Gooscan

From aldeid
Jump to: navigation, search

Description

Gooscan is a tool developed by Johny Long. It automates queries against Google search appliances with the goal to identify vulnerabilities on web sites.

Installation

$ cd /data/src/
$ wget http://dl.dropbox.com/u/10761700/gooscan.tar.bz2
$ bzip2 -cd gooscan.tar.bz2 | tar xf -
$ mkdir -p /pentest/enumeration/google/
$ mv /data/src/gooscan/ /pentest/enumeration/google/

You can eventually recompile gooscan:

$ gcc -Wall -o gooscan gooscan.c

Usage

Basic syntax

$ ./gooscan <-q query | -i query_file> <-t target>
       [-o output_file] [-p proxy:port] [-v] [-d]              
       [-s site] [-x xtra_appliance_fields]

Options

query
is a standard google query (EX: "intitle:index.of")
(query_file)
is a list of google queries (see README)
(target)
is the Google appliance/server
(output_file)
is where the HTML-formatted list of results goes
(proxy:port)
address:port of a valid HTTP proxy for bouncing
(site)
restricts search to one domain, like microsoft.com
(xtra_appliance_fields)
are required for appliance scans
-v
turns on verbose mode
-d
hex-encodes all non-alpha characters

Examples

Friendly example

$ ./gooscan -t google.fda.gov \
  -q food \ 
  -x "&client=FDA&site=FDA&output=xml_no_dtd&oe=&lr=&proxystylesheet=FDA"

Google terms-of-service violations

$ ./gooscan -t www.google.com -q "linux" 
$ ./gooscan -t www.google.com -q "linux" -s microsoft.com
$ ./gooscan -t www.google.com -f gdork.gs

Comments

blog comments powered by Disqus