Re: Website detection

To:	3 shool <3shool@gmail.com>
Subject:	Re: Website detection
From:	Tim <tim-pentest@sentinelchicken.org>
Date:	Tue, 20 Feb 2007 20:52:33 -0500
Cc:	pen-test@securityfocus.com
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	pentest-list2@consult.net
Delivered-to:	mailing list pen-test@securityfocus.com
Delivered-to:	moderator for pen-test@securityfocus.com
In-reply-to:	<5a4274b50702190208l76d97209wec4b527a9730ad8a@mail.gmail.com>
List-help:	<mailto:pen-test-help@securityfocus.com>
List-id:	<pen-test.list-id.securityfocus.com>
List-post:	<mailto:pen-test@securityfocus.com>
List-subscribe:	<mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list:	contact pen-test-help@securityfocus.com; run by ezmlm
References:	<5a4274b50702190208l76d97209wec4b527a9730ad8a@mail.gmail.com>
Resent-date:	Wed, 21 Feb 2007 21:17:28 -0700 (MST)
Resent-from:	pen-test-return-1078483583@securityfocus.com
Resent-message-id:	<20070222041728.3FA8E14432B@outgoing2.securityfocus.com>
Resent-sender:	listbounce@securityfocus.com
Sender:	listbounce@securityfocus.com
User-agent:	Mutt/1.5.13 (2006-08-11)

> We are doing a PT for one of our customers with 5 webservers. None of
> these webservers have the website on the main url like
> http://xxx.xxx.xxx.xxx but they have confirmed that they have critical
> applications running on all the 5 web servers and for security
> purposes they have moved the websites to something like
> http://xxx.xxx.xxx.xxx/yyy.
> 
> Now manually I guess it will take years to identify the correct URL
> having the critical website by using guessing techniques. I was
> wondering if there is a tool that could try various popular and brute
> force combinations to automatically guess the possible URLs.
> 
> I'm sure many of you would have wonderful ideas to address this
> problem. Pls. enlighten.

If these are public websites and they aren't using a robots.txt file,
you can always run a google search like:

  site:xxx.xxx.xxx.xxx

and you should get a few goodies.  This won't work if they are careful
though.

tim

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
Website detection, 3 shool RE: Website detection, Password Crackers, Inc. Re: Website detection, Robin Wood Re: Website detection, pand0ra RE: Website detection, Paul Melson Re: Website detection, Tim <= Re: Website detection, crazy frog crazy frog Message not available Re: Website detection, Campbell Murray

Previous by Date:	Re: What protocol to choose for a new fuzzer?, Kurt Buff
Next by Date:	Re: Speaking of nmap, Tim
Previous by Thread:	RE: Website detection, Paul Melson
Next by Thread:	Re: Website detection, crazy frog crazy frog
Indexes:	[Date] [Thread] [Top] [All Lists]