Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[TOOL] GoogleSweep - Google Information Gathering Tool

from [SecuriTeam] Network Security [Permanent Link]
Subject: [TOOL] GoogleSweep - Google Information Gathering Tool
Date: 21 Apr 2005 16:25:43 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  GoogleSweep - Google Information Gathering Tool
------------------------------------------------------------------------


SUMMARY



DETAILS

GoogleSweep is a pen-test tool for information-gathering that uses Google 
to find information on IP addresses and hostnames on a target network. The 
original purpose of GoogleSweep was to perform host-discovery in a 
stealthy manner by finding publicly accessible web logs, however, in some 
situations it can give clues about browsing habits, user and service 
enumeration, password policy, and much more.

Features:
GoogleSweep differs from other "Google Hacking" tools in that it is not 
intended as a vulnerability sweep, looking for known-vulnerable scripts 
and applications with "inurl:"-style queries. This tool performs simpler 
queries of IP addresses and host names on a subnet and displays the 
results in a way that a penetration tester or systems administrator can 
quickly see at a glance how much information about the target network is 
publicly accessible. While the hosts are displayed with graphs showing 
relative popularity on Google, the actual search results are the sort of 
thing that need to be parsed by a person. Preferably one with a brain. 
Some things you might find in the results are:

 * Hits to web sites - For whatever reason, a lot of web sites like to (or 
don't realize that they are doing it) publish statistics about their 
traffic, even so detailed as to include the IP addresses of visitors.

 * Mailing list posts - From list archives, often with full headers. 
Users, workstation IP addresses, mail servers, etc.

 * Guestbook entries, Forum posts, other Misc. web stuff

 * Site-specific documentation - Instructions for employees on how to log 
on, default passwords, password policy, etc.

Then again, you might not. It might miss your most important server, or 
find some old information that's not relevant anymore. That's up to you to 
sort out. Some other nice things about GoogleSweep:

 * Stealth - GoogleSweep is a good tool to run across a subnet first to 
discover active hosts and other information without interacting with the 
target network.

 * Report Generation - Generates HTML reports with a graph showing 
relative popularity and links to the query results. Also generates comma 
delimited output for use in your own scripts, spreadsheets, or databases.
  *  <http://cse.msstate.edu/~rwm8/googlesweep/sample.html> Sample HTML 
output
  *  <http://cse.msstate.edu/~rwm8/googlesweep/sample.txt> Sample comma 
delimited output

 * "Burst" mode - The Google API limits you to 1000 queries a day, which 
may not be sufficient for scanning large networks (or perhaps you want to 
save some queries for another program). This lets you do a specified 
number of queries, and then sleep until the next day and continue.

Requirements:
GoogleSweep has been tested on Python 2.4.1 with pygoogle 0.6 (along with 
the few things it depends on).

You will also need a Google API license, which you can learn more about 
here. They're free.

Once you get a hold of a Google API license, you'll want to put the key 
somewhere that pygoogle can find it. The easiest is to just have it in 
".googlekey" in your home directory, but other options are listed in 
pygoogle documentation.

GoogleSweep will chew through hundreds of your API queries, of which you 
are only alloted 1,000 a day, so keep that in mind.


ADDITIONAL INFORMATION

The information has been provided by  <mailto:wesleymcgrew@gmail.com> 
Robert Wesley McGrew.
To keep updated with the tool visit the project's homepage at:  
<http://cse.msstate.edu/~rwm8/googlesweep/> 
http://cse.msstate.edu/~rwm8/googlesweep/



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [TOOL] GoogleSweep - Google Information Gathering Tool, SecuriTeam <=
Previous by Date:  [NT] Internet Explorer wininet.dll URL Parsing Memory Corruption (Technical Details, MS05-020), SecuriTeam
Next by Date:  [NEWS] Multiple SQL Injection Vulnerabilities in DBMS_CDC_SUBSCRIBE and DBMS_CDC_ISUBSCRIBE Packages, SecuriTeam
Previous by Thread:  [NT] Internet Explorer wininet.dll URL Parsing Memory Corruption (Technical Details, MS05-020), SecuriTeam
Next by Thread:  [NEWS] Multiple SQL Injection Vulnerabilities in DBMS_CDC_SUBSCRIBE and DBMS_CDC_ISUBSCRIBE Packages, SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]