
Table 6.2 Locating Source Code with Common Strings
Extension
Language (Optional) Sample String
Perl PERL, PL, PM “#!/usr/bin/perl”
Python Py “#!/usr/bin/env”
VBScript .vbs “<%@ language=”vbscript” %>”
Visual Basic Vb “Private Sub”
In using this table, a filetype search is optional. In most cases, you might find
it’s easier to focus on the sample strings so that you don’t miss code with funky
extensions.
Locating Vulnerable Targets
Attackers are increasingly using Google to locate Web-based targets vulnerable to
specific exploits. In fact, it’s not uncommon for public vulnerability announce-
ments to contain Google links to potentially vulnerable targets,