Web Application Security
new tool, File Disclosure Browser Sep 27 2011 12:40PM
Robin Wood (robin digininja org)
I've released a new tool, the File Disclosure Browser. The app takes
.DS_Store files found on websites and parses through them to find a
list of all potential files in the directory. It can then either just
display the URLs for the files or if you give it a proxy it can browse
to the files itself.

I wrote it after reading the PDC blog post on passing DirBuster
through Burp and figured doing the same thing for the contents of
DS_Store files would be useful. I plan to extend it in the future to
handle dwsync from Dreamweaver and other common files that disclose
the names of files on the server.

It is written in Perl and is my first attempt at writing a app from
scratch so there is little error checking and potentially some bad
code but it seems to work for most of the cases I've tried.

You can download it from here https://www.damart.co.uk/

Feel free to give feedback.


This list is sponsored by Cenzic
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus