Configure Website Discoverer

Taipan is able to identify hidden web pages or web resources that are not directly navigable from the web site. These resources can be test page, management console or secret administration utilities. An attacker that identifies these resources can obtain a considerable advantage in the task of compromising the web site or gaining access to sensitive information.

The video below shows how to run a resource discovery scan.

Adding a new Dictionary

Taipan scans the web site for known patterns according to a given dictionary. It is possible to add a custom dictionary by adding it to the folder:

Data/Dictionaries/

To add a new dictionary is necessary to specify two files: a file describing the dictionary and the dictionary file content. The file describing the dictionary is an .XML file. An example of content is shown below:

<?xml version="1.0" encoding="UTF-8"?>

<Dictionary>
	<Id>8C2248F7-5D56-493F-B0BC-366904327B91</Id>
	<Name>Dictionary from Dirsearch project</Name>
	<Path>dicc.txt</Path>
</Dictionary>
The meaning of the fields is:

  • Id: A Guid representing the ID of the dictionary.
  • Name: The name of the dictionary. It can be used to provide a short description of what the dictionary contains.
  • Path: A relative path to the dictionary file.
The dictionary file content has on each line the name of the item that will be tested against the web application. If the line starts with a #, the line is considered a comment. Each dictionary item can specify a placeholder named %EXT%. The placeholder will be replaced at runtime with the programming language extension identified by Taipan. An example of dictionary file content is shown below:

# List of files to identify
admin
admin/index.%EXT%
phpMyAdmin/



By clicking "Continue" or continuing to use our site, you acknowledge that you accept our Privacy Policy. We also use cookies to provide you with the best possible experience on our website. Feel free to check out our policies anytime for more information. Continue