i-1000th idea to make money online via python-chained sqlmaps!

My i-1000th idea to make money online came to me one morning when playing around with Kali tools and gaining access to stuff I shouldn’t have access to. There was a little bit of a moral dilemma that came to play when I thought to myself about the opportunity to see if someone’s password was re-used on other sites when I found 10s 1000s of them in plain text, or create a mailing list to sell like merchandise from lists of 10s 1000s emails on different sites online… but I thought I’d take the whitehat approach and see if I could make people aware of some of their security holes in exchange for the opportunity to sell them security solutions.

#1) Create a pentesting automated script that identifies open databases or other security holes

There’s myriad tools that come to mind to make this process easier, but I found some manipulation of sqlmap and scraping bing results in Python using Scrapy that allowed me to index exposed databases heuristically. I’d target .ca domain names with certain trailing patterns in the Bing results (alas, Google was too tough to scrape and Bing was far easier) using inurl parameters in search.

#2) Penetrate them lightly in a non-offensive manner

I’d save the databases that were penetrated into local files and the resulting logs that had filesize >0 bytes I knew had database names and entry points to find…