RE: [Full-disclosure] Massive Enumeration Toolset

From: Josh perrymon (perrymonj_at_networkarmor.com)
Date: 08/30/05

  • Next message: CrittendenIV: "RE: [Full-disclosure] Massive Enumeration Toolset"
    Date: Tue, 30 Aug 2005 12:29:46 -0500
    To: "CrittendenIV" <crittendeniv@gmail.com>, "Petko Petkov" <ppetkov@gnucitizen.org>, <pen-test@securityfocus.com>, <full-disclosure@lists.grok.org.uk>
    
    

    I had the same issue. There is a windows installer but the directions I
    think where based on *nix referencing /usr/bin.

    TO me it sounds like script based utilities due to all the arguments
    passed but I had no luck locating it yet.. but I haven't had time to
    look.
    '

    JP

    -----Original Message-----
    From: CrittendenIV [mailto:crittendeniv@gmail.com]
    Sent: Tuesday, August 30, 2005 1:07 PM
    To: 'Petko Petkov'; Josh perrymon; pen-test@securityfocus.com;
    full-disclosure@lists.grok.org.uk
    Subject: RE: [Full-disclosure] Massive Enumeration Toolset

    Very cool. However, I am having issues getting it to run on Windows. I
    have
    python installed. Is there a quickstart?

    Thanks
    CrittendenIV

    -----Original Message-----
    From: full-disclosure-bounces@lists.grok.org.uk
    [mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of Petko
    Petkov
    Sent: Tuesday, August 30, 2005 8:24 AM
    To: Josh perrymon; pen-test@securityfocus.com;
    full-disclosure@lists.grok.org.uk
    Subject: Re: [Full-disclosure] Massive Enumeration Toolset

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
     
    Massive Enumeration Toolset is a collection of python based scripts.
    However, you can use it
    as a library if you want to code your own tools. I hope it is easy to
    use.

    The main Google tool is called google. After installation this tool
    should be in /usr/bin/ ...
    You can use the tool in many different ways:

    * Download all VPN configuration files from the net and hack into them
    google web --tool=mobile -r100 -d5 -l:10 'main filetype:pcf'
    - --exec='wget -x %(URL)'

    * Test via GHDB
    google ghdb --database=ghdb.xml --tool=mobile
    - --filter='querystring.find("asp")>=0' 'site:microsoft.com'

    * Download cache via Google API
    google cache http://www.microsoft.com --key=your_key
    google cahce http://www.microsoft.com --ouput=index.html --key=you_key

    * Download cache via Google Mobile (you don't need license key)
    google cache http://www.micorosft.com --tool=mobile

    * Get Google Sets
    google sets microsoft linux

    * Get Google Spell
    google spell 'icorosft indows'

    * Google Images (similar to WEB) - get all images from microsoft.com
    sleeping every one second, getting 100 results per query, running on 6
    levels (0 - 5)
    google images --tool=mobile 'site:microsoft.com' -d1 -r100 -l:5

    * Google Web
    google web --key=your_key 'pentesting'

    * Google Web - get snips
    google web --tool=mobile 'pentesting' -S -T -U -s

    * Google Web - download pages
    google web --tool=mobile 'site:microsoft.com' --exec='wget -x %(URL)'

    There are many more options that I cannot discuss here. I should write
    a tutorial. :)

    Josh perrymon wrote:

    > I think this is of great use to pen-testers. How do you use the
    > software? If is a separate pgm or script based?
    >
    > JP
    >
    > -----Original Message----- From:
    > full-disclosure-bounces@lists.grok.org.uk
    > [mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of
    > Petko Petkov Sent: Tuesday, August 30, 2005 9:34 AM To:
    > pen-test@securityfocus.com; full-disclosure@lists.grok.org.uk
    > Subject: [Full-disclosure] Massive Enumeration Toolset
    >

    > Hello everybody,
    >
    > I've been playing around with Google and Googles' API in the last
    > two months. I found out that Google is extremely powerful when it
    > comes to passive enumeration. This is the reason why I put myself
    > into coding a small tool, or library if you like, that can perform
    > various information-gathering techniques. So far, I have
    > implemented Google. I have other interesting ideas that I will put
    > into code latter.
    >
    >
    > The tool can be downloaded from:
    > http://www.gnucitizen.org/met/download/
    >
    >
    > You need python in order to execute it. I want to make it clear
    > that this is POC. Do not use it for hacking, and pleas read
    > Google's Terms of Service first from the following address:
    > http://www.google.co.uk/intl/en/terms_of_service.html
    >
    > On the other hand I am very interesting to know how do you find the
    > tool. I am open to any suggestions and contributions as long as
    > they match my initial idea.
    >
    > Thanks and have fun.
    >
    >
    >
    >
    >

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.1 (MingW32)
     
    iD8DBQFDFHn7Ff/6vxAyUpgRApc8AJ9tvyKEOE3+CQvKo9Gg00CxS6vZuACgpGbA
    OtYGMRBi/TelxpOp7tFm1w8=
    =GqxR
    -----END PGP SIGNATURE-----

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/


  • Next message: CrittendenIV: "RE: [Full-disclosure] Massive Enumeration Toolset"