Taipan is able to identify hidden web pages or web resources that are not directly navigable from the web site.
These resources can be test page, management console or secret administration utilities. An attacker that identifies these resources can obtain a considerable
advantage in the task of compromising the web site or gaining access to sensitive information.
The video below shows how to run a resource discovery scan.
Adding a new DictionaryTaipan scans the web site for known patterns according to a given dictionary. It is possible to add a custom dictionary by adding it to the folder:
To add a new dictionary is necessary to specify two files: a file describing the dictionary and the dictionary file content. The file describing the dictionary is an .XML file. An example of content is shown below:
<?xml version="1.0" encoding="UTF-8"?> <Dictionary> <Id>8C2248F7-5D56-493F-B0BC-366904327B91</Id> <Name>Dictionary from Dirsearch project</Name> <Path>dicc.txt</Path> </Dictionary>The meaning of the fields is:
- Id: A Guid representing the ID of the dictionary.
- Name: The name of the dictionary. It can be used to provide a short description of what the dictionary contains.
- Path: A relative path to the dictionary file.
# List of files to identify admin admin/index.%EXT% phpMyAdmin/
- Create a new scan
- Scan configuration
- Run Taipan Scanner on Linux system
- Navigation configuration
- Discoverer configuration
- Configure an HTTP web proxy
- Configure HTTP authentication
- Configuring vulnerability scanner AddOn
- Stop/Pause/Restart/Debug the running scan
- Taipan telemetry system
Consultant and Pro Editions