OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: Scanner for old files (.bak, ~, .old, etc.)

From: Vedantam sekhar (sekhar56usyahoo.com)
Date: Thu Jul 16 2009 - 07:06:01 CDT

I think w3af as well can do that and freeware.

--- On Wed, 7/1/09, Robin Wood <dninjagmail.com> wrote:

> From: Robin Wood <dninjagmail.com>
> Subject: Re: Scanner for old files (.bak, ~, .old, etc.)
> To: "Juan Kinunt" <kinuntgmail.com>
> Cc: pen-testsecurityfocus.com
> Date: Wednesday, July 1, 2009, 1:33 PM
> 2009/6/30 Juan Kinunt <kinuntgmail.com>:
> > Hi,
> >
> > I would like to know if anyone knows a tool that first
> spiders the web
> > in order to enumerate al files and scripts it detects
> and then look
> > for this same files but with another extension. For
> example, first
> > spiders the web and enumerate:
> >
> > index.php
> > news.php
> > cart.php
> >
> > And then looks for index.php.bak, index.php.inc,
> index.php~,
> > index.bak, index.old, etc.
> >
> > This tool will be useful supossing that programmers
> tend to change the
> > extension of the file to store old files.
> >
> > I know Nikto, Wikto, etc... but this tools look for
> predefined files
> > and I would like to target already existing files but
> with different
> > extension.
> >
> > If the tool does not exist I'll try to code
> something.
> >
> > Thanks.
>
> Webscarab can do this, find a page on the site then go to
> the
> Extensions tab where you can specify a list of extensions.
> The spider
> then goes off and checks the site and for all the pages it
> finds it
> tries them with the extra extensions.
>
> Robin
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance
> Certification Review Board
>
> Prove to peers and potential employers without a doubt that
> you can actually do a proper penetration test. IACRB CPT and
> CEPT certs require a full practical examination in order to
> become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------
>
>

      

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------