[TOOL] GoogleSweep - Google Information Gathering Tool

From: SecuriTeam (support_at_securiteam.com)
Date: 04/21/05

  • Next message: SecuriTeam: "[NEWS] Multiple SQL Injection Vulnerabilities in DBMS_CDC_SUBSCRIBE and DBMS_CDC_ISUBSCRIBE Packages" 
    To: list@securiteam.com
Date: 21 Apr 2005 16:25:43 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      GoogleSweep - Google Information Gathering Tool
    ------------------------------------------------------------------------

    SUMMARY

    DETAILS

    GoogleSweep is a pen-test tool for information-gathering that uses Google
    to find information on IP addresses and hostnames on a target network. The
    original purpose of GoogleSweep was to perform host-discovery in a
    stealthy manner by finding publicly accessible web logs, however, in some
    situations it can give clues about browsing habits, user and service
    enumeration, password policy, and much more.

    Features:
    GoogleSweep differs from other "Google Hacking" tools in that it is not
    intended as a vulnerability sweep, looking for known-vulnerable scripts
    and applications with "inurl:"-style queries. This tool performs simpler
    queries of IP addresses and host names on a subnet and displays the
    results in a way that a penetration tester or systems administrator can
    quickly see at a glance how much information about the target network is
    publicly accessible. While the hosts are displayed with graphs showing
    relative popularity on Google, the actual search results are the sort of
    thing that need to be parsed by a person. Preferably one with a brain.
    Some things you might find in the results are:

     * Hits to web sites - For whatever reason, a lot of web sites like to (or
    don't realize that they are doing it) publish statistics about their
    traffic, even so detailed as to include the IP addresses of visitors.

     * Mailing list posts - From list archives, often with full headers.
    Users, workstation IP addresses, mail servers, etc.

     * Guestbook entries, Forum posts, other Misc. web stuff

     * Site-specific documentation - Instructions for employees on how to log
    on, default passwords, password policy, etc.

    Then again, you might not. It might miss your most important server, or
    find some old information that's not relevant anymore. That's up to you to
    sort out. Some other nice things about GoogleSweep:

     * Stealth - GoogleSweep is a good tool to run across a subnet first to
    discover active hosts and other information without interacting with the
    target network.

     * Report Generation - Generates HTML reports with a graph showing
    relative popularity and links to the query results. Also generates comma
    delimited output for use in your own scripts, spreadsheets, or databases.
      * <http://cse.msstate.edu/~rwm8/googlesweep/sample.html> Sample HTML
    output
      * <http://cse.msstate.edu/~rwm8/googlesweep/sample.txt> Sample comma
    delimited output

     * "Burst" mode - The Google API limits you to 1000 queries a day, which
    may not be sufficient for scanning large networks (or perhaps you want to
    save some queries for another program). This lets you do a specified
    number of queries, and then sleep until the next day and continue.

    Requirements:
    GoogleSweep has been tested on Python 2.4.1 with pygoogle 0.6 (along with
    the few things it depends on).

    You will also need a Google API license, which you can learn more about
    here. They're free.

    Once you get a hold of a Google API license, you'll want to put the key
    somewhere that pygoogle can find it. The easiest is to just have it in
    ".googlekey" in your home directory, but other options are listed in
    pygoogle documentation.

    GoogleSweep will chew through hundreds of your API queries, of which you
    are only alloted 1,000 a day, so keep that in mind.

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:wesleymcgrew@gmail.com>
    Robert Wesley McGrew.
    To keep updated with the tool visit the project's homepage at:
    <http://cse.msstate.edu/~rwm8/googlesweep/>
    http://cse.msstate.edu/~rwm8/googlesweep/

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[NEWS] Multiple SQL Injection Vulnerabilities in DBMS_CDC_SUBSCRIBE and DBMS_CDC_ISUBSCRIBE Packages"