Re: [mod-security-users] web app discovery
Brought to you by:
victorhora,
zimmerletw
From: Ivan R. <iva...@gm...> - 2006-05-22 08:50:34
|
On 5/21/06, kiran k <kir...@ya...> wrote: > > Are there any tools which discovers web application from an input URL. > > I am looking for a tool which crawls recursively and finds the forms, for= m > fields, server scripts, cookies and hidden fileds. Based on this informat= ion > I would like to develop policies. If I have this data in xml it would be > even better. > > Any quick starting point would be greatly appreciated, if no tools exist= s. > How about any commercial libraries ? Your best bet might be the commercial tools (web application vulnerability scanners). But, IMHO, none of the tools I have seen are smart enough to work in a general case. For example, if the web site uses JavaScript or Flash for navigation the tool is not going to help you much. --=20 Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall |