Re: Website detection

From: Tim <tim-pentest@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 20 Feb 2007 20:52:33 -0500

We are doing a PT for one of our customers with 5 webservers. None of
these webservers have the website on the main url like
http://xxx.xxx.xxx.xxx but they have confirmed that they have critical
applications running on all the 5 web servers and for security
purposes they have moved the websites to something like
http://xxx.xxx.xxx.xxx/yyy.

Now manually I guess it will take years to identify the correct URL
having the critical website by using guessing techniques. I was
wondering if there is a tool that could try various popular and brute
force combinations to automatically guess the possible URLs.

I'm sure many of you would have wonderful ideas to address this
problem. Pls. enlighten.

If these are public websites and they aren't using a robots.txt file,
you can always run a google search like:

site:xxx.xxx.xxx.xxx

and you should get a few goodies. This won't work if they are careful
though.

tim

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Follow-Ups:
- Re: Website detection
  - From: crazy frog crazy frog

References:
- Website detection
  - From: 3 shool

Prev by Date: Re: What protocol to choose for a new fuzzer?
Next by Date: Re: Speaking of nmap
Previous by thread: RE: Website detection
Next by thread: Re: Website detection
Index(es):
- Date
- Thread

Relevant Pages

Re: Macromedia Contribute
... Macromedia Dreamweaver MX) to manage the content of a ... number of my clients websites held on external web servers. ... when I try to use it the connection process fails. ... connection to an external hosted website. ...
(microsoft.public.backoffice.smallbiz2000)
Security design question
... Website are hosted in DMZ - subdomain created dmz.companydomain.com ... We have our web farm (3-5 web servers) running under one NT Domain account ... SQL server will be used to host user authentication information and Session ... If the internal web service trust the NT domain account that hosts the web ...
(microsoft.public.dotnet.framework.aspnet.security)
Website detection
... We are doing a PT for one of our customers with 5 webservers. ... applications running on all the 5 web servers and for security ... having the critical website by using guessing techniques. ... Cenzic Hailstorm finds vulnerabilities fast. ...
(Pen-Test)
How to save users information across the whole web site?
... I have a question about which is the best way to store user info across the ... Now I have 3 web servers and each server has enabled the web ... whole website without using session. ... Or any reference of the comparison ...
(microsoft.public.dotnet.framework.aspnet)
Re: Dont know what next
... When you Web Publish a website, you'll have to modify the ... it can't be on the same subnet as the public ... The web servers were originally connected ...
(microsoft.public.isa)