Search Engine Assessment Tool

Introduction

SEAT (Search Engine Assessment Tool) is the next generation information digging application geared toward the needs of security professionals. SEAT uses information stored in search engine databases, cache repositories, and other public resources to scan web sites for potential vulnerabilities. It’s multi- threaded, multi-database, and multi-search-engine capabilities permit easy navigation through vast amounts of information with a goal of system security assessment. Furthermore, SEAT’s ability to easily process additional search engine signatures as well as custom made vulnerability databases allows security professionals to adapt SEAT to their specific needs.



Features

The most important strength of SEAT is it's ability to simulate what attackers or malware would do when they anonymously collect potentially harmful public information available on your site. Using SEAT you can perform similar assessments faster with the ability to dig through large sets of information to pinpoint potential vulnerabilities.

Search Engine Abstraction

SEAT utilizes search engine abstraction to automatically adapt queries to multiple search engines. This means that a single signature that could normally be applied to only a single search engine, will be abstracted and adapted to all search engines supported by SEAT. This will increase your chances of finding a vulnerability that would otherwise be missed by a single search engine approach.

Performance

From high performance database which allows you to quickly store and retrieve thousands of mined results and domains to flexible multi-threaded query engine, all parts of SEAT are optimized for quick and reliable performance.

Note: SEAT does not use APIs provided by some search engines, thus avoiding unnecessary limitations in the number of requests made in a given period of time.

Usability

A great deal of time went in to design of a user-friendly and efficient GUI to allow you to get the most from time spent working with the tool. Almost every part of SEAT can be adjusted to fit your individual needs while providing default settings for the beginning users.

Anonymity

SEAT offers a degree of anonymity due to its reliance on publicly available information to assess a target. At no point during its execution SEAT is communicating directly with the target site. This however does not mean you are 100% anonymous, because you are still communicating with various databases which if necessary can and will reveal logs of your activity. You have been warned.


Installation

You will need Perl versions 5.8.0-RC3 and later. Additionally SEAT requires several Perl modules:


  • Gtk2
  • threads
  • threads::shared
  • XML::Smart

Ubuntu

Default Ubuntu installation comes with both Gtk2 and threads Perl modules. Normally, your installation steps will be limited to the following:

                                 sudo apt-get install libxml-smart-perl

Running SEAT

To run SEAT, change your directory to seat/ and execute SEAT with:

                                ./seat

Note: There is no need for root privileges

References ----->

Google Hacking Database - The original source of inspiration for the project.
ExploitDB GHDB - Updated Google Dorks database hosted by ExploitDB
Google Hacking Diggity - Google and Bing dorks tool that relies on official search APIs.


Thank you (zer0w0rm)