Skip to content
Sep 23 / Mike

SauceWalk-0.2a Released Today!!! (Update… it’s now rev. 0.2b)

,

This tool will allow you to populate your proxy (burp/acunetix/paros etc) with a full list of files and directories as found on your web server including all includes etc.

The idea is that you either point it at a local copy of the given site or a remote php script (asp/jsp versions to follow) and it will enumerate all files and folders. Once this action is complete it will make web requests to each file and folder via your given proxy.

This tool is especially handy when testing against common open source platforms (Joomla for example).

This tool was born out of the necessity to have full exposure of a remote site rather than just the files visible when using a traditional spider/crawler.

 

Usage

Obtain a copy of the source (i.e. from the vendor site) and unpack it into a directory or upload the remote agent to your server.
1, Launch proxy eg Burp/Acunetix

2, run walk.exe

3, follow the instructions!!

note: if you have access to the site you can use the remote agent to dynamically obtain a current list of files and folders.. simply upload saucewalk.php to your server and when prompted enter the full URL including “k” parameter (asp/jsp versions to follow) it is a good idea to change the key to something unique to you!!

if you experience issues please let me know via the comments section.

example:

http://www.mysitetobetested.com/saucewalk.php?k=13371337133713371337

 

Version 1.0 (multi-platform Open Source) to be released soon with full python source code provided via sourceforge and google code (once I’m happy with the functionality)

 

————————————————————————————————————————-

FIXED PHP ERROR

SHA256: 3be7006f1fcb4dbd19d13ab571b58deb5e4b968ded3fb85d5502f8cdc02f4c77
SHA1: f392485b49adf6959aebb9c81b99cfce084a307d
MD5: a85b6fa3fb13f3119e89631a3ecdd662
File size: 4.0 MB ( 4190359 bytes )
File name: SauceWalk-0.2b.zip
File type: ZIP

0.2b – Virus Total Report

————————————————————————————————————————-

SHA256: 8c3d2a277f47d37a07ff1e1690d8cd1bf826b81d90a93853ada4bc941193dc78
SHA1: 7d20223cf2e829fafd08f773cab8f18156d3162b
MD5: d91f9f63a894ac8a5740538f9b779bdd
File size: 4.0 MB ( 4190315 bytes )
File name: SauceWalk-0.2a.zip
File type: ZIP

0.2a – Virus Total Report

————————————————————————————————————————-

 

Also Available here: https://sourceforge.net/projects/saucewalk/

 

WORD OF WARNING!!!!! – AS WITH ANY SECURITY TOOL.. THIS COULD BREAK YOUR SITE IF NOT USED CORRECTLY (especially if you have an active admin session at the time)

Filed under Tools

2 Comments

leave a comment
  1. Marcus Longbottom / Sep 26 2013

    Nice nuff said

    Reply
    • Mike / Sep 26 2013

      Thank you, it was a very quick project that I built for a pentest.

      Reply
Leave a Comment