Matteo Cantoni sent me an email to his tool called Googlepath today. It’s a project written in PERL to find information from websites to automatically generate probable attack points for web applications. Granted, you already have to know what you are looking for, but it’s an interesting tool for blackhat SEO to find highly valuable .gov and .edu domains that are vulnerable, as well as for web application vulnerability assessments when you are trying to locate probable attack points.

I should caveat this because it is really more designed to be a wide scanner and not as much for a pinpoint target assessment, which strikes me as a very blackhat tool, rather than a whitehat app scanner, but it does have a -s flag which will allow you to scan a given site, which might save you time during vulnerability assessments. Thanks, Matteo!

This entry was posted on Wednesday, August 16th, 2006 at 11:26 am and is filed under Webappsec, SEO/SEM. You can leave a response as well.