| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 1 Feb 2011 18:12:53 +0800 From: YGN Ethical Hacker Group <lists@...g.net> To: full-disclosure <full-disclosure@...ts.grok.org.uk> Subject: [Tool Update Announcement] inspathx - Path Disclosure Finder Check the update via svn checkout http://inspathx.googlecode.com/svn/trunk/ inspathx CHANGELOG =========== covered remaining checks (empty array, null cookie) in Full_Path_Disclosure (http://www.owasp.org/index.php/Full_Path_Disclosure) of OWASP Application Security Desk Reference (ASDR) Project (http://www.owasp.org/index.php/Category:OWASP_ASDR_Project) added support for generating path definition file and you can now use -d with path-definition file to check in addition to cms directory path added support for reading gzip/deflate compressed response from server added regexp support (use your own regexp rules to search in returned responses in addition to built-in regexp error messages) added null session cookie support --null-cookie [will auto null session for all languages ] added custom headers support --headers "cookie: sid[%00]=1\r\nX-pingback:: %00" added data (GET/POST) support --data (var=1&var=2) added method (get by default) support --method post added follow redirect support --follow-redirect added cold fusion language support; when feeded by large inputs, cold fusion apps tend to reveal source code disclosure if without boundary checks when used as IIS ISAPI extensions added --rm option to remove directory used to generate path list [suggestion by Brendan Coles] cleaned *-vuln-path.txt file content to make it ready for path definition file added support for [] , querystring in path definition file [suggestion by Brendan Coles] Added supported for username and web root path extraction for both *nux and windows [suggestion by Brendan Coles] added detection support for html_errors being set as off in php.ini [suggestion by Sebastien Damaye] THANKS ======= Ryan Dewhurst (http://www.ethicalhack3r.co.uk) for his suggestion to cover all checks (empty array, null cookie) of http://www.owasp.org/index.php/Full_Path_Disclosure --data, --param-array, -n/--null-session options. Brendan Coles (http://itsecuritysolutions.org/, http://whatweb.net/) for his suggestion that known web application paths should be bundled for convenience and time saving. I've done files with dozens of open-source web app known paths under 'paths' directory. You can do it for your desired CMS/application by -d and -g options. See EXAMPLES for more details. Submit latest path files to inspathx at yehg.net. Sebastien.damaye for his write-up about inspathx tutorial , http://www.aldeid.com/index.php/Inspathx And finally to developers community, their common coding practice, their belief on path disclosure as server side issue that make this tool meaningful and usable for current plus future web apps 100+ Web Apps with Full Path Disclosure using inspathx =========================================== https://code.google.com/p/inspathx/source/browse/#svn%2Ftrunk%2Fpaths_vuln * Send bugs/suggestions to inspathx at yehg.net --------------------------------- Best regards, YGN Ethical Hacker Group Yangon, Myanmar http://yehg.net Our Lab | http://yehg.net/lab Our Directory | http://yehg.net/hwd _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists