lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 18 Mar 2003 00:29:08 +0200 (SAST)
From: SensePost Research <research@...sepost.com>
To: <bugtraq@...urityfocus.com>
Subject: Simple WebDAV method validator (PERL code)

A quick 10 minute job...

> head -n 9 finder.pl
#!/bin/perl
##
## This script test for most of the methods used by WebDAV
## If the server does not complain about the method its an indication
## that WebDAV is in use..
##
## Please see http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-007.asp
## for info why this is interesting..
##

Typical output:

> perl finder.pl www.blah.co.za 80
Testing WebDAV methods [www.blah.co.za 80]
-------------------------------------
www.blah.co.za : Server type is Microsoft-IIS/5.0
Method PROPFIND seems to be allowed - WebDAV possibly in use
Method PROPPATCH seems to be allowed - WebDAV possibly in use
Method MCOL seems to be allowed - WebDAV possibly in use
Method PUT seems to be allowed - WebDAV possibly in use
Method DELETE seems to be allowed - WebDAV possibly in use
Method LOCK seems to be allowed - WebDAV possibly in use
Method UNLOCK seems to be allowed - WebDAV possibly in use

> perl finder.pl  www.moreblah.com 80
Testing WebDAV methods [www.moreblah.com 80]
-------------------------------------
www.moreblah.com : Server type is Microsoft-IIS/5.0
Method PROPFIND is not allowed
Method PROPPATCH is not allowed
Method MCOL is not allowed
Method PUT is not allowed
Method DELETE is not allowed
Method LOCK is not allowed
Method UNLOCK is not allowed



Enjoy/Butcher/Modify as you see fit.

----------------------------
SensePost Research
www.sensepost.com
research@...sepost.com
----------------------------

Disclaimer:

This information is believed to be correct and accurate at the time of
publishing. No warranty or any guarantee is given, directly, or implied as
to its accuracy or completeness.  In no event shall the author or
SensePost be liable for any damages resulting from the use or abuse of
this information. The information contained in this correspondence may be
redistributed, provided it is not modified in any way or charged for.


View attachment "finder.pl" of type "TEXT/PLAIN" (2703 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ