Gooscan
Jump to navigation
Jump to search
Description
Gooscan is a tool developed by Johny Long. It automates queries against Google search appliances with the goal to identify vulnerabilities on web sites.
Installation
$ cd /data/src/ $ wget http://dl.dropbox.com/u/10761700/gooscan.tar.bz2 $ bzip2 -cd gooscan.tar.bz2 | tar xf - $ mkdir -p /pentest/enumeration/google/ $ mv /data/src/gooscan/ /pentest/enumeration/google/
You can eventually recompile gooscan:
$ gcc -Wall -o gooscan gooscan.c
Usage
Basic syntax
$ ./gooscan <-q query | -i query_file> <-t target>
[-o output_file] [-p proxy:port] [-v] [-d]
[-s site] [-x xtra_appliance_fields]
Options
- query
- is a standard google query (EX: "intitle:index.of")
- (query_file)
- is a list of google queries (see README)
- (target)
- is the Google appliance/server
- (output_file)
- is where the HTML-formatted list of results goes
- (proxy:port)
- address:port of a valid HTTP proxy for bouncing
- (site)
- restricts search to one domain, like microsoft.com
- (xtra_appliance_fields)
- are required for appliance scans
- -v
- turns on verbose mode
- -d
- hex-encodes all non-alpha characters
Examples
Friendly example
$ ./gooscan -t google.fda.gov \ -q food \ -x "&client=FDA&site=FDA&output=xml_no_dtd&oe=&lr=&proxystylesheet=FDA"
Google terms-of-service violations
$ ./gooscan -t www.google.com -q "linux" $ ./gooscan -t www.google.com -q "linux" -s microsoft.com $ ./gooscan -t www.google.com -f gdork.gs