nion's blog

We all tried to find a random directory on a webserver before in which we suspected interesting data without knowing if it exists (/tmp, /img, /data, /foo) and
index.html or whatever prevents them to be seen.
I had the idea that a tool which does this automatically would be cool and someone told me that this is a common technique called Forced Browsing.

However, I didn't find any tools which already implemented this.
The idea is simple, use a word list as brute force source and determine the presence of a directory by using the HEAD command implemented in HTTP.

I talked to AK and asked him if such a tool would interest him and he said yes so
we took a few days and wrote it.

The result is w3bfukk0r which implements it
for HTTP, HTTPS, does banner grabbing and is able to fake the user-agent string.

Download it on http://www.ngolde.de/download/w3bfukk0r-0.1.tar.gz

For nion.modprobe.de a scan would look as the following:

w3bfukk0r http://nion.modprobe.de
Starting w3bfukk0r 0.1
Scanning http://nion.modprobe.de/ with 76 words from words.txt

Found http://nion.modprobe.de/tmp/ (HTTP 200)
Found http://nion.modprobe.de/blog/ (HTTP 200)
Found http://nion.modprobe.de/img/ (HTTP 200)
Found http://nion.modprobe.de/setup/ (HTTP 200)

Found 4 directories.
Server runs: Apache/2.0.54 (Debian GNU/Linux) PHP/5.1.4-0.1~bpo2

Scan finished (5 seconds).

Ah we ship an example word list file.

AK found http://events.ccc.de/i/ using w3bfukk0r, someone from C3 has got a great humour