Solved

Web server scanning for unauthenticated pages

Posted on 2009-04-06
2
236 Views
Last Modified: 2013-11-30
Ok....I have been looking around for awhile now and can't seem to find a tool that fits my need. I am hoping to find a tool that I can point at a web server and it will scan in some fashion to bring back a list of all the pages on this server that are unauthenticated (those that you don't need a username and password to access).  Not sure if a tool like this exists but I would imagine it does. The usually suspects; Retina, NMap, Nessus, etc.... don't seem to offer this type of testing.

Myself and the rest of our project team are undergoing some security testing and I am trying to demo this type of issue for our developers who don't think this is an IA issue.

Any help is appreciated.

Thanks....
0
Comment
Question by:adamhealy
2 Comments
 
LVL 37

Expert Comment

by:meverest
ID: 24092790
Hi,

the basic problem with what you want to do is that any tool to do this will need to have advance knowledge of the directory structure of the web site.  I can't think of any tool that has such a capacity - you will probably need to build it yourself.

Cheers.
0
 
LVL 2

Accepted Solution

by:
adamhealy earned 0 total points
ID: 24092953
meverest,
Thanks for the input.

After consulting some colleagues I would found a tool that would "crawl" the directories and identify these type of issues.

The tool was a Web Vulnerability Scanner from Acunetix.com.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now