lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 20 Aug 2008 12:34:48 -0400
From: William McAfee <sec-community@...goodhacker.com>
To: Robert Holgstad <rholgstad@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: OWASP DirBuster 0.11.1 Released

A pen tester could use it to see if they can use it to find directories
for admin scripts that rely on the assumption that the attacker does not
know where to find it.

On Wed, 2008-08-20 at 10:05 -0500, Robert Holgstad wrote:
> so does owasp do anything useful or just cater to script kiddies?
> 
> On Wed, Aug 20, 2008 at 9:42 AM, James Fisher
> <dirbuster@...tinglittleduck.com> wrote:
>         
>         A new version of the OWASP DirBuster Project is ready to be
>         downloaded.
>         
>         If you are not familiar with this OWASP project, DirBuster is
>         a multi
>         threaded java application designed to brute force directories
>         and
>         files names on web/application servers. Often is the case now
>         of what
>         looks like a web server in a state of default installation is
>         actually
>         not, and has pages and applications hidden within. DirBuster
>         attempts
>         to find these.
>         
>         Features include:
>         
>             * Multi threaded has been recorded at over 6000
>         requests/sec
>             * Works over both http and https
>             * Scan for both directory and files
>             * Will recursively scan deeper into directories it finds
>             * Able to perform a list based or pure brute force scan
>             * DirBuster can be started on any directory
>             * Custom HTTP headers can be added
>             * Proxy support
>             * Auto switching between HEAD and GET requests
>             * Content analysis mode when failed attempts come back as
>         200
>             * Custom file extensions can be used
>             * Performance can be adjusted while the program in running
>             * Supports Basic, Digest and NTLM auth
>         
>         Further information and downloads can be found at
>         https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project
>         
>         James Fisher
>         
>         ----------------------------------------------------------------
>         This message was sent using IMP, the Internet Messaging
>         Program.
>         
>         _______________________________________________
>         Full-Disclosure - We believe in it.
>         Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>         Hosted and sponsored by Secunia - http://secunia.com/
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ