> *From:*[email protected] > [mailto:[email protected]] *On Behalf Of > *Michael Lubinski > *Sent:* April 7, 2011 9:55 AM > *To:* PaulDotCom Security Weekly Mailing List > *Subject:* [Pauldotcom] Web App Crawlers > > I am trying to find all of the web apps currently hosted in an > organization. What is a good crawler I could use? This is from the > defensive side of things, its a network that I have full control over. >
Commercially, we have the Passive Vulnerability Scanner available from Tenable. There are other solutions that sniff apps as well. Sniffing web servers in realtime is useful because it is port independent and you can also enumerate all of the web sites hosted on a web server. Something like the PVS is advanced enough to identify expired SSL certificates or web servers referencing javascript hosted on third party servers as well. -- Ron Gula, CEO Tenable Network Security http://www.tenable.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
