Sleuth Script Archive
Welcome to the Script Archive...
A beta of Sleuth Script 1.03 is out in the members section. New functionality includes
new MDI interface, SSL support for the http client, support for global variables across
scripts and more.
- Back up file Brute forcer -
Works off of the Sleuth Spider log. Retrieves the Urls from the database, generates
a series of guesses for possible backup files names then brute forces away making
raw http request for each while logging all hits.
- Directory Brute Forcer -
Reads a series of possible directory names from a textfile, combines them with
a base url you specify and then makes raw http requests looking for hits. Useful for trying
to find hidden directories on the server. Includes a basic "personal directories"
- WebForms & BasicAuth Brute forcer -
2 sleuth scripts - one is an a form based brute forcer
that will use a dictionary style attack on a web form using
The second is a Basic Auth brute forcer using the SS http raw
request functionality. Example configuration files and setup
- Spider Log Url Dump - 11/30/03
Lets you dump all the Urls from a scan to a flat text file.
- Spider Import Url List - 11/30/03
Imports text file of URLs into Spider log
- World Writable Directory Scanner - 11/30/03
Imports a URL list from either a saved Sleuth Spider Log, or from a textfile.
Unique folder paths are then extracted and each directory tested to see if
it is world writable.