Feed on Posts or Comments | Font Size: Decrease Font Size Increase Font Size 28 May 2024

Filed under: Penetration Testing, Security Tools
posted by D1m on 02 Feb 2007 09:05 am

googlegath.pl – Information Gathering Perl Script Using Google Search

Matteo Cantoni coded GoogleGath – a useful script for gathering information through Google searches. As Matteo states on his website, this script “could be useful for penetration testing, security scanning, script kiddies”.

To run googlegath.pl, three things are required: the perl interpreter, the Net::Google perl module and Google API. You can use it under Windows with Active Perl interpreter.

Example usages:

./googlegath.pl -a /backup/ -s gov -f txt -m 10
./googlegath.pl -a /cgi-bin/ -s com -k awstats -m 10 -d
./googlegath.pl -a /cgi-bin/ -s de -f pl -m 10 -d
./googlegath.pl -a /scripts/ -s edu -f cgi -m 10 -l logfile.html
./googlegath.pl -s edu -f cgi -m 20 -d
./googlegath.pl -t “VNC Desktop” -i 5800 -m 10 -d -l logfile.html
./googlegath.pl -i “main.php” -k “phpMyAdmin” -s com -m 10

Using googlegath.pl to search for VNC (Virtual Network Computing) desktops running on port 5800:

$ ./googlegath.pl -t “VNC Desktop” -i 5800 -m 10 -d -l logfile.html

[+] inurl:5800 intitle:”VNC Desktop”
http://robot.mc3.edu:5800/ robot.mc3.edu
http://moment.myftp.org:5800/ moment.myftp.org

[+] log file logfile.html created.

In the wrong hands, information gathering – such as the above examples – can be used for malicious purposes. Therefore, the way that googlegath.pl will be used, depends on the individual’s legal and ethical attitudes.



Trackback This Post | Subscribe to the comments through RSS Feed

Leave a Comment