Database of Google Hacks and a tool for manipulating it.
Database is separated to files by categories. You could use DB alone, or
use the tool to analyse your own site by adding site search option
to all queries.
This tool will take source file (file with a list of queries) and generate
website-specific queries (-s option) by adding site:sitename.com to each
query.
run as
./googleDB-tool.py
Options are:
-o output.txt save output to file
-s sitename.com generate queries for this site only
Example:
./googleDB-tool.py "login_pages.txt" -o file.html -s site.com
will generate list of queries for finding login pages
on site.com and save report to "file.html"
History:
# ## 1.0 initial release
Google Hack DB Tool is a database tool with almost 8,000 entries. It allows administrators the ability to check their site for vulnerabilities based on data stored in Google. With Google Hack Database tool you can find out if your website has indexed vulnerabilities in Google.
This can lead to sensitive information disclosure. This way you can find out what Google knows about you. 7974 entries, including 4203 for SQL Injection!
So be sure to scan your public facing web applications frequently and eliminate all vulnerabilities!
Features of the Google Hack DB tool:
- Find information disclosure.
- Find sensitive files.
- Find sensitive directories.
- Find vulnerable software.
- Find personal information.
Download Google Penetration Testing Hack Database Tool v1.0 (google-hack-db-tool-1.0.zip) here
2 comments:
can you give an example of the input file in the distro? this would be good for understanding the format
I did not see an entry for JBoss's jmx-console. if that is found using the google hack "allinurl:jmx-console".
There is a good chance the interface is open and use of the remote deployment tool is available.
Post a Comment