
Locating Vulnerable Targets
Attackers can locate potential targets by focusing on strings presented in
a vulnerable application’s demonstration installation provided by the
software vendor.
Attackers can also download and optionally install a vulnerable product
to locate specific strings the application displays.
Regardless of how a string is obtained, it can easily be converted into a
Google query, drastically narrowing the time a defender has to secure a
site after a public vulnerability announcement.
Links to Sites
www.sensepost.com/research/wikto/ Wikto, an excellent Google
and Web scanner.
www.cirt.net/code/nikto.shtml Nikto, an excellent ...