[prev in list] [next in list] [prev in thread] [next in thread] 

List:       webappsec
Subject:    Re: Website "Scanner"
From:       Nicolas Waisman <nwaisman () dsnsecurity ! com>
Date:       2002-03-29 20:36:11
[Download RAW message or body]

Some lines of Python....

from socket import *
import string,sys
s=socket(AF_INET, SOCK_STREAM)
s.connect( (sys.argv[1], 80))
bleh=sys.argv[2]
s.send("GET /"+ bleh + " HTTP/1.0\n\r\n\r")
if s.recv(1024).find("HTTP/1.1 404") > -1:
	print "WIIIIIIIIIIIIIIIIIIIII"
s.close()

You can make lots of  improvements to this... in 4 lines and 3 minutes of code :D
Bye
Nico


backed.up.by.2048.bit.encryption@hushmail.com wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Is there anything out there like a port scanner but for websites, where it \
> dictionary attacks the files. For example you plug in the domain: 
> http://www.foo.com
> 
> and tries to find .html files (or other)
> 
> http://www.foo.com - index.html
> ndex.html
> dex.html
> ex.html
> 
> 
> ......etc
> 
> where runs through numerous possibilities to hit on files on the server (and even) \
> directories).  If so, one could certainly hit on some sensitive information, say \
> where the administrator has been testing something, or internal product infos etc. 
> If there is nothing out there like this, why not?
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: Hush 2.2 (Java)
> Note: This signature can be verified at https://www.hushtools.com/verify
> 
> wnUEARECADUFAj4cj18uHGJhY2tlZC51cC5ieS4yMDQ4LmJpdC5lbmNyeXB0aW9uQGh1
> c2htYWlsLmNvbQAKCRDEHQGvBp4eRJLBAKCPZpeToNzqtkqKkaIROClm91qhXgCfe4Eo
> /YwZbPRhApi54B5jewqOYCk=
> =d2v7
> -----END PGP SIGNATURE-----
> 
> 
> 
> 
> Concerned about your privacy? Follow this link to get
> FREE encrypted email: https://www.hushmail.com/?l=2 
> 
> Big $$$ to be made with the HushMail Affiliate Program: 
> https://www.hushmail.com/about.php?subloc=affiliate&l=427
> 
> 
> 
> 


[prev in list] [next in list] [prev in thread] [next in thread]