Mapping the Application

Viewing 6 reply threads
  • Author
    Posts
    • #8003
      Seen
      Participant

      I typically use Burp Spider and the BuiltWith Chrome Extension to map websites I’m testing.  Does anyone use anything else?  I’m always looking for new things to play around with.

    • #50763
      MaXe
      Participant

      I use Burp (the spider) as well, but Burp has several features, i.e. Discover Content, and even the Intruder, can be used to launch the wordlists DirBuster has. The OWASP DirBuster is however, quite fast most of the time for discovering well known content.

      Nikto, is another web scanner that’s good at finding common vulnerabilities, misconfigurations and even some content. (DirBuster is a lot more efficient.)

    • #50764
      Dark_Knight
      Participant

      @MaXe what settings do you typically use for Dirbuster? Are you also using the raft wordlist

      Wordlist: http://code.google.com/p/raft/downloads/detail?name=raft-wordlists-20110803.7z

    • #50765
      Seen
      Participant

      I’ve only used Dirbuster once, I’ll have to play around with it some more.

      How accurate is nikto?  I’ve used it on 2 different servers and got a lot of false positives (PHP related issues on sites not running PHP!)

    • #50766
      ambient
      Participant

      For me, I am working with
      1. BurpSuite for web application crawling and mapping.
      2. DirBuster for directory or file name enumeration.
      3. HTTrack for saving some web contents in order to extract interesting metadata.
      4. nikto for checking web server configuration
      5. w3af for quick web application scanning

      These activities pave a way to the next step.

    • #50767
      Dark_Knight
      Participant

      @ambient wrote:

      For me, I am working with
      1. BurpSuite for web application crawling and mapping.
      2. DirBuster for directory or file name enumeration.
      3. HTTrack for saving some web contents in order to extract interesting metadata.
      4. nikto for checking web server configuration
      5. w3af for quick web application scanning

      These activities pave a way to the next step.

      ……have you had issues doing authenticated scans with w3af?

    • #50768
      ambient
      Participant

      ……have you had issues doing authenticated scans with w3af?

      What does it mean? If you meant the problem, my w3af often crashed during the scan.

Viewing 6 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?