Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Google Hacking

    Încărcat de

    geekest1
    2K vizualizări11 pagini
    Google Hacking is the use of a search engine, such as google, to locate a security vulnerability on the Internet. In this little tut i'll show you the basic of Google Hacking and some good tools you can use. I would recommend you to read the book "Google hacking for Penetration Testers" by Johnny long.

    Descriere originală:

    Drepturi de autor

    © Attribution Non-Commercial (BY-NC)

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    Google Hacking is the use of a search engine, such as google, to locate a security vulnerability on the Internet. In this little tut i'll show you the basic of Google Hacking and some good tools you can use. I would recommend you to read the book "Google hacking for Penetration Testers" by Johnny long.

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    2K vizualizări11 pagini

    Google Hacking

    Încărcat de

    geekest1
    Google Hacking is the use of a search engine, such as google, to locate a security vulnerability on the Internet. In this little tut i'll show you the basic of Google Hacking and some good tools you can use. I would recommend you to read the book "Google hacking for Penetration Testers" by Johnny long.

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 11

    Google Hacking

    StigeX
    This is a tut for www.thevalidus.com only! In this tut Ill show you the basic of Google hacking!

    www.thevalidus.com

    6/10/2010

    Google Hacking

    So what is Google Hacking? Google hacking is the use of a search engine, such as Google, to locate a security vulnerability on the Internet.

    In this little tut Ill show you the basic of google hacking and some good tools you can use. I would recommend you to read the book Google Hacking for Penetration Testers by Johnny Long. You can download the ebook here: http://www.ziddu.com/download/6368031/Google_Hacking.rar.html

    Google hacking is pretty much based on GHDB (Google Hacking Database) by Johnny Long, you can find GHDB here: http://www.hackersforcharity.org/ghdb/

    1|Page

    Google Hacking

    SEAT (Search Engine Assessment Tool)


    SEAT is an information digging application geared toward the needs of security professionals. SEAT uses information stored in search engine databases, cache repositories, and other public resources to scan web sites for potential vulnerabilities. What you need: BackTrack 4 VMware workstation GHDB (.xml)

    Before you start using this app, make sure that you have a network connection, if you dont go to terminal and type sudo start-network In BackTrack go to > K Menu > Backtrack > Information Gathering > Searchengine > SEAT 1. (2) Open GHDB.xml

    2|Page

    Google Hacking

    3. Hook the queries you would like to use 4. Type in the site/domain you would like to target

    5. Hook the Search Engines you would like to use (usually all of them) 6. Execute the search 7. View the analysis when the search is finished

    3|Page

    Google Hacking

    Sitedigger
    Download: http://www.foundstone.com/us/resources/proddesc/sitedigger.htm

    SiteDigger searches Googles cache to look for vulnerabilities, errors, configuration issues, proprietary information, and interesting security nuggets on web sites. Sitedigger is a very easy to use program, all you need to do is to select what you would like to search for (usually everything) and then type the site/domain you want to search.

    4|Page

    Google Hacking

    Gooscan
    Gooscan is a tool that automates queries against Google search appliances, but with a twist. These particular queries are designed to find potential vulnerabilities on web pages. Think cgi scanner that never communicates directly with the target web server, since all queries are answered by a Google appliance, not by the target itself. What you need: BackTrack 4 VMware workstation

    Before you start using this app, make sure that you have a network connection, if you dont go to terminal and type sudo start-network In BackTrack go to > K Menu > Backtrack > Information Gathering > Searchengine > Gooscan

    5|Page

    Google Hacking

    Matagoofil
    Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,odp,ods) availables in the target/victim websites. It will generate a html page with the results of the metadata extracted, plus a list of potential usernames very useful for preparing a bruteforce attack on open services like ftp, pop3,web applications, vpn, etc. Also it will extract a list of disclosed PATHs in the metadata, with this information you can guess OS, network names, Shared resources, etc. This new version extracts MAC address from Microsoft Office documents. Now you can have an idea of what kind of hardware they are using. What you need: BackTrack 4 VMware workstation

    Before you start using this app, make sure that you have a network connection, if you dont go to terminal and type sudo start-network In BackTrack go to > K Menu > Backtrack > Information Gathering > Searchengine > Metagoofil

    The tool should be easy to use. Use the options you need to find/get what you are looking for.

    6|Page

    Google Hacking

    Goolag
    Goolag, from CDC, expands on GHDB, and allows you to search for common risks exposed by Google indexing. Some basic examples would be searching for signs of known vulnerable scripts, searching for public PHP Info files, Apache information, etc. Download: http://www.plunder.com/Goolag-Scanner-download-a4df5720ba.htm This tool might pop up as a false positive!

    1. Type in the host you want to target 2. Select the dorks you would like to use 3. Hit scan and sit back and relax while it does the job..

    7|Page

    Google Hacking

    Wikto and SPUD


    Wikto is a Web Server Assessment Tool. It works by trying to find interesting directories and files on the web site, it looks for sample scripts that can be abused or finds known vulnerabilities in the web server implementation itself. Its written for the MS .NET environment so, you need to install the .NET framework for Wikto. A while back, Google encouraged developers to make use of their API. Many people built applications around the API, but alas, Google stopped issuing API keys for their API in 2006. This rendered that large parts of functionality for many tools fell away. SensePost Unified Data API (SPUD) will help get those tools working again. SPUD also integrates seamlessly with BiDiBLAH and Wikto. Download SPUD: http://www.sensepost.com/labs/tools/pentest/spud Wikto: http://www.sensepost.com/labs/tools/pentest/wikto

    1. Start SPUD 2. Start Wikto 3. When Wikto has started you should see a Wikto Scan Wizard. Click next

    8|Page

    Google Hacking
    4. Type in the site you want to target, is it HTTP or HTTPS?, Is the host Internet-facing yes, click next

    5. Do you want to use a proxy? If so enter the proxy servers IP and port. Click Start SPUD, to make sure that its running. Do you want to make use of our scanning AI to reduce false positives? yes. Click next

    6. Next 7. Next 8. Now you see that you have a lot of tabs to choose from: - Spider; search through the site to find URLs - Googler; Search for different types of files on the site - GackEnd; Find interesting files and directories on the web server. - Wikto; Using the Nikto database to check for flaws in the webserver. - GoogleHacks; Uses GHDB to find vulnerabilities on the site. - SystemConfig - Scan Wizard

    9|Page

    Google Hacking
    9. Go to the GoogleHack tab, click Load Google Hack Database and then Start

    GHH
    http://ghh.sourceforge.net/

    10 | P a g e

    S-ar putea să vă placă și