Using Backtrack 4: Information Gathering: Searchengine: gooscan

gooscan

Purpose:

To perform searches on enterprise Google Appliances. Just imagine what those internal search appliances can hold….

Discussion:

This is not just a command-line tool for doing Google searches. In fact, automated searches are specifically forbidden by Google’s terms of service. Instead, it is designed to exploit Google’s popular search appliances, which are deployed in all sorts of big corporations that have a hard time keeping track of their own information.

Opening Instructions:

gooscan <-q query | -i query_file> <-t target>
[-o output_file] [-p proxy:port] [-v] [-d]
[-s site] [-x xtra_appliance_fields]
—————————————————————-
(query)       is a standard google query (EX: “intitle:index.of”)
(query_file)  is a list of google queries (see README)
(target)      is the Google appliance/server
(output_file) is where the HTML-formatted list of results goes
(proxy:port)  address:port of a valid HTTP proxy for bouncing
(site)        restricts search to one domain, like microsoft.com
(xtra_appliance_fields) are required for appliance scans
-v turns on verbose mode
-d hex-encodes all non-alpha characters
Friendly example:
gooscan -t google.fda.gov -q food
-x “&client=FDA&site=FDA&output=xml_no_dtd&oe=&lr=&proxystylesheet=FDA”
Google terms-of-service violations:
gooscan -t www.google.com -q “linux”
gooscan -t www.google.com -q “linux” -s microsoft.com
gooscan -t www.google.com -f gdork.gs

Gooscan google scanner by j0hnny http://johnny.ihackstuff.com

Stage:

Information gathering

Home Page:

Formerly http://johnny.ihackstuff.com, this site now redirects to hackersforcharity.org. The original downloads links do not work, so this is probably a terminal release.

Tutorial:

Gooscan – Automated Google Hacking Tool

Leave a Reply