Kali Linux on USB Stick has over 600 preinstalled penetration-testing programs. It includes Armitage (a graphical cyber attack management tool). Nmap (a port scanner), Wireshark (a packet analyzer) & John the Ripper password cracker. Aircrack-ng (a software suite for penetration-testing wireless LANs). Burp suite and OWASP ZAP web application security scanners. Kali Linux can run natively when installed on a computer’s hard disk. It can be booted from a live CD or live USB. It can run within a virtual machine. It is a supported platform of the Metasploit Project‘s Metasploit Framework. It is a tool for developing and executing security exploits.”
To get sensitive shopping info, you could try looking for shopping websites using scripts, whose vulnerabilities are already known. Most of the webmasters, once install the scripts and just keep the website running without updating it regularly.
shopdbtest is an ASP page used by several e-commerce products. Vulnerability in the script allows remote attackers to view the database location, and since that is usually unprotected, the attacker can then download the web site's database by simply clicking on a URL (that displays the active database). The page shopdbtest.asp is visible to all the users and contains the full configuration information. An attacker ca therefore download the MDB (Microsoft Database file), and gain access to sensitive information about orders, users, password, etc.
In the same way, there are others:
MIDICART is s an ASP and PHP based shopping Cart application with MS Access and SQL database. Security vulnerability in the product allows remote attackers to download the product's database, thus gain access to sensitive information about users of the product (name, surname, address, e-mail, phone number, credit card number, and company name).
Most of the websites store the shopping and credit cards info of their users in SQL databases. If the website is vulnerable to SQL Injection, an attacker could get access to whole database, and could get the user’s sensitive shopping info.
As in all other cases, in this case too, you could use up your brain to make a Google dork.
For example : ext:sql username cvv email Expiration Date