When working under time constraints towards a particular goal and there are multiple routes to get there, actions must be prioritized based on greatest potential success rate and highest "return on investment"
Ok, but what does this mean for pentesting?
When working on a project under time constraints, this is a very important topic because if the pentester wants to provide the best value to the customer that they can, given the specified time frame, they need to be able to quickly prioritize their actions and find the avenues of attack they want to spend their time on.
All that being said, when a tool, idea, or technique presents itself that will help save time, it has the potential to help pentesters do their job better by freeing up time that would have been spent doing one task (ie. manually crunching through web servers looking for say, exposed admin interfaces) and allow for more time to be spent on other areas.
Enter webscour.pl
With this awesome little perl script, nmap(and other) scan results can be piped into it, and it will spit out a web page with a screenshot of the potentially interesting web pages and header info about the HTTP connection. If the screenshot or headers look promising, all you have to do is click the link or the screenshot itself to visit the page all from the comfort of your favorite web browser. Here is my tweak to what these other guys have done with this already. I used grepable nmap output for my data source.
Dependencies: gnome-web-photo and gnmap.pl(if you want to view ports other than just 80)
cat netscan_nmap | ./gnmap.pl | grep -E 'http|https' | cut -d, -f1,2 | tr ',' ':' | ./webscour.pl sites.htm
All credit for this kung fu goes to the following sites:
http://blog.cyberis.co.uk/2011/04/finding-interesting-web-servers-on.html
http://www.pentesticles.com/2012/05/we-have-port-scans-what-now.html
http://pauldotcom.com/wiki/index.php/Episode291#Tech_Segment:_What.27s_That_Web_Server.3F
