You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When I use shortscan on the webroot, I sometimes get few results and the tool cannot find certain folders, unless you know the name.
For example, even though I have the folder "handlers" in my wordlist, shortscan does not find it.
If I point shortscan to site/handlers though, shortscan see the directory as vulnerable and finds files/folders.
I was wondering if it would be possible to add another flag so that shortscan goes through a wordlist of folders so that instead of me scripting it via bash, shortscan will try its magic with:
site/admin
site/js
site/docs
site/upload
site/...
You could have a short check to find vulnerable folders first and then do a complete check only on those folders that are vulnerable to reduce the amount of requests.
The text was updated successfully, but these errors were encountered:
Yup "handlers" won't have an 8.3 filename created by Windows (it's too short) so it won't get picked up by shortscan. I've just added support for multiple URLs in v0.8.0 so you can pass in several paths to try at once which would work here, but I'll have a think about how best to support loading multiple paths from a file.
How do you pass multiple URLs? What's the flag?
Also, you could use the list to check which folders return 403 (it has nothing to do with shortname I know) and the folders that return 403 can be scanned with shortscan. The list to be used could be default rainbow table.
Regarding the directory check, normal wordlist parsing skips anything that wouldn't produce a short filename so it'll need its own mechanism. For now though you can juts pass in multiple paths using the above mechanism.
When I use shortscan on the webroot, I sometimes get few results and the tool cannot find certain folders, unless you know the name.
For example, even though I have the folder "handlers" in my wordlist, shortscan does not find it.
If I point shortscan to site/handlers though, shortscan see the directory as vulnerable and finds files/folders.
I was wondering if it would be possible to add another flag so that shortscan goes through a wordlist of folders so that instead of me scripting it via bash, shortscan will try its magic with:
site/admin
site/js
site/docs
site/upload
site/...
You could have a short check to find vulnerable folders first and then do a complete check only on those folders that are vulnerable to reduce the amount of requests.
The text was updated successfully, but these errors were encountered: