Penetration Testing: Re: Website search engine is a hacking tool..

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

Re: Website search engine is a hacking tool..

From: <c0ntex () open-security org>
Date: 23 Jul 2004 21:55:15 -0000

In-Reply-To: <20040722063551.GA30017 () liderlink net>

On Mon, Jul 19, 2004 at 08:06:21AM +0400, Amal Mohammad Al Hajeri wrote:

Hi List,

Did you ever thought of the website search engine as a hacking tool?
During one of the pen-tests, The website search engine, was a valuable
tool to discover interesting directories within the website itself,
these directories were not detected by famous website scanners like
nikto or SPI dynamics,i managed to get documentation pages about the API
application implemented, management login pages, backup files and much
more.


I wrote a paper on search engine spiders a while back, it is a well known trick now but still a useful method for data 
mining, as you discovered  :) 

http://open-security.org/texts/8_Legs.txt


cheers
c0ntex

By Date By Thread

Current thread:

RE: Website search engine is a hacking tool.., (continued)
- RE: Website search engine is a hacking tool.. Drew Copley (Jul 23)
  - RE: Website search engine is a hacking tool.. Charles Gillman (Jul 28)
    - RE: Website search engine is a hacking tool.. Amal Mohammad Al Hajeri (Jul 28)
    - RE: Website search engine is a hacking tool.. Vinicius Moreira Mello (Jul 30)
    - RE: Website search engine is a hacking tool.. Mark Curphey (Jul 30)
- Re: Website search engine is a hacking tool.. c0ntex (Jul 28)