`Source2URL`


 
 








































Table of Contents

Code
Syntax
Next Steps

Source2URL is a simple tool (currently bash only) designed to aid the content discovery phase of a web application security assessment. It parses a given directory containing source code and creates a URL list for all discovered resources.
Once this is complete it then makes an HTTP request to each URL, through a configured proxy, so that visibility of that resource is attained and spidering can then ensue/continue. A text file containing all the URLs is left behind for use with other tools as desired.
Code
The code is available from my GitHub page.
Syntax
You invoke the command like so:

./Source2URL /some/code/path/ basedir proxyhost:proxyport domain.tld

Next Steps
Here are some next steps:

Improve the delimiter definition functionality so less manual editing of the script is needed.
Write a C# GUI that does the same thing.
Add the ability to exclude image files.
Integrate with BurpSuite.

Any ideas, thoughts, or recommendations would be appreciated.
::
 





































 
 


Comments





blog comments powered by Disqus


 

Top

A tcpdump Tutorial
Tech Hiring Lessons Learned
A lsof Introduction
A git Primer
A Security-focused HTTP Primer
Vulnerability Assessment vs. Penetration Test
WebAppSec Testing Resources
Infosec Interview Questions

Popular

What You Learned in School About Airplane Flight Was Probably Wrong
10 Things Everyone Should Know About the Middle East
The find Command 
The lsof Command
Security and Obscurity Revisited

Information Security / Technology

My Preferred Definition of Information Security
The Diffie-Hellman Protocol
Differences in SYN Packets
The Birthday Attack Explained
Mac vs. PC Security in One Sentence
A UNIX/Linux Permissions Refresher
Cross Site Scripting Explained
A tar Reference
A Security/Obscurity Experiment
Expect More Human-Based Infosec Attacks
CISSPs Do Need to be Technical
The Under-appreciated Danger of Password Reset Mechanisms
Encoding vs. Encryption
An lsof Tutorial
The Nmap/Dshield Trick
Using Splunk as a Syslog Server
Thinking Through Subnetting
Explaining Network Ports

Politics

Free Will and Determinism as the Core of Political Disagreement
Conservatives are Leave it to Beaver, Liberals are Star Trek
Socialism and Anarchy
On CFR/NWO Conspiracies
The Worst Mistake People Make in Political Arguments
How to Debate an Idiot

Philosophy & Religion

An Atheist Debate Reference
Meaning is an Illusion
The Best Response to "Atheists are arrogant".
The Only Class That Matters
Free Will: Absolute vs. Practical
A Simplified Argument Against Free Will
Happiness: Creation vs. Collection
Want: A Disease Based in Low Self-Esteem
How to See If Your Morality Comes from God
Outrageous Beliefs Are Not Equal to Claims They Are False
Was the Last Time Your Last?
How I Became an Atheist
A Letter to Religious Moderates
Philosophy, Science, and Religion: Three Ways of Learning About the World

Technology & Science

Building a Lifestream Interface
Thoughts on the Future of the IT Field
The Steam, Water, and Ice of Modern Communications
Social Media as a Personal API
Could You Prove Evolution?
How to Pronounce "Linux"
My Only Shot at Immortality
How to Pronounce "Ubuntu"
Does Acceleration Depend More on Horsepower or Torque?
The Craziest Thing You'll Ever Learn about Pi
How to Pronounce "OS X"
How to Pronounce "Rijndael"

Culture & Society

Lifecasting and Society
Please Submit Your Own Content to Social Media Sites
The Bimbo and the Caveman
Is it Wrong to Have Children?
The Quality Of a Society
Socialism and Anarchy

Miscellaneous

A Coffee Primer


 



RSS Feed


@danielmiessler on Twitter


Facebook Profile


Search with Google


Arguments

Evolution is True
Free Will: Two-lever Argument
more...

Projects

Content Extraction
Ideas
Vocabulary
An Atheist Debate Reference
Concepts
more...

Collections

Quotes
Jokes
Grammar
Movies

Twitter

I can't beat Belial because I can't even move. Major lag in a single player game is completely ridiculous. This is unprogress. #blizzardfail
Error 37 is the new fail whale, except after a 5-Hour Energy at midnight after waiting for four years...it's quite a bit more serious.
Every cliché has a silver lining: they're tells for laziness.
Go download Greyhound, by Swedish House Mafia and turn it up loud. It'll turn Monday into a Friday before a six day weekend.

What I'm Reading

The Quotable Hitchens
Game of Thrones: Book 2
How the Mind Works
Class: A Guide Through the American Status System
Web Application Hacker's Handbook, Second Edition
Arguably (Christopher Hitchens)
Lord of the Flies
Lying (Sam Harris)

Favorite Books and Essays

The Ethics of Belief, William Clifford
The America the Banana Republic
Why The Future Doesn't Need Us, Bill Joy
What I Believe, Bertrand Russell
The Moral Landscape, Sam Harris
God is Not Great, Christopher Hitchens
1984, George Orwell

Top Blog Categories

Politics
Technology
Information Security
Philosophy
Humor
Religion
Programming
System Administration
Education
Culture
Atheism
Music
Writing
Geek
Health
Apple

Inputs

Overcoming Bias
The Last Psychiatrist
The Big Questions
Less Wrong
Arts & Letters Daily
Scott Adams
Gene Expression
AZSpot
NPR's Intelligence²
Philosophy, et cetera
Meteuphoric
Roissy in DC
Freakonomics Blog
Will Wilkinson
The Rational Optimist
Cosmic Variance
Practical Ethics
Barking Up the Wrong Tree


Reddit*
Hacker News
Arts & Letters Daily


 
  


Daniel Miessler | 1999-2012 | Share Alike
Powered by Linode