Hi Andres, Jon,
On Thu, 11 Jun 2009, jrose wrote:
!! Hey Andres,
!! I was thinking just a small or medium sized list, using an external file.
a "small" file (~60.000) is provided by jbruzz.
dirbuster (with which this thread started) has huge files (>2^30).
> If a user wants to
!! supply their own wordlist, such as the dirbuster list, its up to them.
dirbuster can do that already.
!! This would keep the
!! download size manageable with the flexibility to use any list you want.
!! I'll take a shot at
!! writing this plugin and email it out to the list when I'm done.
I'll just jump into this thread as I've done some research about file/dir
bruteforcing/fuzzing last couple of years. This includes public domain tools
(jbruzz, dirbuster, wikto) as well as comercial tools (AppScan, WebInspect,
Acunetix). They all suck in this area, unfortunatelly :-(
The reasons are different, just some:
- lists are too small
- lists are too huge
- lists contain mainly useless test for professional apps
- lists are not customizable
- tools are too stupid
- and so on ...
Looking at the tools, we see that the comercial ones try to do the tests
with some "sophisticated" selections of the lists (depending on OS, or
application), but they lack to tell us *what* they test.
On the other side the oppen source tools test everything, even your own
lists, but they lack customization (except providing your own list).
What you needd in all-day-testing (my experiance) is a combination of
both aproaches: customizable and some kind of automaitic detection.
2 Examples for sophisticated selection:
- if IIS is detected, we need special path traversal
- if OS is not windows any \ in paths are useless
You see, this selection can be complicated and is not easy to compute.
That's probably why all tools give your either a very limited result,
or your wait some week 'til they finished (see dirbuster).
----
If someone really want's to write such a plugin, keep these problems
in mind. The biggest challange is to make a sophisticated list, the
test itself is very simple.
Writing YAB -yet another brutforcing- plugin is wasting time due to
reenventing the wheel, probably makeing the same mistakes ...
Sorry, for damping your enthusiasm, but I think a plugin which does
the same work as other tools is not a good idea.
If someone has a good idea to make the world go round here, count me
in, I guess I've some more hints somewhere in the lost areas of my brain.
Cheers
Achim
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
