An attacker searches a targeted web site for web services that have not
						been publicized. Generally this involves mapping the published web site by
						spidering through all the published links and then attempt to access
						well-known debugging or logging services, or otherwise predictable services
						within the site tree. This attack can be especially dangerous since
						unpublished but available services may not have adequate security controls
						placed upon them given that an administrator may believe they are
						unreachable.