Comments on: bruteoptions.py — Get allowed HTTP Methods for a list of directories http://www.tssci-security.com/archives/2008/12/31/bruteoptionspy-get-allowed-http-methods-for-a-list-of-directories/ top secret/secure computing information Sun, 27 Mar 2011 12:47:22 -0500 http://wordpress.org/?v=2.8.6 hourly 1 By: Marcin http://www.tssci-security.com/archives/2008/12/31/bruteoptionspy-get-allowed-http-methods-for-a-list-of-directories/comment-page-1/#comment-19796 Marcin Sun, 11 Jan 2009 20:35:53 +0000 http://www.tssci-security.com/archives/2008/12/31/bruteforcepy-get-allowed-http-methods-for-a-list-of-directories/#comment-19796 Hey Alex, I wrote a Python script to do this for me. <a href="http://www.tssci-security.com/pub/scripts/dir_expand.py">dir_expand.py</a> What the script does, is it would take a deep URL, and break it up into individual lines, as so: i.e., <code>$ cat spidered_urls /deep/nested/directory/url/structure/index.php</code> <code>$ ./dir_expand.py spidered_urls /deep/ /deep/nested/ /deep/nested/directory/ /deep/nested/directory/url/ /deep/nested/directory/url/structure/</code> Hey Alex, I wrote a Python script to do this for me.

dir_expand.py

What the script does, is it would take a deep URL, and break it up into individual lines, as so:

i.e.,
$ cat spidered_urls
/deep/nested/directory/url/structure/index.php

$ ./dir_expand.py spidered_urls
/deep/
/deep/nested/
/deep/nested/directory/
/deep/nested/directory/url/
/deep/nested/directory/url/structure/

]]> By: Alex http://www.tssci-security.com/archives/2008/12/31/bruteoptionspy-get-allowed-http-methods-for-a-list-of-directories/comment-page-1/#comment-19654 Alex Wed, 07 Jan 2009 13:28:06 +0000 http://www.tssci-security.com/archives/2008/12/31/bruteforcepy-get-allowed-http-methods-for-a-list-of-directories/#comment-19654 Do you have any favorite tools when it comes to making a directory list/spidering a web application? I usually use Burp and then do some tweaking/scripting with the found URL:s which I copy out of Burp. But are the tools that automatically makes a directory list when spidering? Do you have any favorite tools when it comes to making a directory list/spidering a web application?

I usually use Burp and then do some tweaking/scripting with the found URL:s which I copy out of Burp.

But are the tools that automatically makes a directory list when spidering?

]]> By: Technocrat http://www.tssci-security.com/archives/2008/12/31/bruteoptionspy-get-allowed-http-methods-for-a-list-of-directories/comment-page-1/#comment-19429 Technocrat Wed, 31 Dec 2008 23:17:52 +0000 http://www.tssci-security.com/archives/2008/12/31/bruteforcepy-get-allowed-http-methods-for-a-list-of-directories/#comment-19429 I have found that OPTIONS will show TRACE enabled on IIS 6.0/7.0 even when it is disabled by default in these versions - however, the TRACK method might be enabled and does not show in OPTIONS. http://blog.techstacks.com/2008/07/disabling-trace-method-in-iis.html I have found that OPTIONS will show TRACE enabled on IIS 6.0/7.0 even when it is disabled by default in these versions – however, the TRACK method might be enabled and does not show in OPTIONS.

http://blog.techstacks.com/2008/07/disabling-trace-method-in-iis.html

]]>