Web server scanning for unauthenticated pages
Posted on 2009-04-06
Ok....I have been looking around for awhile now and can't seem to find a tool that fits my need. I am hoping to find a tool that I can point at a web server and it will scan in some fashion to bring back a list of all the pages on this server that are unauthenticated (those that you don't need a username and password to access). Not sure if a tool like this exists but I would imagine it does. The usually suspects; Retina, NMap, Nessus, etc.... don't seem to offer this type of testing.
Myself and the rest of our project team are undergoing some security testing and I am trying to demo this type of issue for our developers who don't think this is an IA issue.
Any help is appreciated.