Fuzzdb takes a different approach: 1. Marrying the excellent Skipfish wordlist with collections of extensions (every known compressed file extension, common file extensions, a ton of backup file extensions, etc) and prefixes (variations of copy_of_ etc) for targeted or super-bruteforce fuzzing http://code.google.com/p/fuzzdb/source/browse/#svn%2Ftrunk%2FDiscovery%2FFilenameBruteforce 2. Lists of predictable resources, sorted by server type (IIS, tomcat, glassfish, etc), common apps (sharepoint, sap, cms and themes, etc), and lots of other stuff. http://code.google.com/p/fuzzdb/source/browse/#svn%2Ftrunk%2FDiscovery%2FPredictableRes Any HTTP 4xx status code other than 404 warrants investigation, as does any 5xx code. Ultimately, if you're testing, find something interesting, and dont have a good fuzzfile for it, you should be doing some research and making your own fuzzfiles. This can take the form of downloading oss software or commercial evaluation versions, or lacking that, mining tech support websites and docs for paths, or google dorking. Examples: Not long ago, I found the admin interface for a commercial product deployed on a client's box with no easily obtainable eval, thanks to a screenshot in their documentation, which was available. Some of the predictable resource lists in fuzzdb were created by google forming +"index of /" etc. Be creative, it will pay off... -a On May 6, 2011 12:42 PM, "Andre Gironda" <andreg@gmail.com> wrote: On Fri, May 6, 2011 at 2:02 AM, Brtnik, Vojtech (NL - Amstelveen) <VBrtnik@deloitte.nl> wrote: > thi... Here is similar work, with explanations, done by Mavituna Security: http://www.mavitunasecurity.com/blog/svn-digger-better-lists-for-forced-browsing/ > 1) what do you get out of using multiple tools? It occurs to me that running DirBuster (for insta... I like all of those tools and their concepts. It is tricky trying to get the results from them without running them in parallel or serially. I instead suggest to somehow combine their capabilities, perhaps by writing your own tool that incorporates all of their capabilities and concepts. > 2) What do you exactly mean by "run the list through a single-pane-of-glass tool like Burp"? What... Burp provides me simplicity and ease of use, as well as familiarity. I was thinking of importing the list as an Intruder payload set and configuring a fuzzing position on a single insertion point, such as the final "/" in http://www.site.com/ -Andre _______________________________________________ The Web Security Mailing List WebSecurity RSS Feed...