Penetration Testing mailing list archives
Re: "Ping scan" through Google
From: pagvac <unknown.pentester () gmail com>
Date: Sun, 22 Jan 2006 13:39:16 +0000
Who cares if it's not the best code in the world. It's a very interesting idea from my point of view. I'm sure I'm *not* the only one who thinks the same. Thanks for posting something creative and interesting. On 1/20/06, Petr.Kazil () eap nl <Petr.Kazil () eap nl> wrote:
The way I do a "Google Ping scan" is so trivial and badly programmed that I'm almost ashamed to publish it. But since two people asked about it, I'll publish it anyway. This thing could be programmed much better using Perl and the Google API, but I haven't taken the time to do this. Suppose I want to scan the range: 221.208.146.1-255 (This is a random IP range that I got from one of the most recent SPAM mails that I received.) The Google search URL belonging to the spam sender's address 221.208.146.138 is: http://www.google.nl/search?hl=en&q=%22221.208.146.138%22&btnG=Search Now I cut off the last IP range from this string, replace it by a counter and wrap this in a VBScript file: =================================== Option Explicit Const IPRange = "221.208.146" Const ForWriting = 2 Dim objFSO, objFile, filename Dim urlpart1, urlpart2, url Dim i Dim objHTTP for i = 1 to 255 urlpart1="http://www.google.nl/search?hl=en&q=%22" urlpart2="%22&btnG=Search" url= urlpart1 & IPRange & "." & i & urlpart2 Set objHTTP = CreateObject("MSXML2.XMLHTTP") Call objHTTP.Open ("GET", url, FALSE) objHTTP.Send If InStr (objHTTP.ResponseText, "did not match any documents") > 0 Then ' do nothing Else filename = "Googlescan_" & IPRange & "." & i & ".htm" Set objFSO = CreateObject("Scripting.FileSystemObject") Set objFile = objFSO.OpenTextFile(filename, ForWriting, True, vbTrue) objFile.Write objHTTP.ResponseText objFile.Close End If wscript.sleep 6000 next =================================== That's all. (I hope I didn't leave a dumb bug in there ...) Now the above example (IP Range) is not the most suitable, because it looks like it's from a provider with a lot of outgoing IP-adresses, and it is in Chinese, so the websites are not very informative. But try this for your own company's IP-range and it should get more interesting. Greetings, Petr Kazil ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
-- pagvac (Adrian Pastor) www.ikwt.com - In Knowledge We Trust ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Re: List of "clickable" on-line pen-test tools, (continued)
- Re: List of "clickable" on-line pen-test tools thomas springer (Jan 25)
- Message not available
- Re: List of "clickable" on-line pen-test tools FocusHacks (Jan 30)
- Re: List of "clickable" on-line pen-test tools thomas springer (Jan 24)
- Re: Secure Password Policy? Stephen J. Smoogen (Jan 19)
- Re: Secure Password Policy? Alexander Klimov (Jan 19)
- Re: Secure Password Policy? Tim (Jan 21)
- Re: Secure Password Policy? Tim (Jan 21)
- "Ping scan" through Google Petr . Kazil (Jan 22)
- Re: "Ping scan" through Google -- Perl version for *NIX Peter Hille (Jan 22)
- Re: "Ping scan" through Google Robert Wesley McGrew (Jan 22)
- Re: "Ping scan" through Google pagvac (Jan 23)
- Re: Secure Password Policy? Tim (Jan 21)
- Re: Secure Password Policy? Neil (Jan 20)
- Re: Secure Password Policy? David M. Zendzian (Jan 22)
- Re: Secure Password Policy? Brian Anderson (Jan 22)
- Re: Secure Password Policy? bf (Jan 21)
- Re: Secure Password Policy? bf (Jan 21)
- RE: Secure Password Policy? Mark Atherton (Jan 19)
- Re: Secure Password Policy? intel96 (Jan 22)
- Re: Secure Password Policy? DMORROW5 (Jan 19)
- RE: Secure Password Policy? Jarmon, Don R (Jan 19)
- Re: Secure Password Policy? Sean Earp (Jan 22)