December 7, 2016

New Version of Secpoint Google Hacking Database and Tool Released

(LiveHacking.Com) – Danish IT security company Secpoint has released the new version of its Google Hacking database and tool.New Version of Secpoint Google Hacking Database and Tool Released

The new version of Secpoint Google Hacking database and tool have more than 7800 updates in its Google Hacking database in addition to friendly output and support for multiple sites in its tool.

This open source tool could help the security professionals and penetration testers to submit automated queries to Google and save the output in a file for further investigation.

The following Google hacking databases are included in the Secpoint Google Hacking tool:

  1. devices_and_cameras.txt
  2. errors.txt
  3. files.txt
  4. interesting_directories.txt
  5. interesting_info.txt
  6. login_pages.txt
  7. misc.txt
  8. network_or_vulnerability data.txt
  9. passwords_and_usernames.txt
  10. sql_injection_list.txt
  11. vulnerabilities.txt
  12. vulnerable_systems.txt
  13. webserver_banners.txt

The Secpoint Google Hacking database and tool is available to download here.

Disclaimer: It is against Google’s Terms of Service to send automated queries to Google’s System.

SecPoint Releases New Version of its Multi-threaded TCP Port Scanner

(LiveHacking.Com) – SecPoint, a Danish IT security network company, has released a new version of its multi-threaded TCP port scanner. The new version, which is released under a BSD style license and includes the source codes, adds new features like SYN scanning.

Other new features include:

  • Added host name resolution
  • Added option -o for output to file in plain text format
  • Added option -oh for output to file in html format
  • Added option -ox for output to file in xml format
  • Reversed the meaning of -r : by default shows port names, with -r does not show them
  • Skipping duplicated open ports: Due to the low delay between two sends, the pcap library may call the receive function multiple times for the same port. Increasing the delay time, this problem can be bypassed, but it will slow down processing. With this solution, it’s possible to keep a low delay and avoid duplicates at once.
  • Changed name to “portscanner”
  • Added target host name to output, if given
  • Removed printing of options -w and -n for Connect scan
  • Help message changed according to the new options

Using the program is simple and the ability to start multiple scanning threads makes the program quite fast. Running the following command will scan the common ports (ports 1-2000 plus a special selection that makes scanning more efficient):

./portscanner IP

Port ranges can be specified as follows:

./portscanner IP -p 21-80

Use the -s option to perform a SYN scan and -n to increase the number of threads. The default is 10. On our test machine running with -n 100 reduced the scan time for 7473 ports by 75%!

You can find out more here and the tool can be downloaded for Windows and Linux (including the source code) here.