Jon, On Thu, Jun 11, 2009 at 4:56 PM, jrose<jr...@owasp.org> wrote: > Hey Andres, > I was thinking just a small or medium sized list, using an external file.
Yes, I meant that also, the directory list should be an external txt file. It shouldn't be a python list inside the code. By convention, if the plugin is called "directory_bruteforce", and it's a discovery plugin, the files that are related to it should go in: plugins/discovery/directory_bruteforce/ > If a user wants to supply their own wordlist, such as the dirbuster list, > its up to them. This would keep the download size manageable with the > flexibility to use any list you want. Yes > I'll take a shot at writing this > plugin and email it out to the list when I'm done. Sure! Thanks! > Thanks, > Jon > On Jun 11, 2009, at 2:50 PM, Andres Riancho wrote: > > Jon, > > On Thu, Jun 11, 2009 at 2:21 PM, jrose<jr...@owasp.org> wrote: > > Has anyone written a plugin to bruteforce directories or file names > > similar to Dirbuster by OWASP? > > I haven't, and I don't know of anyone that has... but there have been > people interested in doing it. I think that the reason that they > haven't done it is that at some point I thought that the license for > the directory listings in OWASP Dirbuster [0] was incompatible with > GPL v2.0 [1]. > > After some careful reading of [0], I think that they are compatible > ([1] doesn't specify, not as far as I can tell). So... if you want to > develop a directory bruteforcer using the lists provided by DirBuster, > please go ahead and do it. > > In the default release of w3af we'll include Dirbuster's lists, with > the original name, and with a big thanks to the original author; and > references to the original license, so any license savvy can help us > in the future is he finds that this is legally wrong. > > In my opinion, the lists that should be included are: > - directory-list-2.3-small.txt > - directory-list-2.3-medium.txt > > The big list can be downloaded by the users if they needed it. The > lowercase versions can be "calculated" from the original versions. > > I don't want to make the default download of w3af 15mb bigger (which > is the size of DirBuster's lists). > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
