Re: [W3af-develop] Directory/File Bruteforcing

Thu, 11 Jun 2009 13:25:10 -0700 

Hey Andres,
I was thinking just a small or medium sized list, using an external file. If a user wants to supply their own wordlist, such as the dirbuster list, its up to them. This would keep the download size manageable with the flexibility to use any list you want. I'll take a shot at writing this plugin and email it out to the list when I'm done. 

Thanks,
Jon

On Jun 11, 2009, at 2:50 PM, Andres Riancho wrote:


Jon,

On Thu, Jun 11, 2009 at 2:21 PM, jrose<jr...@owasp.org> wrote:

Has anyone written a plugin to bruteforce directories or file names
similar to Dirbuster by OWASP?


I haven't, and I don't know of anyone that has... but there have been
people interested in doing it. I think that the reason that they
haven't done it is that at some point I thought that the license for
the directory listings in OWASP Dirbuster [0] was incompatible with
GPL v2.0 [1].

After some careful reading of [0], I think that they are compatible
([1] doesn't specify, not as far as I can tell). So... if you want to
develop a directory bruteforcer using the lists provided by DirBuster,
please go ahead and do it.

In the default release of w3af we'll include Dirbuster's lists, with
the original name, and with a big thanks to the original author; and
references to the original license, so any license savvy can help us
in the future is he finds that this is legally wrong.

In my opinion, the lists that should be included are:
- directory-list-2.3-small.txt
- directory-list-2.3-medium.txt

The big list can be downloaded by the users if they needed it. The
lowercase versions can be "calculated" from the original versions.

I don't want to make the default download of w3af 15mb bigger (which
is the size of DirBuster's lists).



------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing 
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop






















					Reply via email to