Re: Website search engine is a hacking tool..

From: c0ntex@open-security.org
Date: Fri Jul 23 2004 - 17:55:15 EDT

• Next message: Jerry Shenk: "RE: Find out the subnetting of a company"
• Previous message: Jeremiah Grossman: "WASC Releases Web Security Threat Classification"
• Maybe in reply to: Amal Mohammad Al Hajeri: "Website search engine is a hacking tool.."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

>On Mon, Jul 19, 2004 at 08:06:21AM +0400, Amal Mohammad Al Hajeri wrote:
>> Hi List,
>>
>> Did you ever thought of the website search engine as a hacking tool?
>> During one of the pen-tests, The website search engine, was a valuable
>> tool to discover interesting directories within the website itself,
>> these directories were not detected by famous website scanners like
>> nikto or SPI dynamics,i managed to get documentation pages about the API
>> application implemented, management login pages, backup files and much
>> more.

I wrote a paper on search engine spiders a while back, it is a well known trick now but still a useful method for data mining, as you discovered :)

http://open-security.org/texts/8_Legs.txt


cheers
c0ntex

• Next message: Jerry Shenk: "RE: Find out the subnetting of a company"
• Previous message: Jeremiah Grossman: "WASC Releases Web Security Threat Classification"
• Maybe in reply to: Amal Mohammad Al Hajeri: "Website search engine is a hacking tool.."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:58 EDT