Penetration Testing mailing list archives
Re: Website search engine is a hacking tool..
From: <c0ntex () open-security org>
Date: 23 Jul 2004 21:55:15 -0000
In-Reply-To: <20040722063551.GA30017 () liderlink net>
On Mon, Jul 19, 2004 at 08:06:21AM +0400, Amal Mohammad Al Hajeri wrote:Hi List, Did you ever thought of the website search engine as a hacking tool? During one of the pen-tests, The website search engine, was a valuable tool to discover interesting directories within the website itself, these directories were not detected by famous website scanners like nikto or SPI dynamics,i managed to get documentation pages about the API application implemented, management login pages, backup files and much more.
I wrote a paper on search engine spiders a while back, it is a well known trick now but still a useful method for data mining, as you discovered :) http://open-security.org/texts/8_Legs.txt cheers c0ntex
Current thread:
- Website search engine is a hacking tool.. Amal Mohammad Al Hajeri (Jul 21)
- Re: Website search engine is a hacking tool.. Gerry Eisenhaur (Jul 22)
- Re: Website search engine is a hacking tool.. Wojciech Pawlikowski (Jul 22)
- <Possible follow-ups>
- RE: Website search engine is a hacking tool.. Drew Copley (Jul 23)
- RE: Website search engine is a hacking tool.. Charles Gillman (Jul 28)
- RE: Website search engine is a hacking tool.. Amal Mohammad Al Hajeri (Jul 28)
- RE: Website search engine is a hacking tool.. Vinicius Moreira Mello (Jul 30)
- RE: Website search engine is a hacking tool.. Mark Curphey (Jul 30)
- RE: Website search engine is a hacking tool.. Charles Gillman (Jul 28)
- Re: Website search engine is a hacking tool.. c0ntex (Jul 28)