.

Mapping the Application

<<

Seen

User avatar

Full Member
Full Member

Posts: 137

Joined: Mon Aug 30, 2010 1:05 am

Post Mon Nov 05, 2012 5:06 pm

Mapping the Application

I typically use Burp Spider and the BuiltWith Chrome Extension to map websites I'm testing.  Does anyone use anything else?  I'm always looking for new things to play around with.
Sec+, eCPPT
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Mon Nov 05, 2012 6:06 pm

Re: Mapping the Application

I use Burp (the spider) as well, but Burp has several features, i.e. Discover Content, and even the Intruder, can be used to launch the wordlists DirBuster has. The OWASP DirBuster is however, quite fast most of the time for discovering well known content.

Nikto, is another web scanner that's good at finding common vulnerabilities, misconfigurations and even some content. (DirBuster is a lot more efficient.)
I'm an InterN0T'er
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Mon Nov 05, 2012 10:01 pm

Re: Mapping the Application

@MaXe what settings do you typically use for Dirbuster? Are you also using the raft wordlist

Wordlist: http://code.google.com/p/raft/downloads ... 0110803.7z
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

Seen

User avatar

Full Member
Full Member

Posts: 137

Joined: Mon Aug 30, 2010 1:05 am

Post Tue Nov 06, 2012 2:29 am

Re: Mapping the Application

I've only used Dirbuster once, I'll have to play around with it some more.

How accurate is nikto?  I've used it on 2 different servers and got a lot of false positives (PHP related issues on sites not running PHP!)
Sec+, eCPPT
<<

ambient

User avatar

Newbie
Newbie

Posts: 20

Joined: Tue Feb 17, 2009 1:33 am

Location: Thailand

Post Tue Nov 06, 2012 12:11 pm

Re: Mapping the Application

For me, I am working with
1. BurpSuite for web application crawling and mapping.
2. DirBuster for directory or file name enumeration.
3. HTTrack for saving some web contents in order to extract interesting metadata.
4. nikto for checking web server configuration
5. w3af for quick web application scanning

These activities pave a way to the next step.
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Tue Nov 06, 2012 2:13 pm

Re: Mapping the Application

ambient wrote:For me, I am working with
1. BurpSuite for web application crawling and mapping.
2. DirBuster for directory or file name enumeration.
3. HTTrack for saving some web contents in order to extract interesting metadata.
4. nikto for checking web server configuration
5. w3af for quick web application scanning

These activities pave a way to the next step.

......have you had issues doing authenticated scans with w3af?
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

ambient

User avatar

Newbie
Newbie

Posts: 20

Joined: Tue Feb 17, 2009 1:33 am

Location: Thailand

Post Wed Nov 07, 2012 2:49 am

Re: Mapping the Application

......have you had issues doing authenticated scans with w3af?


What does it mean? If you meant the problem, my w3af often crashed during the scan.

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software