Re: Website "Scanner"

Quoting backed.up.by.2048.bit.encryption@hushmail.com: > Is there anything out there like a port scanner but for websites, where it > dictionary attacks the files. For example you plug in the domain:

Not that I know of. The closest I can think of are two functions I have in Nikto, which can do two similar things currently: 1) guess Apache user names in a similar manner  For example
   ~a
   ~aa
   etc

2) take all the files an mix them with all the directories from the scan database, so that:
/dir1/file1.html
/dir2/file2.html
/dir3/file3.html

 turns into requests for
/dir1/file1.html
/dir1/file2.html
/dir1/file3.html
/dir2/file1.html
/dir2/file2.html
/dir2/file3.html
/dir3/file1.html
/dir3/file2.html
/dir3/file3.html

With 2000+ entries in the db this makes for a *lot* of guesses, but is not exactly enumeration.

> If there is nothing out there like this, why not? The biggest reason is the time it would take for a somewhat comprehensive scan.

http://www.cirt.net/code/nikto.shtml

-Sullo Received on Wed Jan 8 18:00:42 2003

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek