Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: NSE Script - google-id
From: Hani Benhabiles <kroosec () gmail com>
Date: Fri, 1 Apr 2011 00:19:08 +0100

Great patch Dan!

As you know, normal search engines like Google don't index these IDs as they
are in Javascript code. But there are some specialized sites that index
them.
The best I've found with the largest database (and increasing everyday) is
http://reverseinternet.com/ for Google Adsense and Analytics.

So I was thinking about another script that depends on affiliate-id, that
queries the found IDs on that website.
What do you think about it ?

On Thu, Mar 31, 2011 at 11:53 PM, Daniel Miller <bonsaiviking () gmail com>wrote:

Great to see this was included in the latest revision! I'm attaching a
patch that does the postrule matching (blatantly stolen from
ssh-hostkey.nse), as well as adding a few new IDs (Google Maps, Google API,
Flickr API, eBay Partner Network). I haven't tested these, but they should
work according to the documentation online.

Dan


On 03/30/2011 10:38 AM, Daniel Miller wrote:

This is a neat script! I'm attaching a patch that factors out the
regexes and ID names so you can loop around the main detection block,
and extend it by adding entries to a table. As an example, I added one
for finding Amazon Associate IDs. Since this makes the script no
longer focus on Google products, I renamed it to affiliate-id.nse, but
you can do as you like.

I'd be very interested to see this done up with a postrule to show
sites with common ids, like the new ssh-hostkey script does with SSH
keys.

Dan

On Wed, Mar 30, 2011 at 6:18 AM, Djalal Harouni<tixxdz () opendz org>
 wrote:

On 2011-03-28 11:41:10 +0100, Hani Benhabiles wrote:

Hey,

Attached is an updated and documented version of google-id.nse.
It's a script that grabs a web site's Google Analytics and Adsense IDs.
These could be used to match related web sites (i.e that have the same
owner).

Hi Hani,
You can use the stdnse.get_script_args() instead of nmap.registry.args.

Speaking about information gathering, perhaps this can be combined with
the whois script and the results will be shown in a postrule.

--
tixxdz
http://opendz.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault