CURRENT functionality:
-S - stands for standard. a set of Standard tests and includes: indexing of directories testing, banner grabbing, language detection (should be obvious), robots.txt, and 200 response testing (some servers send a 200 ok for every req)
-auth - looks for login pages with a list of some of the most common login files and dirs. don't need to be very big list of URLs because what else are going to name it? notAlogin.php???
-Cp - scan with a huge list of plugins dirs. the list is a bit old (2010)
-I - searches the responses for interesting strings
-Ws - looks for web services such as hosting provider, blogging services, favicon fingerprinting, and cms version info
-Fd - look for generally things people don't want you to see. The list is generated form a TON of robot.txt so whatever it finds should be interesting.
-Fp - FingerPrint server based on behavior (unrefined as of yet)
-ninja - A light weight and undetectable scan that uses bits and peaces from other scans
-Sd - BruteForce Sub Domains
-Db - BruteForce Directories with the big dirbuster Database
-ua - use a custom UserAgent. PUT UA IN QUOTES if theres spaces
-proxy - send all http reqs via a proxy. example: 255.255.255.254:8080
-e - run all the scans in the tool
web-sorrow also has false positives checking on most of it's requests (it pretty accurate but not perfect)
Changes v-1.3.9 : Major overhauls! ENHANCED: -S -Ws ADDED: passive error begging in responces. minor bug fixes
Download latest Version : Web-Sorrow_v1.3.9.zip (7.0 MB)
For More Information : http://code.google.com/p/web-sorrow/
Previous post regarding older versions -
0 comments:
Post a Comment