Saturday, March 19, 2011

gooscan

Another a Google search tool. If we write good enough query, we can discover many vulnerabilities. We must specify where we are searching (URL) and the query itself. We have a couple of other options, such as domain, proxies, output files, etc..


The program comes with a little extra, there are pre-built queries, stored in a files, which can be found in the directory below (.gs files):

/pentest/enumeration/google/gooscan/data_files

If we want to use them, you can do that with the "-i" option (in their example, it is mistakenly written with -f). Of course, we can write our own. We need to pay attention to that all our queries within the file will run, which can take a while.

In the author web-site we can find lot of additional queries, which we can try, either with this program, either directly on Google.

http://johnny.ihackstuff.com/ghdb/

No comments: