Re: listing directory structure within webserver root

From: Alexandre Verriere (maxwell_at_nskb.net)
Date: 08/30/04

  • Next message: Owen, Matt: "RE: EC-Counsil (Book Review) Can we wrap this thread up?" 
    Date: Mon, 30 Aug 2004 18:27:00 +0200
To: pen-test@securityfocus.com

    Chuck Fullerton a écrit :

    >I would recommend a tool like Webreaper. This will mirror the website onto your machine and allow you to inspect it closely.
    >
    >Chuck Fullerton
    >CEH, OPST, CISSP, CSS1
    >
    >-----Original Message-----
    >From: Jose Maria Lopez [mailto:jkerouac@bgsec.com]
    >Sent: Sunday, August 29, 2004 12:59 PM
    >To: pen-test@securityfocus.com
    >Subject: Re: listing directory structure within webserver root
    >
    >
    >El sáb, 28 de 08 de 2004 a las 21:04, Serg Belokamen escribió:
    >
    >
    >>Hi All,
    >>
    >>Is there a way to somehow enumerate a directory structur on a remote
    >>webserver? Brute force springs to mind but thats mathematically
    >>impossible, to go through all combinations, etc.
    >>
    >> Cheers,
    >> Serg
    >>
    >>
    >
    >Nessus can tell you the directories in the root of your
    >web server and I think that also nikto can, so it could
    >be possible to traverse the directory tree.
    >
    >
    >
    Maybe you can give a try to intellitamper [1] wich will follow all links
    without making a mirror on
    your harddrive. For more complete listing you may search to exploit a
    flaw in the server if any.

    [1]http://www.intellitamper.com/ 

    -- 
                                ''~``
                               ( o o )
+------------------------.oooO--(_)--Oooo.-----------------------+
  
        Alexandre Verriere (Maxwell) - http://www.nskb.net 
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
  • Next message: Owen, Matt: "RE: EC-Counsil (Book Review) Can we wrap this thread up?"

    Relevant Pages

    • Re: Rogue activity methodology (was: Tool to find hidden web proxyserver)
      ... Subject: Rogue activity methodology (was: Tool to find hidden web ... Ethical Hacking at the InfoSec Institute. ... Check out our Advanced Hacking course, ... learn to write exploits and attack security infrastructure. ...
      (Pen-Test)
    • RE: Wireless Scanning
      ... Objet: RE: Wireless Scanning ... > Ethical Hacking at the InfoSec Institute. ... > Check out our Advanced Hacking course, ... learn to write exploits and attack security infrastructure. ...
      (Pen-Test)
    • RE: snmp
      ... You should give ADMsnmp a try. ... Ethical Hacking at the InfoSec Institute. ... Check out our Advanced Hacking course, ... learn to write exploits and attack security infrastructure. ...
      (Pen-Test)
    • RE: Achilles proxy for linux
      ... I believe you should try Burp Proxy or Snark ... Ethical Hacking at the InfoSec Institute. ... Check out our Advanced Hacking course, ... learn to write exploits and attack security infrastructure. ...
      (Pen-Test)
    • RE: Tool to find hidden web proxy server
      ... >> Ethical Hacking at the InfoSec Institute. ... Check out our Advanced Hacking course, ... >> learn to write exploits and attack security infrastructure. ...
      (Pen-Test)