Solved

Web server scanning for unauthenticated pages

Posted on 2009-04-06
2
248 Views
Last Modified: 2013-11-30
Ok....I have been looking around for awhile now and can't seem to find a tool that fits my need. I am hoping to find a tool that I can point at a web server and it will scan in some fashion to bring back a list of all the pages on this server that are unauthenticated (those that you don't need a username and password to access).  Not sure if a tool like this exists but I would imagine it does. The usually suspects; Retina, NMap, Nessus, etc.... don't seem to offer this type of testing.

Myself and the rest of our project team are undergoing some security testing and I am trying to demo this type of issue for our developers who don't think this is an IA issue.

Any help is appreciated.

Thanks....
0
Comment
Question by:adamhealy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 37

Expert Comment

by:meverest
ID: 24092790
Hi,

the basic problem with what you want to do is that any tool to do this will need to have advance knowledge of the directory structure of the web site.  I can't think of any tool that has such a capacity - you will probably need to build it yourself.

Cheers.
0
 
LVL 2

Accepted Solution

by:
adamhealy earned 0 total points
ID: 24092953
meverest,
Thanks for the input.

After consulting some colleagues I would found a tool that would "crawl" the directories and identify these type of issues.

The tool was a Web Vulnerability Scanner from Acunetix.com.
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question