Tuesday, February 9, 2010

Windows Pentesters Delight--Watch Out Linux Users, Move Over for MS.

Well one of my hobbies is security.  Of course anyone who wants the respect for the Security community should probably learn Linux and the tools that come with Linux.  This has led to me doing some cool stuff with Bash, learning BackTrack, and research and gaining knowledge of the Linux environment.  I've also been taking the course over at Offensive-Security.com.  I know that Linux is for serious security guru's (who would laugh at someone that said they use Windows for all their security needs), but I think that PowerShell has the ability to offer viable alternatives to some of the Linux tools.  Just throwing this out there--Linux should watch it or else it may lose it's 'Security' throne to Windows (I'm sure that comment is going to get flamed).

Anyway, take for example Information Gathering Techniques.  The BackTrack distro offers a number of tools to find user info and email info about companies from web sites.  So I was thinking, "How can I start converting some of these tools over to Windows using PowerShell?"  Well here is my start...

One of the first things I was thinking would be nice, would be to grab web pages to search for email addresses or other things.  So here is a quick little function for grabbing web pages:

function Get-WebPage{            
    $WebClient = New-Object System.Net.WebClient            
    $WebPage = $WebClient.DownloadData($Url)            
    return [System.Text.Encoding]::ASCII.GetString($WebPage)            

That little goody will get you the HTML text of the URL you supply.  "What can you do with that?" you ask.  How about getting Google results (if you get permission from Google first of course)...

function Get-GoogleResults{            
    Param(  [string]$Search,            
            [string]$SearchPrefix = "/search?q="            
    Function Get-ResultObject([string]$rTitle,[string]$rUrl){            
        $tempobject = New-Object PSObject -Property @{Title=$null;Link=$null}            
        $tempobject.Title = $rTitle            
        $tempobject.Link = $rUrl            
        return $tempobject            
    $PageNumber = ($PageNumber - 1) * 10            
    $WebSearch = "$site$searchprefix$search`&start=$PageNumber"             
    $regex = [regex]'<h3 class=r>.*?</h3>'            
    $GoogleResults = Get-WebPage $WebSearch            
    $regex.matches($GoogleResults) |             
        %{  $Title = [regex]::replace($_,"<.*?>","")            
            $Link = [regex]::matches($_,'\".*\"')| %{$_.value.trim('`"')}            
            $AllResults += @(Get-ResultObject $Title $Link)            
    return $AllResults            
The Get-GoogleResults will return the Title and link for each search result.  You can supply the page number to get the next page of results.  I.e. Get-GoogleResults 'beer lovers' 3 will retrieve the third page of results from a Google search.

That particular function returns an array of objects with Title and Link as properties.  You can then go through the array get the URL for each link and search it if you want for email addresses.

for($i=1;$i -le 10; $i++){Get-GoogleResults "samueladams.com" $i | %{Get-WebPage $_.Link | %{([regex]'\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*').matches($_) | %{$_.value}}}}

I'm pretty sure there's a couple of Linux tools that'll replace (LOL).

Have fun

No comments:

Post a Comment