IntelliTamper is able to scan a website for unlisted files and folders
with a dictionary based scan.
More Info: http://www.intellitamper.com/
Or Email to : tamper (at) engineer (dot) com [email concealed]
Hope this helps!!
---
Nikhil Wagholikar
Practice Lead | Security Assessments & Digital Forensics
Network Intelligence (India) Pvt. Ltd. [NII Consulting]
Web: http://www.niiconsulting.com/
Comprehensive Information Security Training
http://iisecurity.in/training.html
2009/6/30 Juan Kinunt <kinunt (at) gmail (dot) com [email concealed]>
>
> Hi,
>
> I would like to know if anyone knows a tool that first spiders the web
> in order to enumerate al files and scripts it detects and then look
> for this same files but with another extension. For example, first
> spiders the web and enumerate:
>
> index.php
> news.php
> cart.php
>
> And then looks for index.php.bak, index.php.inc, index.php~,
> index.bak, index.old, etc.
>
> This tool will be useful supossing that programmers tend to change the
> extension of the file to store old files.
>
> I know Nikto, Wikto, etc... but this tools look for predefined files
> and I would like to target already existing files but with different
> extension.
>
> If the tool does not exist I'll try to code something.
>
> Thanks.
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
May be you can have a look at 'IntelliTamper'.
IntelliTamper is able to scan a website for unlisted files and folders
with a dictionary based scan.
More Info: http://www.intellitamper.com/
Or Email to : tamper (at) engineer (dot) com [email concealed]
Hope this helps!!
---
Nikhil Wagholikar
Practice Lead | Security Assessments & Digital Forensics
Network Intelligence (India) Pvt. Ltd. [NII Consulting]
Web: http://www.niiconsulting.com/
Comprehensive Information Security Training
http://iisecurity.in/training.html
2009/6/30 Juan Kinunt <kinunt (at) gmail (dot) com [email concealed]>
>
> Hi,
>
> I would like to know if anyone knows a tool that first spiders the web
> in order to enumerate al files and scripts it detects and then look
> for this same files but with another extension. For example, first
> spiders the web and enumerate:
>
> index.php
> news.php
> cart.php
>
> And then looks for index.php.bak, index.php.inc, index.php~,
> index.bak, index.old, etc.
>
> This tool will be useful supossing that programmers tend to change the
> extension of the file to store old files.
>
> I know Nikto, Wikto, etc... but this tools look for predefined files
> and I would like to target already existing files but with different
> extension.
>
> If the tool does not exist I'll try to code something.
>
> Thanks.
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------
>
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[ reply ]