Kali Linux on USB Stick has over 600 preinstalled penetration-testing programs. It includes Armitage (a graphical cyber attack management tool). Nmap (a port scanner), Wireshark (a packet analyzer) & John the Ripper password cracker. Aircrack-ng (a software suite for penetration-testing wireless LANs). Burp suite and OWASP ZAP web application security scanners. Kali Linux can run natively when installed on a computer’s hard disk. It can be booted from a live CD or live USB. It can run within a virtual machine. It is a supported platform of the Metasploit Project‘s Metasploit Framework. It is a tool for developing and executing security exploits.”
You could make up your own Google dork, depending upon the situation.
Following are few examples :
ext:sql password username
ext:xls password @hotmail.com
filetype:php~ (pass|passwd|password|dbpass|db_pass|pwd) Author: Bastich
With the in-depth knowledge of websites and CMSes, you will be able to understand the inner working, and will also come to know where the websites store the private information. That will ultimately help you make your own Google dork.
Also, FTP clients store there password in an .ini file, which in some cases are not fully protected. So, with a good Google dork, we could look for those entries and the FTP passwords.
ext:ini WS_FTP PWD
To use the ini files, you could use them in your FTP client, cause in most of the cases, they are not readable, when viewed simply. Or you could try decoding the ini files online, and then use those values while connecting to the FTP.
In some cases, software stores its registration entries in the Windows Registry values; you could try finding them using Google.
ext:reg intext:”internet download accel”
You may land over this type of useful info:
Windows Registry Editor Version 5.00