OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: Scanner for old files (.bak, ~, .old, etc.)

From: SD List (listsecurity-database.com)
Date: Wed Jul 01 2009 - 11:11:57 CDT

Hi,
Definitively, a large number of tools and scanners are able to identify
such files.

Take a look here, we provide a list of tools (guyz in this list already
enumerated the best) you may need
(http://www.security-database.com/toolswatch/+-Application-Scanner-+.html)

Cheers

N.

> checkout the metasploit wmap extension. it is exactly what you're looking
> for.
>
> 2009/6/30 Juan Kinunt <kinuntgmail.com>:
>> Hi,
>>
>> I would like to know if anyone knows a tool that first spiders the web
>> in order to enumerate al files and scripts it detects and then look
>> for this same files but with another extension. For example, first
>> spiders the web and enumerate:
>>
>> index.php
>> news.php
>> cart.php
>>
>> And then looks for index.php.bak, index.php.inc, index.php~,
>> index.bak, index.old, etc.
>>
>> This tool will be useful supossing that programmers tend to change the
>> extension of the file to store old files.
>>
>> I know Nikto, Wikto, etc... but this tools look for predefined files
>> and I would like to target already existing files but with different
>> extension.
>>
>> If the tool does not exist I'll try to code something.
>>
>> Thanks.
>>
>> ------------------------------------------------------------------------
>> This list is sponsored by: Information Assurance Certification Review
>> Board
>>
>> Prove to peers and potential employers without a doubt that you can
>> actually do a proper penetration test. IACRB CPT and CEPT certs require
>> a full practical examination in order to become certified.
>>
>> http://www.iacertification.org
>> ------------------------------------------------------------------------
>>
>>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review
> Board
>
> Prove to peers and potential employers without a doubt that you can
> actually do a proper penetration test. IACRB CPT and CEPT certs require a
> full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------
>
>

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------