aaron posted in on August 23rd, 2006
SEAT (Search Engine Assessment Tool) is the next generation information digging application geared toward the needs of security professionals. SEAT uses information stored in search engine databases, cache repositories, and other public resources to scan a site for potential vulnerabilities. It’s multi-threaded, multi-database, and multi-search-engine capabilities permit easy navigation through vast amounts of information with a goal of system security assessment. Furthermore, SEAT’s ability to easily process additional search engine signatures as well as custom made vulnerability databases allows security professionals to adapt SEAT to their specific needs.
Supported Search Engines:
- o Google
- o Yahoo
- o MSN
- o AltaVista
- o AllTheWeb
- o AOL
- o DMOZ
- o GHDB
- o NIKTO
- o GSDB
- o WMAP
- o URLCHK
- o NESTEA
- o Mine domain names belonging to a target site
- o Indirectly scan a range of IP addresses
- o Quickly create new custom Search Engine signatures and Vulnerability Databases.
Below are examples of using SEAT to scan live targets, generate advanced queries, and other tasks:
Simple single target scan – In this video, you will learn the basics of using SEAT like adding a target to scan, selecting a query, search engines to use for the scan, and setting preferences. Once the scan parameters were specified, we will execute the scan itself and look at the results in the Analysis window.
Mine domain names – By watching this video, you will learn how to use SEAT to mine additional targets to scan. Mining domains is essential for a successful database vulnerability scan.
Scan a range of IP addresses – This video displays SEAT’s capability to not only scan domain names, but IP addresses as well. In this video you will learn how to use IP scan to mine additional domain names that are co-located on the same box.
Scan a target using a vulnerability database – Scanning using a vulnerability database is SEAT’s most powerful feature. Here you will learn how to specify an external signature database, import it into SEAT, and start the execution. Once we collect potential vulnerabilities, you will see how to generate various reports for later analysis.
Create a custom vulnerability database – In this video you will learn how to create your own vulnerability database by entering raw queries or using SEAT’s advanced query generator to assist you.
Create new search engine signature – After watching this video you will learn the basics of modifying or adding your own Search Engine signatures.
SEAT is now available for download here
Documentation is available here
- o Peter Kacherginsky — Developer