[LoWNOISE] WMAP v1.2 by ET etat_private - Less Stupid Web Scanner - by ET etat_private --------------------------------------------- [LoWNOISE] Just Humanrights Reserved (h) 2002 URL: http://pwp.007mundo.com/etorres1/ Parts from README: Wmap is a "simple less stupid web scanner" for *nix . Im not going to tell you that is a intelligent scanner, because it isnt. When you use a CGI scanner it just searches for the existence of cgis in common directories. Thats the fact. But it should not be that way. Because many companies just use their own locations to put their cgis. So you are just searching in a default web server path, leaving behind a huge space without testing, with bigger holes that you didnt found. So what happens if target.org just move or rename the common cgi-bin directory having in there all the vulnerable cgis. WMAP search recursively, grabing all the info contained in html tags like HREF, FORM and FRAME, capturing the new directories , dividing and including them in the tests. ... HELP ==== usage: wmap host [options] ex: wmap www.target.com/ wmap www.target.com:8080/ wmap www.target.com/initial-path/blah Options: -h Help -a About -v Verbose -r NO Recursive -c NO CGI Scanning -i NO DIR Scanning -f NO FILE Scanning -p NO HTTP PUT Scanning -o Show others CGIs found on pages -s View Summary of checked stuff -n Show hosts (-d <domain> needed) -u Show users (-d <domain> needed) -d <domain> (-n,-u ex. target.com) -t Show each test -l <file> Log everything to file Files: db/ cgis.db CGIs to scan for dircgis.db Dirs where the CGIs can be found dirs.db Interesting Dirs file.db Interesting Files noscan.db Dont Scan in those paths --- The End --- farc.sucks.dmz.co = narco-goverment.sucks.co
This archive was generated by hypermail 2b30 : Wed Feb 06 2002 - 06:41:48 PST