metagoofil
options
-d: domain to search
-f: filetype to download
(all,pdf,doc,xls,ppt,odp,ods, etc)
-l: limit of results to work with (default 100)
-o: output file, html format.
-t: target directory to download files.
Örnek olarak aşağıda görüldüğü gibi microsoft.com
sitesine ait doc tipindeki dosyaları araştıralım.
root@bt:~/metagoofil# python
metagoofil.py -d microsoft.com -f doc -l 10 -o micro.html -t micro-files
*************************************
*MetaGooFil Ver. 1.4b
*
*Coded by Christian Martorella
*
*Edge-Security Research
*
*cmartorella@edge-security.com
*
*************************************
[+] Command extract found, proceeding
with leeching
[+] Searching in microsoft.com for: doc
16300
[+] Total results in google: 16300
[+] Limit: 10
[+] Searching results: 0
[ 1/20 ]
[ 2/20 ]
http://www.microsoft.com/investor/Downloads/Events/UBS_Global_Technology_Services_Veghte_060809.doc
[ 3/20 ]
http://www.microsoft.com/investor/Downloads/Events/Goldman_Sachs_Chris_Liddell_022609.doc
[ 4/20 ]
http://download.microsoft.com/documents/uk/Ladbrokes.doc
[ 5/20 ] http://www.microsoft.com/japan/windows/sfu/docs/sfunewfeatures.doc
[ 6/20 ]
http://www.microsoft.com/msft/download/Transcripts/FY06/SteveBallmer053106.doc
[ 7/20 ]
https://members.microsoft.com/ISACommonCrit/exchange/MS_EX_AGD_IGS.doc
[ 8/20 ] http://download.microsoft.com/documents/customerevidence/11451_PrintingforLess_final.doc
[ 9/20 ]
http://www.microsoft.com/japan/sbs/techinfo/deployment/45/ClientSetup.doc
[ 10/20 ]
http://www.microsoft.com/venezuela/socios/local/negocio/MSDNSubscriptionsBattlecard-Espanol.doc
[ 11/20 ]
http://download.microsoft.com/documents/customerevidence/27402_Cakewalk_final.doc
[ 12/20 ]
http://download.microsoft.com/documents/uk/windowsserversystem/bi/Tesco_Real_Time_Sales.doc
[ 13/20 ]
http://download.microsoft.com/documents/customerevidence/5588_marksspencer.doc
[ 14/20 ]
http://support.microsoft.com/servicedesks/webcasts/en/wc021303/programmingforwer.doc
[ 15/20 ]
http://download.microsoft.com/documents/rus/hpc/WindowsHPCServer2008_UsingMSMPI_WhitePaper_Final_ru_edit.doc
[ 16/20 ]
http://download.microsoft.com/documents/customerevidence/27755_SunnyD_case_study.doc
[ 17/20 ]
http://download.microsoft.com/documents/uk/msdn/isv/TribalGroupCaseStudy.doc
[ 18/20 ]
http://www.microsoft.com/thailand/windows2000/downloads/Sales_Rep_Cheat_Sheet_(Internal_Only).doc
[ 19/20 ]
http://www.microsoft.com/venezuela/socios/local/negocio/VisualStudioNetBattlecard-Espanol.doc
[ 20/20 ]
http://www.microsoft.com/peru/ftpfiles/bs.doc
Usernames found:
================
Melody Alderman
Bob Muglia
Bill Veghte
denniem
Chris Liddell
clarel
Kentaro Yoshikawa
Satoshi Sakamori
ueno_y
hosaka_y
tanabe_m
Michael Grimm
Michael Grimm, Microsoft Corp.
Yoshiko Taniguchi
Makoto Hoshi
Takako
SBS Marketing
anges
Daniel Gonzalez
Alexandra Lairet
MANES
Developer Marketing
Microsoft Corporation
Benjamin Van Houten
James Bracher (Entex)
May Yee
Microsoft User
a-andrb
David Slight
IT Pro Marketing
NINA
Charlie Russel
Donna Whitehead
Sherilee
Webmaster
t-sirite
Windows Marketing
Xxxx Marketing
Multimedia Editorial
Microsoft Perú S.A.
Paths found:
============
Normal\
CEP_Template\
\
D:\Inetpub\wwwroot\Japan\BackOffice\sbs\DeployAdmin\doc\
C:\WINNT\Profiles\yosht\Application
Data\Microsoft\Word\
\\kkdesktop\Public\yosht\WhitePapers\
C:\WINDOWS\゙スクトップ|BO45_SBS45\
C:\WINDOWS\
C:\WINDOWS\゙スクトップ|StyleCheck\HPC Template\
F:\MsWeb\Oct-09\windows2000\
C:\Documents and
Settings\t-sirite\Application Data\Microsoft\Word\
D:\My Document at D\
\\MULTIMED-SERVER\WWWROOT\Peru\ftpfiles\
C:\WINDOWS\TEMP\
C:\WIN95\TEMP\
\\INCA\LOURDESB\ms-sub\Lbmdoc98\Web\
[+] Process finished
Görüldüğü gibi bulunan dosyalardan
çeşitli kullanıcı isimleri ( Melody Alderman,Bob Muglia ), dokümanlara
ait dizin bilgileri
( D:\Inetpub\wwwroot\Japan\BackOffice\sbs\DeployAdmin\doc\ , C:\WINNT\Profiles\yosht\Application
Data\Microsoft\Word\ ) ve ağ paylaşım isimlerini bulduk
( \\INCA\LOURDESB\ms-sub\Lbmdoc98\Web\ ) . Şimdi de html çıktısına
bakalım :
Görüldüğü gibi dökümanı kim
oluşturmuş,kim revize etmiş vb detaylı birçok bilgi elde edilmiştir. Bir
kuruma ait bu bilgiler toplandıktan sonra penetrasyon testinin yapılması daha
verimli bilgiler ortaya çıkmasını sağlayacaktır.
Hiç yorum yok:
Yorum Gönderme