SEAT: the Search Engine Assessment Tool
Description
A GUI interface tool from Midnight Research Labs:
http://midnightresearch.com/projects/search-engine-assessment-tool/.
Think of it as half search engine (to deeply scan domains) and half exploit-matching tool (because it helps you find exploits for specific vulnerabilities).
Stage
SEAT is a tool for initial Information Gathering.
Description
SEAT (Search Engine Assessment Tool) is the next generation information digging application geared toward the needs of security professionals. SEAT uses information stored in search engine databases, cache repositories, and other public resources to scan a site for potential vulnerabilities. It’s multi-threaded, multi-database, and multi-search-engine capabilities permit easy navigation through vast amounts of information with a goal of system security assessment. Furthermore, SEAT’s ability to easily process additional search engine signatures as well as custom made vulnerability databases allows security professionals to adapt SEAT to their specific needs.
Particularly note that phrase, “vulnerability databases.” You’re going to target, at least initially, a domain name. This leads to identification of the box running the domain, other domains hosted on that box (which may create vulnerabilities you can exploit), and IP address space. Once you’re that deep there’s plenty to explore, and SEAT’s vulnerability databases will identify weaknesses.