET, SOCK_STREAM)
s.connect( (sys.argv[1], 80))
bleh=sys.argv[2]
s.send("GET /"+ bleh + " HTTP/1.0\n\r\n\r")
if s.recv(1024).find("HTTP/1.1 404") > -1:
        print "WIIIIIIIIIIIIIIIIIIIII"
s.close()

You can make lots of  improvements to this... in 4 lines and 3 minutes of code :D
Bye
Nico


backed.up.by.2048.bit.encryption () hushmail com wrote:


-----BEGIN PGP SIGNED MESSAGE-----

Is there anything out there like a port scanner but for websites, where it dictionary attacks the files. For example 
you plug in the domain:

http://www.foo.com

and tries to find .html files (or other)

http://www.foo.com - index.html
                     ndex.html
                      dex.html
                       ex.html


......etc

where runs through numerous possibilities to hit on files on the server (and even) directories).  If so, one could 
certainly hit on some sensitive information, say where the administrator has been testing something, or internal 
product infos etc.

If there is nothing out there like this, why not?


-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wnUEARECADUFAj4cj18uHGJhY2tlZC51cC5ieS4yMDQ4LmJpdC5lbmNyeXB0aW9uQGh1
c2htYWlsLmNvbQAKCRDEHQGvBp4eRJLBAKCPZpeToNzqtkqKkaIROClm91qhXgCfe4Eo
/YwZbPRhApi54B5jewqOYCk=
=d2v7
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
Previous By Date Next
Previous By Thread Next

Current thread: