Wednesday, 11 April 2012

<MEGAPRIMER 1.0.0><GOOSCAN>ENUMERATION>INFORMATION GATHERING

Tool Gooscan: 
Author j0hnny 
site http://johnny.ihackstuff.com
Source   root@bt:/pentest/enumeration/google/gooscan# cat README
What is Gooscan? 
Gooscan is a tool that automates queries against Google search appliances 
designed to find potential vulnerabilities on web pages.
Who is it written for? 
Security professionals: This tool serves as a front-end for an external web server assessment and aids in the "information gathering" phase of a vulnerability assessment.
Web server administrators: This tool helps to discover what the web community may already know about you thanks to Google.
{Gooscan options:}
[-t target]
Required argument: Google appliance to scan. An IP address or host name Caution: entering 'www.goole.com' here violates Google's terms of service.
[-o output_file]
Gooscan can create an html output file. The file includes links to the actual Google search results pages.
[-p proxy:port]
This is the address and port of an HTML proxy server.'10.1.1.150:80' or 'proxy.validcompany.com:8080'.
[-s site]
This filters only results from a certain site.
Example: site:microsoft.com linux,site:apple.com microsoft,site:linux.org microsoft
{search_type can be one of the following:}
intitle: find search_string in the title of the page.
Example:  intitle|error||
This will find the word "error" in the title of a page.
inurl: find search_string in the url of the page.
Example: inurl|admin|
This will find the word "admin" in the URL of a page.
filetype: find search_string as a filename
raw:This search_type allows the user to build custom queries.
Example: raw|filetype:xls email username password||
This example will find excel spreadsheets with email
username and password inside the document.
Output: Using the '-o' option, HTML output will be produced and a link to the Google results page.

ssvlabsdemo:
Example: raw|filetype:xls email username password||
This example will find excel spreadsheets with email
username and password inside the document.

ssvforensics:
Clientside:Before a pentestYou should, however, obtain advance express permission from the owner or maintainer of the Google appliance before searching it with gooscan for various legal and moral reasons.
Caution:From http://www.google.com/terms_of_service.html: "You may not send automated queries of any sort to Google's system without express permission in advance from Google."
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)