webFileScanner.pl – simple file & directory brute-force utility

Here’s a simple utility i coded up using perl + lwp to blindly request files from a webserver + print the status code that’s returned. Functionally, it’s similar to the excellent ‘Dirbuster,’ but without the overhead of Java.

Usage:
jcran@marzban:~/toolkit-new/nix/brute-web$ ./webFileScanner.pl Usage: ./webFileScanner.pl [ip or hostname] [file with urls] [https?])]

Example:
jcran@marzban:~/toolkit-new/nix/brute-web$ ./webFileScanner.pl http://0x0e.com ../../wordlist/directory-list-1.0.txt

Output:
jcran@marzban:~/toolkit-new/nix/brute-web$ ... url: http://0x0e.com/healthyliving - status: 404 url: http://0x0e.com/healthy_living - status: 404 url: http://0x0e.com/pl0p - status: 200 url: http://0x0e.com/relationships - status: 404 url: http://0x0e.com/his - status: 404 url: http://0x0e.com/history - status: 404 url: http://0x0e.com/ancient - status: 404 url: http://0x0e.com/family - status: 404 ...

The output is grep-able & LWP makes it quite simple to add additional features as needed. For instance, you could quickly instruct LWP to save ‘status: 200’ pages to disk.

You can download the file here.

Leave a Comment Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

Related

Leave a Comment Cancel reply