Jon, On Thu, Jun 11, 2009 at 2:21 PM, jrose<jr...@owasp.org> wrote: > Has anyone written a plugin to bruteforce directories or file names > similar to Dirbuster by OWASP?
I haven't, and I don't know of anyone that has... but there have been people interested in doing it. I think that the reason that they haven't done it is that at some point I thought that the license for the directory listings in OWASP Dirbuster [0] was incompatible with GPL v2.0 [1]. After some careful reading of [0], I think that they are compatible ([1] doesn't specify, not as far as I can tell). So... if you want to develop a directory bruteforcer using the lists provided by DirBuster, please go ahead and do it. In the default release of w3af we'll include Dirbuster's lists, with the original name, and with a big thanks to the original author; and references to the original license, so any license savvy can help us in the future is he finds that this is legally wrong. In my opinion, the lists that should be included are: - directory-list-2.3-small.txt - directory-list-2.3-medium.txt The big list can be downloaded by the users if they needed it. The lowercase versions can be "calculated" from the original versions. I don't want to make the default download of w3af 15mb bigger (which is the size of DirBuster's lists). What do you think? [0] http://creativecommons.org/licenses/by-sa/3.0/ [1] http://www.gnu.org/philosophy/license-list.html > - Jon > > ------------------------------------------------------------------------------ > Crystal Reports - New Free Runtime and 30 Day Trial > Check out the new simplified licensing option that enables unlimited > royalty-free distribution of the report engine for externally facing > server and web deployment. > http://p.sf.net/sfu/businessobjects > _______________________________________________ > W3af-develop mailing list > W3af-develop@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-develop > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
