Thursday, February 11, 2010

New DirSnatch / DirSnatch_v2.1

New Version of DirSnatch can be downloaded Here .

So briefly I wanted to describe the new version of DirSnatch. Just as DirChex (tool for automatically requesting a list of URLs from  a text thru your proxy) had a modification with the "PUT" tab so has DirSnatch.


RUNDOWN:

DirSnatch will allow you to save two different files. One dumps a web directory list in the full URL format (DirGet tab).

Sooo C:\inetpub\public\index.asp

becomes

http://example.com/public/index.asp

so on and so forth.

The other (DirPut) will dump the web directory with only the directories & sub-directories (still with URL format)so that we can automate the request of testing each directory for a vulnerable PUT permission issue.

Sooo C:\inetpub\public\index.asp

becomes

http://example.com/public/

BENEFIT:


The benefit of the new tab is the following. If you'd like to use Burp Suite or DirChex to test each directory for PUT the format that DirPut lists each directory in is suitable for simply concatenating the URL + "a test file".


MEANING:

When using the DirChex PUT tab you can provide a name of a file you would like to upload to the target Web App's directories, choose the the txt file containing URLs dumped with DirSnatch_v2.1 DirPut and it will do the concatenation and request for you. Voila.

PIC OF NEW VERSION: 




Thoughts, comments, suggestions are welcome.

Happy Hacking!

~cktricky

No comments: