RE: [Full-disclosure] Massive Enumeration Toolset

From: Josh perrymon (perrymonj_at_networkarmor.com)
Date: 08/30/05

  • Next message: CrittendenIV: "RE: [Full-disclosure] Massive Enumeration Toolset"
    Date: Tue, 30 Aug 2005 12:29:46 -0500
    To: "CrittendenIV" <crittendeniv@gmail.com>, "Petko Petkov" <ppetkov@gnucitizen.org>, <pen-test@securityfocus.com>, <full-disclosure@lists.grok.org.uk>
    
    

    I had the same issue. There is a windows installer but the directions I
    think where based on *nix referencing /usr/bin.

    TO me it sounds like script based utilities due to all the arguments
    passed but I had no luck locating it yet.. but I haven't had time to
    look.
    '

    JP

    -----Original Message-----
    From: CrittendenIV [mailto:crittendeniv@gmail.com]
    Sent: Tuesday, August 30, 2005 1:07 PM
    To: 'Petko Petkov'; Josh perrymon; pen-test@securityfocus.com;
    full-disclosure@lists.grok.org.uk
    Subject: RE: [Full-disclosure] Massive Enumeration Toolset

    Very cool. However, I am having issues getting it to run on Windows. I
    have
    python installed. Is there a quickstart?

    Thanks
    CrittendenIV

    -----Original Message-----
    From: full-disclosure-bounces@lists.grok.org.uk
    [mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of Petko
    Petkov
    Sent: Tuesday, August 30, 2005 8:24 AM
    To: Josh perrymon; pen-test@securityfocus.com;
    full-disclosure@lists.grok.org.uk
    Subject: Re: [Full-disclosure] Massive Enumeration Toolset

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
     
    Massive Enumeration Toolset is a collection of python based scripts.
    However, you can use it
    as a library if you want to code your own tools. I hope it is easy to
    use.

    The main Google tool is called google. After installation this tool
    should be in /usr/bin/ ...
    You can use the tool in many different ways:

    * Download all VPN configuration files from the net and hack into them
    google web --tool=mobile -r100 -d5 -l:10 'main filetype:pcf'
    - --exec='wget -x %(URL)'

    * Test via GHDB
    google ghdb --database=ghdb.xml --tool=mobile
    - --filter='querystring.find("asp")>=0' 'site:microsoft.com'

    * Download cache via Google API
    google cache http://www.microsoft.com --key=your_key
    google cahce http://www.microsoft.com --ouput=index.html --key=you_key

    * Download cache via Google Mobile (you don't need license key)
    google cache http://www.micorosft.com --tool=mobile

    * Get Google Sets
    google sets microsoft linux

    * Get Google Spell
    google spell 'icorosft indows'

    * Google Images (similar to WEB) - get all images from microsoft.com
    sleeping every one second, getting 100 results per query, running on 6
    levels (0 - 5)
    google images --tool=mobile 'site:microsoft.com' -d1 -r100 -l:5

    * Google Web
    google web --key=your_key 'pentesting'

    * Google Web - get snips
    google web --tool=mobile 'pentesting' -S -T -U -s

    * Google Web - download pages
    google web --tool=mobile 'site:microsoft.com' --exec='wget -x %(URL)'

    There are many more options that I cannot discuss here. I should write
    a tutorial. :)

    Josh perrymon wrote:

    > I think this is of great use to pen-testers. How do you use the
    > software? If is a separate pgm or script based?
    >
    > JP
    >
    > -----Original Message----- From:
    > full-disclosure-bounces@lists.grok.org.uk
    > [mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of
    > Petko Petkov Sent: Tuesday, August 30, 2005 9:34 AM To:
    > pen-test@securityfocus.com; full-disclosure@lists.grok.org.uk
    > Subject: [Full-disclosure] Massive Enumeration Toolset
    >

    > Hello everybody,
    >
    > I've been playing around with Google and Googles' API in the last
    > two months. I found out that Google is extremely powerful when it
    > comes to passive enumeration. This is the reason why I put myself
    > into coding a small tool, or library if you like, that can perform
    > various information-gathering techniques. So far, I have
    > implemented Google. I have other interesting ideas that I will put
    > into code latter.
    >
    >
    > The tool can be downloaded from:
    > http://www.gnucitizen.org/met/download/
    >
    >
    > You need python in order to execute it. I want to make it clear
    > that this is POC. Do not use it for hacking, and pleas read
    > Google's Terms of Service first from the following address:
    > http://www.google.co.uk/intl/en/terms_of_service.html
    >
    > On the other hand I am very interesting to know how do you find the
    > tool. I am open to any suggestions and contributions as long as
    > they match my initial idea.
    >
    > Thanks and have fun.
    >
    >
    >
    >
    >

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.1 (MingW32)
     
    iD8DBQFDFHn7Ff/6vxAyUpgRApc8AJ9tvyKEOE3+CQvKo9Gg00CxS6vZuACgpGbA
    OtYGMRBi/TelxpOp7tFm1w8=
    =GqxR
    -----END PGP SIGNATURE-----

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/


  • Next message: CrittendenIV: "RE: [Full-disclosure] Massive Enumeration Toolset"

    Relevant Pages

    • Re: Fragen an MacSOUP-Kenner
      ... > aktuelleren Artikeln klappt). ... Default-Browser einen Suchbefehl mit der MID für Google Groups. ... | No responsibility is taken for any damage caused by this script. ... | 0.2 First Try was by far too complicated, ...
      (de.comp.sys.mac.internet)
    • Re: seo uk
      ... On every generated page there was a link to chembuddy and to the main script page. ... Knowing Google behaviors I have never expected the script to be deeply indexed, however, I was interested what will happen to the PR of the main script page. ... http://www.chembuddy.com - chemical calculators for labs and education ...
      (alt.internet.search-engines)
    • Re: crontab last day shell script
      ... Why in the name of Socrates' stained toga do search engines not ... was a rather simple script for executing some task (the ... I am really feeling google groups' usability is ... half the posts are "collapsed" and I have to go through and expand them. ...
      (comp.unix.shell)
    • Re: From one queue to another!!!!! What an American nightmare!!!
      ... such advertisement at the moment are google and msn. ... To attract revenue ... that this guys script assigns titles like Junior Member to our aliases ... cheats like these employ to scam money out of google and msn, ...
      (misc.immigration.usa)
    • Re: Fox 5 Closed Captions never show "never"
      ... differes from the closed captions, so I have to assume these are built ... So if it comes from a script, ... google, google, google. ... The BBC does in fact have an automated voice ...
      (rec.arts.tv)