[prev in list] [next in list] [prev in thread] [next in thread]
List: webappsec
Subject: Re: Website "Scanner"
From: Nicolas Waisman <nwaisman () dsnsecurity ! com>
Date: 2002-03-29 20:36:11
[Download RAW message or body]
Some lines of Python....
from socket import *
import string,sys
s=socket(AF_INET, SOCK_STREAM)
s.connect( (sys.argv[1], 80))
bleh=sys.argv[2]
s.send("GET /"+ bleh + " HTTP/1.0\n\r\n\r")
if s.recv(1024).find("HTTP/1.1 404") > -1:
print "WIIIIIIIIIIIIIIIIIIIII"
s.close()
You can make lots of improvements to this... in 4 lines and 3 minutes of code :D
Bye
Nico
backed.up.by.2048.bit.encryption@hushmail.com wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Is there anything out there like a port scanner but for websites, where it \
> dictionary attacks the files. For example you plug in the domain:
> http://www.foo.com
>
> and tries to find .html files (or other)
>
> http://www.foo.com - index.html
> ndex.html
> dex.html
> ex.html
>
>
> ......etc
>
> where runs through numerous possibilities to hit on files on the server (and even) \
> directories). If so, one could certainly hit on some sensitive information, say \
> where the administrator has been testing something, or internal product infos etc.
> If there is nothing out there like this, why not?
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: Hush 2.2 (Java)
> Note: This signature can be verified at https://www.hushtools.com/verify
>
> wnUEARECADUFAj4cj18uHGJhY2tlZC51cC5ieS4yMDQ4LmJpdC5lbmNyeXB0aW9uQGh1
> c2htYWlsLmNvbQAKCRDEHQGvBp4eRJLBAKCPZpeToNzqtkqKkaIROClm91qhXgCfe4Eo
> /YwZbPRhApi54B5jewqOYCk=
> =d2v7
> -----END PGP SIGNATURE-----
>
>
>
>
> Concerned about your privacy? Follow this link to get
> FREE encrypted email: https://www.hushmail.com/?l=2
>
> Big $$$ to be made with the HushMail Affiliate Program:
> https://www.hushmail.com/about.php?subloc=affiliate&l=427
>
>
>
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic