Open source script for mining useful data from anonymously accessible Lotus Domino web databases
Version: 0.70 AlphaDominoDig is a perl program designed to help facilitate auditing Lotus Domino web servers. Produces an HTML report that provides a list of all the unique .nsf databases it was able to access, as well as IP addresses and email addresses.
Operating System: Mac OS X
DominoDig was born out of the frustration encountered when using the Open Source Vulnerability Scanning Tool NESSUS. There is a NASL script that checks for the presence of various default Notes databases, and then helpfully informs you that one or more of them has been accessed.
But it's up to you to figure out which one(s). This tool could be used as part of an Open Source pen-test that can help one automate much of the auditing that might be involved in digging through these anonymously accessible default databases.
Instead of just checking for the presence of anonymously accessible default databases, DominoDig also parses the content of each page it retrieves, looking any mention of any other notes databases present on the system.