Ironwood Tree

Sunday, October 23, 2011

Another bit of wisdom

I just have one windows vm on my Mac. It's Windows 7 and I want to run my favorite hacking tools on it. My favorite of the favorite tools is Wikto. I especially like the Googlehacking database included in it. This will rapidly search Google for vulnerable systems. You can use it to break in, or to find problems on your own web site. Anyone who works in vulnerability management, as I do, should know how to use it.

To use Wikto for Googlehacking, you have to have an api running that lets Google know you're doing it on purpose and you're not malware. There are viruses and trojans that hijack computers to do these queries and Google is a good citizen and blocks them.

Sensepost has an api called Spud that will let you run a query on a website through Wikto. Starting Spud is tricky in Windows 7. You have to open up a command prompt as administrator, change to the sensepost spud directory and run \bin\spud.exe. You can't run it from the bin directory, just the directory above it.


Post a Comment

<< Home