On Tuesday 17 July 2007 15:05:44 Steve Greenland wrote: > Nitpick: "multi-threaded".
The description is taken directly from upstream. I will pass on your comment. > Bigger pick: I *think* I understand what a "directory brute forcing" > is from the context, but there's got to be a more explicit way of > describing this package. In particular, think about what someone who > wants this package might search for. There are lists, but they are licenced under a CC (:() license. I will probably add scripts to pull them directly from sourceforge.net. > Does this package really have any non-cracker usefulness? If I'm the > sys admin, then it's a lot easier for me to 'ls -R' and look at the > configuration files to find what URLs might be in play. It's always questionable whether tools have non-cracker usefulness. I'm a penetration tester, so from my perspective yes. I guess the tool falls into the same bracket as nikto. Some legitimate use cases off the top of my head: * Cases where roles within an organisation are segregated - security teams do not always have root * Auditing embedded devices - the lists are generated from crawling the net, so are based on real file/directory names used by developers * Auditing dynamic applications where URLs don't necessarily map on to files * Auditing web server ACLs * Load testing - it can produce up to 6000 requests/second I'd also point out that this is an OWASP project. Tim -- Tim Brown <mailto:[EMAIL PROTECTED]> <http://www.nth-dimension.org.uk/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
