Matteo Cantoni coded GoogleGath – a useful script for gathering information through Google searches. As Matteo states on his website, this script “could be useful for penetration testing, security scanning, script kiddies”.

To run googlegath.pl, three things are required: the perl interpreter, the Net::Google perl module and Google API. You can use it under Windows with Active Perl interpreter.

Example usages:

./googlegath.pl -a /backup/ -s gov -f txt -m 10
./googlegath.pl -a /cgi-bin/ -s com -k awstats -m 10 -d
./googlegath.pl -a /cgi-bin/ -s de -f pl -m 10 -d
./googlegath.pl -a /scripts/ -s edu -f cgi -m 10 -l logfile.html
./googlegath.pl -s edu -f cgi -m 20 -d
./googlegath.pl -t “VNC Desktop” -i 5800 -m 10 -d -l logfile.html
./googlegath.pl -i “main.php” -k “phpMyAdmin” -s com -m 10

Using googlegath.pl to search for VNC (Virtual Network Computing) desktops running on port 5800:

$ ./googlegath.pl -t “VNC Desktop” -i 5800 -m 10 -d -l logfile.html

[+] inurl:5800 intitle:”VNC Desktop”
http://robot.mc3.edu:5800/ robot.mc3.edu 38.115.60.99
http://129.82.106.115:5800/ 129.82.106.115 129.82.106.115
http://66.97.228.100:5800/ 66.97.228.100 66.97.228.100
http://12.207.102.150:5800/ 12.207.102.150 12.207.102.150
http://12.207.107.126:5800/ 12.207.107.126 12.207.107.126
http://moment.myftp.org:5800/ moment.myftp.org 124.6.20.156
http://69.48.1.32:5800/ 69.48.1.32 69.48.1.32
http://134.241.2.76:5800/ 134.241.2.76 134.241.2.76
http://84.177.42.59:5800/ 84.177.42.59 84.177.42.59
http://203.185.224.34:5800/ 203.185.224.34 203.185.224.34

[+] log file logfile.html created.

In the wrong hands, information gathering – such as the above examples – can be used for malicious purposes. Therefore, the way that googlegath.pl will be used, depends on the individual’s legal and ethical attitudes.

googlegath.pl:

http://www.nothink.org/perl/googlegath/googlegath.txt
http://www.ddosed.com/uploads/information_gathering/googlegath.txt

Trackback This Post | Subscribe to the comments through RSS Feed