-
Hello World!
05/16/2014 at 08:45 • 0 commentsWell here is one of my first programming project.
A fun part of pentesting is the gathering part, when a pentester looks for valuable information to assess his victim. A big part of information gathering has to do with e-mails and social networks in order to be able to exploit the human's weaknesses.
Here's were the e-mail collectector come to action. The original version was searching three engines and I thought "Only three ?!". I went to work, looking into the orginal code to understand the structure and the way the script worked.
Finally I was able to come up with a quite "neat" Metasploit module that is now able to search :
- The firts three engines (original version) : Google, Bing, Yahoo
- The new ones : Ask, Aol, Yandex, Baidu, Lycos.
My goal was to have an email collector I hopefully would only use once during the assessment. The reason Yandex and Baidu engines are used is for Chinese and Russians to be able to use the script searching their country's search engine with which results may be more accurate.
Unfortunatly I recently noticed the change of the code in the Lycos as Baidu engine which gave me badly formated results. You can try to run it and you will see.
Hopefully, the latest tries I gave to this script shown me that a previous error displayed in the shown response was actually coming from the Ask engine and now seems to be corrected.
If you have a clue to correct one of the described bugs tell me and if it was not already corrected I will do so.