Using Backtrack 4: Information Gathering: Searchengine: gooscan



To perform searches on enterprise Google Appliances. Just imagine what those internal search appliances can hold….


This is not just a command-line tool for doing Google searches. In fact, automated searches are specifically forbidden by Google’s terms of service. Instead, it is designed to exploit Google’s popular search appliances, which are deployed in all sorts of big corporations that have a hard time keeping track of their own information.

Opening Instructions:

gooscan <-q query | -i query_file> <-t target>
[-o output_file] [-p proxy:port] [-v] [-d]
[-s site] [-x xtra_appliance_fields]
(query)       is a standard google query (EX: “intitle:index.of”)
(query_file)  is a list of google queries (see README)
(target)      is the Google appliance/server
(output_file) is where the HTML-formatted list of results goes
(proxy:port)  address:port of a valid HTTP proxy for bouncing
(site)        restricts search to one domain, like
(xtra_appliance_fields) are required for appliance scans
-v turns on verbose mode
-d hex-encodes all non-alpha characters
Friendly example:
gooscan -t -q food
-x “&client=FDA&site=FDA&output=xml_no_dtd&oe=&lr=&proxystylesheet=FDA”
Google terms-of-service violations:
gooscan -t -q “linux”
gooscan -t -q “linux” -s
gooscan -t -f

Gooscan google scanner by j0hnny


Information gathering

Home Page:

Formerly, this site now redirects to The original downloads links do not work, so this is probably a terminal release.


Gooscan – Automated Google Hacking Tool