Tuesday, February 1, 2011

[Tool Update Announcement] inspathx - Path Disclosure Finder

For those who don't know inspathx, please visit:
http://inspathx.googlecode.com/

Check the update via
svn checkout http://inspathx.googlecode.com/svn/trunk/ inspathx

CHANGELOG
===========
covered remaining checks (empty array, null cookie) in
Full_Path_Disclosure
(http://www.owasp.org/index.php/Full_Path_Disclosure) of OWASP
Application Security Desk Reference (ASDR) Project

added support for generating path definition file and you can now use
-d with path-definition file to check in addition to cms directory
path
added support for reading gzip/deflate compressed response from server
added regexp support (use your own regexp rules to search in returned
responses in addition to built-in regexp error messages)
added null session cookie  support
       --null-cookie [will auto null session for all languages ]
added custom headers  support
       --headers "cookie: sid[]=1\r\nX-pingback:: "
added data (GET/POST)  support
       --data (var=1&var=2)
added method (get by default)  support
       --method post
added follow redirect support
       --follow-redirect
added cold fusion language support; when feeded by large inputs, cold
fusion apps tend to reveal source code disclosure if without boundary
checks when used as IIS ISAPI extensions
added --rm option to remove directory used to generate path list
[suggestion by Brendan Coles]
cleaned *-vuln-path.txt file content to make it ready for path definition file
added support for [] , querystring in path definition file [suggestion
by Brendan Coles]
Added supported for username and web root path extraction for both
*nux and windows [suggestion by Brendan Coles]
added detection support for html_errors being set as off in php.ini
[suggestion by Sebastien Damaye]
THANKS
=======

Ryan Dewhurst (http://www.ethicalhack3r.co.uk) for his suggestion to
cover all checks (empty array, null cookie) of
http://www.owasp.org/index.php/Full_Path_Disclosure
 --data, --param-array, -n/--null-session options.

Brendan Coles (http://itsecuritysolutions.org/, http://whatweb.net/)
for his suggestion that known web application paths should be bundled
for convenience and time saving. I've done files with dozens of
open-source web app known paths under 'paths' directory. You can do it
for your desired CMS/application by -d and -g options. See EXAMPLES
for more details. Submit latest path files to inspathx at yehg.net.

Sebastien.damaye for his write-up about inspathx tutorial ,
http://www.aldeid.com/index.php/Inspathx

And finally to developers community, their common coding practice,
their belief on path disclosure as server side issue
that make this tool meaningful and usable for current plus future web apps
100+ Web Apps with Full Path Disclosure using inspathx
===========================================
https://code.google.com/p/inspathx/source/browse/#svn%2Ftrunk%2Fpaths_vuln

* Send bugs/suggestions to inspathx at yehg.net

---------------------------------
Best regards,
YGN Ethical Hacker Group
Yangon, Myanmar
http://yehg.net
Our Lab | http://yehg.net/lab
Our Directory | http://yehg.net/hwd