RE: https web crawler

From: Erin Carroll (amoeba@amoebazone.com)
Date: Sun Sep 17 2006 - 15:56:48 EDT

• Next message: pagvac: "dnsmap: subdomain bruteforcer for stealth enumeration"
• Previous message: thomas springer: "Re: tcptraceroute outcome"
• In reply to: Ezequiel Sallis: "Re: https web crawler"
• Next in thread: Morning Wood: "Re: https web crawler"
• Reply: Morning Wood: "Re: https web crawler"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Since you're using Sam Spade I assume you prefer windows-based tools. Nikto
can run on Windows but the SSL functionality is problematic. It requires
ActiveState's Net::SSL module and still might not work. It has been a while
since I last checked so there may be a workaround now.

An alternative is Wikto in conjunction with HTTPrint and HTTrack plugins.
The 3 combined allow for google mining (with a valid API key), site
mirroring, and a lot of similar functionality to what you were using Sam
Spade for: www.sensepost.com/research/wikto/

--
Erin Carroll
Moderator
SecurityFocus pen-test list
"Do Not Taunt Happy-Fun Ball" 
> -----Original Message-----
> From: listbounce@securityfocus.com
> [mailto:listbounce@securityfocus.com] On Behalf Of Ezequiel Sallis
> Sent: Sunday, September 17, 2006 8:49 AM
> To: Leece, Doug
> Cc: pen-test@securityfocus.com
> Subject: Re: https web crawler
> 
> Hi, you can try:
> 
> 
> Paros Proxy www.parosproxy.org
> Nikto www.cirt.net/code/nikto.shtml
> 
> bye
> 
> Ezequiel M.Sallis CISSP/NSP
> 
> 
> 
> 
> Leece, Doug wrote:
> > Hello,
> >
> > I have used Sam Spade quite a few times to find little nuggets in the
> > html code. Does anyone know of a better tool like that or one that
> > does something similar for https sites? Strictly to do foot printing
> > at this point not actually faking out form values or anything like
> that.
> >
> > Thanks in advance,
> >
> >
> >
> > ---------------------------------------------------------------------
> -
> > --
> > This List Sponsored by: Cenzic
> >
> > Need to secure your web apps?
> > Cenzic Hailstorm finds vulnerabilities fast.
> > Click the link to buy it, try it or download Hailstorm for FREE.
> > http://www.cenzic.com/products_services/download_hailstorm.php
> > ---------------------------------------------------------------------
> -
> > --
> >
> >
> 
> --
> 
> 
>                Ezequiel M.Sallis CISSP/NSP
> 
>                      (Certified Information System Security
> Professional)
> 
>               Information Security Specialist
> 
> 
> 
> 
> 
> 
> -----------------------------------------------------------------------
> -
> This List Sponsored by: Cenzic
> 
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php
> -----------------------------------------------------------------------
> -
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------

• Next message: pagvac: "dnsmap: subdomain bruteforcer for stealth enumeration"
• Previous message: thomas springer: "Re: tcptraceroute outcome"
• In reply to: Ezequiel Sallis: "Re: https web crawler"
• Next in thread: Morning Wood: "Re: https web crawler"
• Reply: Morning Wood: "Re: https web crawler"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:58 EDT