NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Pen-test> 2009-07

RE: Scanner for old files (.bak, ~, .old, etc.)

From: Tal Argoni (tala2bsecure.co.il)
Date: Wed Jul 01 2009 - 09:01:32 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,
Wikto is the perfect tool for this kind of job
http://www.sensepost.com

-----Original Message-----
From: listbouncesecurityfocus.com [mailto:listbouncesecurityfocus.com] On Behalf Of Juan Kinunt
Sent: Tuesday, June 30, 2009 3:47 PM
To: pen-testsecurityfocus.com
Subject: Scanner for old files (.bak, ~, .old, etc.)

Hi,

I would like to know if anyone knows a tool that first spiders the web
in order to enumerate al files and scripts it detects and then look
for this same files but with another extension. For example, first
spiders the web and enumerate:

index.php
news.php
cart.php

And then looks for index.php.bak, index.php.inc, index.php~,
index.bak, index.old, etc.

This tool will be useful supossing that programmers tend to change the
extension of the file to store old files.

I know Nikto, Wikto, etc... but this tools look for predefined files
and I would like to target already existing files but with different
extension.

If the tool does not exist I'll try to code something.

Thanks.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]