in reply to (OT) Script for getting list of all files/directories on website?

First, I recommend a search on Google for the phrase "security through obscurity", which is exactly the problem you're encountering. A couple of well-written papers, with examples, by security analysts might sway more minds than any program you'll write.

And yes, it's possible -- script kiddies have been doing similar for over a decade and a half, now. All it involves, at its most basic, is "best guesses" at directory names, like "home" and "etc", coupled, perhaps, with a full-blown dict attack.

I don't know of any mainstream utility that would do it, but I cannot imagine it would be hard to build, just tedious to deploy and run. If you're serious about this, I'd suggest looking into "SQL Injection" attacks, which, as I recall, use similar techniques on some levels.

Does that help?

----Asim, known to some as Woodrow.

  • Comment on Re: (OT) Script for getting list of all files/directories on website?

Replies are listed 'Best First'.
Re^2: (OT) Script for getting list of all files/directories on website?
by buttroast (Scribe) on Jun 21, 2006 at 14:28 UTC
    Asim, Yes, this helps me. I was having trouble coming up with a good search phrase for google. I've heard of "Security by Obscurity" before but it didn't come to mind when I was searching on this topic. Thanks again.
    Thanks buttroast
[reply]

In Section Seekers of Perl Wisdom