> Just a thought. I've often wanted a tool that I could > point at a site, let run for a few hours, and come > back with a probably list of server side scripts to poke at. > Be nice if it produced lists of variables, too, while I'm > asking... Webinspect is your tool, http://www.spidynamics.com/download.html ----- Original Message ----- From: "Blue Boar" <BlueBoarat_private> To: <vuln-devat_private> Sent: Thursday, June 07, 2001 5:15 PM Subject: Re: script locations > .pike > > Should we include .htm, and .html as well, since those can be > mapped to be dynamic on most web servers? (i.e. you can > enable SSI on .html on Apache.) > > I presume you're working on a web server scanner of > some sort. It has occurred to me that it would be nice > to have a tool that would spider a site, and record all > URLs that are referred to via PUT or POST, or GET with > variable passing. > > I realize that a dumb spider wouldn't get all the default > examples files that aren't normally referenced, but are sitting > there half the time. Nor would it get nested forms that require > the first form to have some intelligent input to proceed, but > it could be written to be somewhat interactive so that a person > could help it get past forms when needed. > > Just a thought. I've often wanted a tool that I could > point at a site, let run for a few hours, and come > back with a probably list of server side scripts to poke at. > Be nice if it produced lists of variables, too, while I'm > asking... > > BB > > > > Michal Zalewski wrote: > > > I am looking for a list of common locations, filenames and file extensions > > for cgi scripts, servlets and parsed html on miscleanous servers.
This archive was generated by hypermail 2b30 : Thu Jun 07 2001 - 18:38:59 PDT