Thursday, March 24, 2011

Pastenum – Pastebin/pastie enumeration tool


When conducting a pen-test, the process typically starts with the reconnaissance phase, the process of gathering information about your target(s) system, organization or person.
Today, we want to present a tool that can be added to your reconnaissance toolkit.
Text dump sites such as pastebin and pastie.org allow users to dump large amounts of text for sharing and storage.
As these sites become more popular the amount of sensitive information being posted will inevitably increase.
Pastenum is designed to help you find that information and bring it into one easy to read location.
The hope is it will allow internal security teams to run simple queries about their companies and determine if they have sensitive information residing in one of these text dumps. It will also help pen-testers with the recon phase by allowing them to enumerate more data faster.
In order to do so, it uses a series of search queries for keywords, provided by the pentester.  Since it queries public sources (and not the target network itself), this should be stealth to the target.

1 comment:

  1. Yeah.. I rewrote this for you as a rubygem.

    `gem install pastenum`

    It now is far more robust, and and includes additional functionality.

    https://github.com/shadowbq/pastenum

    ReplyDelete