Http/dir scanner
De www.metasploit-es.com.ar
El modulo "dir_scanner" escanea uno o mas servidores web en busca de directorios interesantes que puedan ser explorados.
msf > use auxiliary/scanner/http/dir_scanner msf auxiliary(dir_scanner) > show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- DICTIONARY /opt/metasploit3/msf3/data/wmap/wmap_dirs.txt no Path of word dictionary to use PATH / yes The path to identify files Proxies no Use a proxy chain RHOSTS yes The target address range or CIDR identifier RPORT 80 yes The target port THREADS 1 yes The number of concurrent threads VHOST no HTTP server virtual host
Aceptaremos el diccionario por defecto incluido en Metasploit, definiremos nuestro objetivo, y ejecutaremos el escaner.
msf auxiliary(dir_scanner) > set RHOSTS 192.168.1.201 RHOSTS => 192.168.1.201 msf auxiliary(dir_scanner) > run [*] Using code '404' as not found for 192.168.1.201 [*] Found http://192.168.1.201:80/.../ 403 (192.168.1.201) [*] Found http://192.168.1.201:80/Joomla/ 200 (192.168.1.201) [*] Found http://192.168.1.201:80/cgi-bin/ 403 (192.168.1.201) [*] Found http://192.168.1.201:80/error/ 403 (192.168.1.201) [*] Found http://192.168.1.201:80/icons/ 200 (192.168.1.201) [*] Found http://192.168.1.201:80/oscommerce/ 200 (192.168.1.201) [*] Found http://192.168.1.201:80/phpmyadmin/ 200 (192.168.1.201) [*] Found http://192.168.1.201:80/security/ 200 (192.168.1.201) [*] Found http://192.168.1.201:80/webalizer/ 200 (192.168.1.201) [*] Found http://192.168.1.201:80/webdav/ 200 (192.168.1.201) [*] Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed msf auxiliary(dir_scanner) >
Nuestro rapido escaneo nos muestra un numero de directorios en nuestro servidor objetivo que ciertamente querriamos continuar investigando mas adelante.
© Offensive Security 2009
Original de www.offensive-security.com Traducido por cbk999
