Solved

Web server scanning for unauthenticated pages

Posted on 2009-04-06
2
241 Views
Last Modified: 2013-11-30
Ok....I have been looking around for awhile now and can't seem to find a tool that fits my need. I am hoping to find a tool that I can point at a web server and it will scan in some fashion to bring back a list of all the pages on this server that are unauthenticated (those that you don't need a username and password to access).  Not sure if a tool like this exists but I would imagine it does. The usually suspects; Retina, NMap, Nessus, etc.... don't seem to offer this type of testing.

Myself and the rest of our project team are undergoing some security testing and I am trying to demo this type of issue for our developers who don't think this is an IA issue.

Any help is appreciated.

Thanks....
0
Comment
Question by:adamhealy
2 Comments
 
LVL 37

Expert Comment

by:meverest
ID: 24092790
Hi,

the basic problem with what you want to do is that any tool to do this will need to have advance knowledge of the directory structure of the web site.  I can't think of any tool that has such a capacity - you will probably need to build it yourself.

Cheers.
0
 
LVL 2

Accepted Solution

by:
adamhealy earned 0 total points
ID: 24092953
meverest,
Thanks for the input.

After consulting some colleagues I would found a tool that would "crawl" the directories and identify these type of issues.

The tool was a Web Vulnerability Scanner from Acunetix.com.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
How do we balance the user experience (UX) with reasonable security measures? It can be done, if you keep these fundamentals in mind.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question