Solved

Web server scanning for unauthenticated pages

Posted on 2009-04-06
2
246 Views
Last Modified: 2013-11-30
Ok....I have been looking around for awhile now and can't seem to find a tool that fits my need. I am hoping to find a tool that I can point at a web server and it will scan in some fashion to bring back a list of all the pages on this server that are unauthenticated (those that you don't need a username and password to access).  Not sure if a tool like this exists but I would imagine it does. The usually suspects; Retina, NMap, Nessus, etc.... don't seem to offer this type of testing.

Myself and the rest of our project team are undergoing some security testing and I am trying to demo this type of issue for our developers who don't think this is an IA issue.

Any help is appreciated.

Thanks....
0
Comment
Question by:adamhealy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 37

Expert Comment

by:meverest
ID: 24092790
Hi,

the basic problem with what you want to do is that any tool to do this will need to have advance knowledge of the directory structure of the web site.  I can't think of any tool that has such a capacity - you will probably need to build it yourself.

Cheers.
0
 
LVL 2

Accepted Solution

by:
adamhealy earned 0 total points
ID: 24092953
meverest,
Thanks for the input.

After consulting some colleagues I would found a tool that would "crawl" the directories and identify these type of issues.

The tool was a Web Vulnerability Scanner from Acunetix.com.
0

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question