书名：Mastering Kali Linux for Web Penetration Testing
作者名：Michael McPhee
本章字数：366字
更新时间：2025-02-27 22:38:42

Work smarter with the Google hacking DB and Netcraft

Google search skills will always be useful, but a lot of the most useful strings for hackers are captured in the Google hacking database (also known as The Exploit DB), a project hosted by the Offensive Security folks (https://www.exploit-db.com/google-hacking-database/). While it is fun to browse, the best use of it is to seed your search queries, combining the strings they have catalogued with your own modifiers from the previous section.

The bulk of their categories are useful for web penetration testing, but I would start with the Web Server Detection queries:

The Google Hacking DB is ripe with awesome search queries you can repurpose.

These queries and others from categories such as vulnerable servers, sensitive directories, and so on, coupled with the inurl: and site: modifiers can prove quite useful in getting a high-level look at the exposure in an environment. If you get lucky and unearth credentials or vulnerabilities, this information should be disclosed immediately to your sponsoring customer. These searches are in use continuously on both sides of the hacking landscape, and this sort of information should not wait until the debrief.

Netcraft, a company based in Bath, England, offers many services, but their free web scan tool (https://searchdns.netcraft.com) is a great quick-and-dirty scanner that can help focus more detailed efforts. You can search on a domain name and burrow down into a report of all of the technologies and versions that can be publicly analyzed based on responses to harmless queries. A quick search of https://www.packtpub.com/ on their site reveals that they have two mail IP addresses currently hosting a Packt platform on FreeBSD. What else does the report tell us?

Netcraft's online web scanner gives us a great peek at what we have in store for future phases.

We can see that there are two trackers in place (Google and Amazon). XML and SSL are in use server-side while JavaScript is in use on the clients, Drupal is used both as the Content Management System (CMS) and PHP scripting engine, and HTML5 and CSS sheets are in also use. All of these are useful in refining our pen testing approaches.