Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Chris Chromiak
SentryMetrics
March 27th, 2007
www.TASK.to
GOOGLE HACKING FOR PENETRATION TESTERS
www.TASK.to
GOOGLE HACKING FOR PENETRATION TESTERS
www.TASK.to
GOOGLE HACKING FOR PENETRATION TESTERS
Gooscan – Johnny Long’s free command line UNIX tool. It violates the
Google TOS. Gooscan automates queries designed to find potential
vulnerabilities on web pages against Google.
http://www.johnny.ihackstuff.com
SiteDigger – A Windows tool that searches Google’s cache to look for
vulnerabilities, errors, configuration issues and proprietary information on
websites. http://www.foundstone.com/resources/proddesc/sitedigger.htm
Wikto – Wikto is a Windows based web server assessment tool that uses
the Google hacking database (GHDB). This tool requires a Google
developer license. http://www.sensepost.com/research/wikto
Advanced Dork – AdvancedDork is a Firefox extension designed to
quickly search for specific text inside Google’s Advanced Operators.
https://addons.mozilla.org/firefox/2144
www.TASK.to
GOOGLE HACKING FOR PENETRATION TESTERS
The GHDB is the main repository for Google hacking tips and tricks
Go to the GHDB at http://johnny.ihackstuff.com/ghdb.php
Select the category you are interested in
Some very juicy information here such as sensitive directories, vulnerable
servers, files containing passwords, error messages (which give out way
too much information), web server detection and sensitive online
shopping information such as customer data and credit card numbers
Select the search criteria
Select the entry name to get more details
www.TASK.to
GOOGLE HACKING FOR PENETRATION TESTERS
www.TASK.to
GOOGLE HACKING FOR PENETRATION TESTERS
Information Disclosure
www.TASK.to
GOOGLE HACKING FOR PENETRATION TESTERS
www.TASK.to
GOOGLE HACKING FOR PENETRATION TESTERS
Social Engineering
www.TASK.to
GOOGLE HACKING FOR PENETRATION TESTERS
Work with Google for help in removing security breaches. They are easy
to work with and want to help! You can find contact info on their site.
www.TASK.to