@RSnake ’s RFI List in Burp Suite
来源:互联网 发布:sql中case的用法 编辑:程序博客网 时间:2024/05/21 14:06
First of all, get Robert @RSnake Hansen’s RFI list here:
http://ha.ckers.org/blog/20100129/large-list-of-rfis-1000/
it’s a great list, but as soon as I saw it, I was like.. hmm.. how can I use that? Well, being that I am a Burp fan, I parsed the .dat with the following line:
cat rfi-locations.dat | grep -v "^#" | awk -F '?' '{print $1}' | sort -u > rsnake_list.txt
This pulls his list down to 906 entries which you can load in to Burp and hammer away with Intruder. If it pops any of them, not only have you better identified what is running on the site, but you might have just found RFI.
But I wanted to take this a step further:
The OSVDB archive allows you to download their entire database of vulnerabilities (after signing up for an account). I downloaded the CSV version so that I could parse it similar to how I did RSnakes. However, it definitely wasn’t that easy.
I downloaded osvd-csv.latest.tar.gz, extracted it and ran the following:
cat * | grep -i "remote file inclusion" | grep -v "/,0$" | awk -F "," '{print $13}' | sed ‘s/^/”//’ | set ‘s//”$//’ | sort –u > osvdb_rfi.txt
Which got me close. About 3 hours of manual editing after that and I had another list of ~1750 possible remote file inclusions. Is this a full proof way of getting every possibility from the database? Definitely not, but it’s close, and I’d love to see some one modify and tweak my bash line to get it even closer. (Or find a completely different way)
- @RSnake ’s RFI List in Burp Suite
- Burp Suite
- burp suite
- Burp Suite
- Joomla's RFI Summary
- burp Suite help
- Burp Suite Walkthrough
- Burp Suite使用详解
- RedHat 安装Burp Suite
- Burp Suite使用详解
- Burp Suite经验总结
- burp suite 使用
- Burp Suite使用详解
- Burp Suite使用介绍
- Burp Suite v1.6.20
- Burp Suite使用介绍
- Burp suite与fuzzdb
- 强大的Burp Suite
- Directory traversal as a reconnaissance tool
- NoSQL数据库探讨一
- [转载]Java学习总结(Java源文件、JavaDoc文档)
- 【转】理解ASP.NET中的三层中的DAL、BLL和USL
- http://technet.microsoft.com/zh-cn/cc731957(WS.10).aspx
- @RSnake ’s RFI List in Burp Suite
- 图解MyEclipse配置struts+hibernate+spring+FreeMarker
- 上传
- 心情
- vs2005 无法导入32位图标 之他法
- 系统测试
- MobileMarket开发日记
- 键盘上每个键作用!!! (史上最全的)
- LOD 0X04