Web Application Footprinting & Assessment with MSN Search Tricks
by Shreeraj Shah - net square - Monday, 5 December 2005.
Any search engine database is a very powerful source of information for web applications. The Search Engine's spiders are well-powered to run frequently on sites and capture all possible links. As an end user, however, we are more interested in the searching interface and criteria these engines provide. By using their search options, end users can craft intelligent queries against a database and fetch critical information. There are several tools out there that query the Google database and fetch this sort of security-related information about web applications. This paper describes some of the queries that can be run against SEARCH.MSN in order to fetch important information that would eventually help in web application assessment.

SEARCH.MSN provides web services APIs to build applications using their search interface. More information can be gathered from this website.

To be able to use SEARCH.MSN, you will require an Application ID. This can be obtained using MSN passport. Queries are limited to 10,000 a day and allow a total of 50 results for each query. This provides great flexibility to the application. As a security tool, substantial information can be queried from MSN search, making it a handy tool to have in your toolkit. For the examples outlined in this paper, some of the information is retrieved using this interface, with a sample application called wapawn.

Download the paper in PDF format here.

Spotlight

The role of the cloud in the modern security architecture

Posted on 31 July 2014.  |  Stephen Pao, General Manager, Security Business at Barracuda Networks, offers advice to CISOs concerned about moving the secure storage of their documents into the cloud and discusses how the cloud shaping the modern security architecture.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //