SauceWalk-0.2a Released Today!!! (Update… it’s now rev. 0.2b)
This tool will allow you to populate your proxy (burp/acunetix/paros etc) with a full list of files and directories as found on your web server including all includes etc.
The idea is that you either point it at a local copy of the given site or a remote php script (asp/jsp versions to follow) and it will enumerate all files and folders. Once this action is complete it will make web requests to each file and folder via your given proxy.
This tool is especially handy when testing against common open source platforms (Joomla for example).
This tool was born out of the necessity to have full exposure of a remote site rather than just the files visible when using a traditional spider/crawler.
Usage
Obtain a copy of the source (i.e. from the vendor site) and unpack it into a directory or upload the remote agent to your server.
1, Launch proxy eg Burp/Acunetix
2, run walk.exe
3, follow the instructions!!
note: if you have access to the site you can use the remote agent to dynamically obtain a current list of files and folders.. simply upload saucewalk.php to your server and when prompted enter the full URL including “k” parameter (asp/jsp versions to follow) it is a good idea to change the key to something unique to you!!
if you experience issues please let me know via the comments section.
example:
http://www.mysitetobetested.com/saucewalk.php?k=13371337133713371337
Version 1.0 (multi-platform Open Source) to be released soon with full python source code provided via sourceforge and google code (once I’m happy with the functionality)
————————————————————————————————————————-
FIXED PHP ERROR
SHA256: | 3be7006f1fcb4dbd19d13ab571b58deb5e4b968ded3fb85d5502f8cdc02f4c77 |
SHA1: | f392485b49adf6959aebb9c81b99cfce084a307d |
MD5: | a85b6fa3fb13f3119e89631a3ecdd662 |
File size: | 4.0 MB ( 4190359 bytes ) |
File name: | SauceWalk-0.2b.zip |
File type: | ZIP |
0.2b – Virus Total Report
————————————————————————————————————————-
SHA256: | 8c3d2a277f47d37a07ff1e1690d8cd1bf826b81d90a93853ada4bc941193dc78 |
SHA1: | 7d20223cf2e829fafd08f773cab8f18156d3162b |
MD5: | d91f9f63a894ac8a5740538f9b779bdd |
File size: | 4.0 MB ( 4190315 bytes ) |
File name: | SauceWalk-0.2a.zip |
File type: | ZIP |
0.2a – Virus Total Report
————————————————————————————————————————-
Also Available here: https://sourceforge.net/projects/saucewalk/
Nice nuff said
Thank you, it was a very quick project that I built for a pentest.