| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue Aug 30 18:34:02 2005
From: y0himba at technolounge.org (y0himba)
Subject: Massive Enumeration Toolset
I was able to run it on WinXP, but every command passed to it returned
syntax errors, including the commands you listed in the email. A user guide
would be very helpful if you have the time or inclination.
-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Josh
perrymon
Sent: Tuesday, August 30, 2005 1:30 PM
To: CrittendenIV; Petko Petkov; pen-test@...urityfocus.com;
full-disclosure@...ts.grok.org.uk
Subject: RE: [Full-disclosure] Massive Enumeration Toolset
I had the same issue. There is a windows installer but the directions I
think where based on *nix referencing /usr/bin.
TO me it sounds like script based utilities due to all the arguments passed
but I had no luck locating it yet.. but I haven't had time to look.
'
JP
-----Original Message-----
From: CrittendenIV [mailto:crittendeniv@...il.com]
Sent: Tuesday, August 30, 2005 1:07 PM
To: 'Petko Petkov'; Josh perrymon; pen-test@...urityfocus.com;
full-disclosure@...ts.grok.org.uk
Subject: RE: [Full-disclosure] Massive Enumeration Toolset
Very cool. However, I am having issues getting it to run on Windows. I have
python installed. Is there a quickstart?
Thanks
CrittendenIV
-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Petko Petkov
Sent: Tuesday, August 30, 2005 8:24 AM
To: Josh perrymon; pen-test@...urityfocus.com;
full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] Massive Enumeration Toolset
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Massive Enumeration Toolset is a collection of python based scripts.
However, you can use it
as a library if you want to code your own tools. I hope it is easy to use.
The main Google tool is called google. After installation this tool should
be in /usr/bin/ ...
You can use the tool in many different ways:
* Download all VPN configuration files from the net and hack into them
google web --tool=mobile -r100 -d5 -l:10 'main filetype:pcf'
- --exec='wget -x %(URL)'
* Test via GHDB
google ghdb --database=ghdb.xml --tool=mobile
- --filter='querystring.find("asp")>=0' 'site:microsoft.com'
* Download cache via Google API
google cache http://www.microsoft.com --key=your_key google cahce
http://www.microsoft.com --ouput=index.html --key=you_key
* Download cache via Google Mobile (you don't need license key) google cache
http://www.micorosft.com --tool=mobile
* Get Google Sets
google sets microsoft linux
* Get Google Spell
google spell 'icorosft indows'
* Google Images (similar to WEB) - get all images from microsoft.com
sleeping every one second, getting 100 results per query, running on 6
levels (0 - 5) google images --tool=mobile 'site:microsoft.com' -d1 -r100
-l:5
* Google Web
google web --key=your_key 'pentesting'
* Google Web - get snips
google web --tool=mobile 'pentesting' -S -T -U -s
* Google Web - download pages
google web --tool=mobile 'site:microsoft.com' --exec='wget -x %(URL)'
There are many more options that I cannot discuss here. I should write a
tutorial. :)
Josh perrymon wrote:
> I think this is of great use to pen-testers. How do you use the
> software? If is a separate pgm or script based?
>
> JP
>
> -----Original Message----- From:
> full-disclosure-bounces@...ts.grok.org.uk
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Petko
> Petkov Sent: Tuesday, August 30, 2005 9:34 AM To:
> pen-test@...urityfocus.com; full-disclosure@...ts.grok.org.uk
> Subject: [Full-disclosure] Massive Enumeration Toolset
>
> Hello everybody,
>
> I've been playing around with Google and Googles' API in the last two
> months. I found out that Google is extremely powerful when it comes to
> passive enumeration. This is the reason why I put myself into coding a
> small tool, or library if you like, that can perform various
> information-gathering techniques. So far, I have implemented Google. I
> have other interesting ideas that I will put into code latter.
>
>
> The tool can be downloaded from:
> http://www.gnucitizen.org/met/download/
>
>
> You need python in order to execute it. I want to make it clear that
> this is POC. Do not use it for hacking, and pleas read Google's Terms
> of Service first from the following address:
> http://www.google.co.uk/intl/en/terms_of_service.html
>
> On the other hand I am very interesting to know how do you find the
> tool. I am open to any suggestions and contributions as long as they
> match my initial idea.
>
> Thanks and have fun.
>
>
>
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
iD8DBQFDFHn7Ff/6vxAyUpgRApc8AJ9tvyKEOE3+CQvKo9Gg00CxS6vZuACgpGbA
OtYGMRBi/TelxpOp7tFm1w8=
=GqxR
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.10.17/84 - Release Date: 8/29/2005
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.10.17/84 - Release Date: 8/29/2005
Powered by blists - more mailing lists