lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <6905b1570707160132n4f9b92f2h79076748f62dddd4@mail.gmail.com>
Date: Mon, 16 Jul 2007 09:32:42 +0100
From: "pdp (architect)" <pdp.gnucitizen@...glemail.com>
To: full-disclosure@...ts.grok.org.uk, owasp-leaders@...ts.owasp.org, 
	"WASC Forum" <websecurity@...appsec.org>
Subject: JavaScript Spider - Yahoo Site Explorer Spider

http://www.gnucitizen.org/blog/yahoo-site-explorer-spider

This simple POC uses Yahoo Site Explorer Service to craw/spider other
webistes. It is written entirely with JavaScript - no server side
support was required from my side. The POC proves once again that
Web2.0 technologies open new ways of attacking Web infrastructures.
Keep in mind that this spider is ultra fast. It does only several
connects in order to obtain the entire directory structure of the
targeted website. Also, keep in mind that it will take less then 5
minutes to make it equipped with the latest AJAX exploits. Therefore,
I am not responsible for your actions.

I am planning to write a follow up post on how we can make basic
client-side XSS scanner on the top of this spider, so stay tuned.

-- 
pdp (architect) | petko d. petkov
http://www.gnucitizen.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ