MSNPawn – Footprinting,
Profiling & Assessment with MSN Search
MSNPawn has been designed and developed on the .Net framework and must be installed on the system. The following utilities have been bundled with MSNPawn.
MSNHostFP - Supply an IP Address or IP Address range to fetch all possible virtual hosts or application running on each IP addresses.
MSNDomainFP - Supply a domain name to fetch the top 50 child domains, considering the supplied domain name as parent.
MSNCrossDomainFP - Supply an application domain to fetch the top 50 domains pointing to this particular domain on the Internet.
MSNCrawler - Supply a domain or application name to fetch all possible links crawled by the search engine.
MSNFetch - Supply a domain and rules file. The tool will run each rule in the file against the domain specified and fetch the first five results of the resultant query. This can help in assessing an application.
Search.MSN - Provides place to run your search against MSN and gather all URLs. Whitepaper is included for better understanding for all these tools.
Note:This is a prototype release and is not tested. Please report your bugs and ideas to email@example.com. Over next few weeks these tool is going to be tested and subsequent releases will be posted on same location.
Any search engine database is a very powerful
source of information for web applications. The Search Engine’s
spiders are well-powered to run frequently on sites and capture
all possible links. As an end user, however, we are more
interested in the searching interface and criteria these engines
provide. By using their search options, end users can craft
intelligent queries against a database and fetch critical
information. There are several tools out there that query the
Google database and fetch this sort of security-related
information about web applications. This paper describes some of
the queries that can be run against SEARCH.MSN in order to fetch
important information that would eventually help in web
SEARCH.MSN provides web services APIs to build applications using their search interface. More information can be gathered from http://search.msn.com/developer/
To be able to use SEARCH.MSN, you will require an Application ID. This can be obtained using MSN passport. Queries are limited to 10,000 a day and allow a total of 50 results for each query. This provides great flexibility to the application. As a security tool, substantial information can be queried from MSN search, making it a handy tool to have in your toolkit. For the examples outlined in this paper, some of the information is retrieved using this interface, with a sample application called MSNPawn (http://www.net-square.com/msnpawn).
Please report bugs, send us feedback at firstname.lastname@example.org