Re: Website detection



sorry if it comes second time.
hi,

try fierce domain scan from ha.cker.org

_CF

On 2/21/07, Tim <tim-pentest@xxxxxxxxxxxxxxxxxxx> wrote:
> We are doing a PT for one of our customers with 5 webservers. None of
> these webservers have the website on the main url like
> http://xxx.xxx.xxx.xxx but they have confirmed that they have critical
> applications running on all the 5 web servers and for security
> purposes they have moved the websites to something like
> http://xxx.xxx.xxx.xxx/yyy.
>
> Now manually I guess it will take years to identify the correct URL
> having the critical website by using guessing techniques. I was
> wondering if there is a tool that could try various popular and brute
> force combinations to automatically guess the possible URLs.
>
> I'm sure many of you would have wonderful ideas to address this
> problem. Pls. enlighten.

If these are public websites and they aren't using a robots.txt file,
you can always run a google search like:

site:xxx.xxx.xxx.xxx

and you should get a few goodies. This won't work if they are careful
though.

tim

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------




--
---------------------------------------
http://www.secgeeks.com
get a blog on secgeeks :)
register here:-
http://secgeeks.com/user/register
rss feeds :-
http://secgeeks.com/node/feed
Submit you security articles,send them to secgeek@xxxxxxxxxxxx

http://www.newskicks.com
Submit and kick for new stories from all around the world.
---------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------



Relevant Pages

  • Re: Informing Companies about security vulnerabilities...
    ... security vulnerabilities... ... the vulnerable web apps I use for class. ... I go to a live public website or two during the class and we talk ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)
  • Re: Informing Companies about security vulnerabilities...
    ... I know it is your responsability to teach your students how to ... Depending on the information you can get through the website (customer ... Need to secure your web apps? ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)
  • Re: Website detection
    ... these webservers have the website on the main url like ... Need to secure your web apps? ... Cenzic Hailstorm finds vulnerabilities fast. ... Click the link to buy it, try it or download Hailstorm for FREE. ...
    (Pen-Test)
  • Re: Website detection
    ... and used curl or wget to hit the site with each dictionary word ... > these webservers have the website on the main url like ... > Need to secure your web apps? ... > Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)
  • Re: Website detection
    ... We are doing a PT for one of our customers with 5 webservers. ... having the critical website by using guessing techniques. ... Need to secure your web apps? ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)