Google hacking

Google hacking, also named Google dorking,[1][2] is a hacker technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites use.

Basics

"Google hacking" involves using advanced operators in the Google search engine to locate specific strings of text within search results. Some of the more popular examples are finding specific versions of vulnerable Web applications. A search query with intitle:admbook intitle:Fversion filetype:php would locate all web pages that have that particular text contained within them. It is normal for default installations of applications to include their running version in every page they serve, for example, "Powered by XOOPS 2.2.3 Final".

Devices connected to the Internet can be found. A search string such as inurl:"ViewerFrame?Mode=" will find public web cameras.

Another useful search is following intitle:index.of followed by a search keyword. This can give a list of files on the servers. For example, intitle:index.of mp3 will give all the MP3 files available on various types of servers.

Advanced operators

There are many similar advanced operators which can be used to exploit insecure websites:

Operator	Purpose	Mixes with Other Operators?	Can be used Alone?	Web	Images	Groups	News
intitle	Search page Title	yes	yes	yes	yes	yes	yes
allintitle[3]	Search page title	yes	yes	yes	yes	yes	yes
inurl	Search URL	yes	yes	no	yes	completely	like intitle
allinurl	Search URL	yes	yes	yes	yes	yes	like intitle
filetype/ext	specific files	yes	yes	yes	yes	completely
intext	Search text of page only	yes	yes	yes	yes	yes	yes
allintext	Search text of page only		yes	yes	yes	yes	no
site	Search specific site	yes	yes	no	yes	yes	completely
link	Search for links to pages	yes	yes	yes	yes	yes	completely
inanchor	Search link anchor text	yes	yes	yes	yes	completely	yes
numrange	Locate number	yes	yes	yes	yes	yes	completely
daterange	Search in date range	yes	yes	yes	completely	completely	completely
author	Group author search	yes	yes	yes	yes	yes	completely
group	Group name search		yes	yes	yes	yes	completely
insubject	Group subject search	yes	yes	like intitle	like intitle	yes	like intitle
msgid	Group msgid search	yes	yes	completely		yes

History of Google hacking

The concept of "Google hacking" dates back to 2002, when Johnny Long began to collect Google search queries that uncovered vulnerable systems and/or sensitive information disclosures – labeling them googleDorks.[4]

The list of Google Dorks grew into a large dictionary of queries, which were eventually organized into the original Google Hacking Database (GHDB) in 2004.[5][6]

Since its heyday, the concepts explored in Google hacking have been extended to other search engines, such as Bing[7] and Shodan.[8] Automated attack tools[9] use custom search dictionaries to find vulnerable systems and sensitive information disclosures in public systems that have been indexed by search engines.[10]

References

Term Of The Day: Google Dorking - Business Insider
Google dork query, techtarget.com
Karch, Marziah. "Allintitle Definition". About.com. About.com. Retrieved 29 February 2020.
"googleDorks created by Johnny Long". Johnny Long. Archived from the original on 8 December 2002. Retrieved 8 December 2002.
"Google Hacking Database (GHDB) in 2004". Johnny Long. Archived from the original on 7 July 2007. Retrieved 5 October 2004.
"Google Hacking for Penetration Testers, Volume 1". Johnny Long. Retrieved 20 February 2005.
"Bing Hacking Database (BHDB) v2". Bishop Fox. Retrieved 27 August 2014.
"Shodan Hacking Database (SHDB) - Part of SearchDiggity tool suite". Bishop Fox. Retrieved 21 June 2013.
"SearchDiggity - Search Engine Attack Tool Suite". Bishop Fox. Retrieved 27 August 2014.
"Google Hacking History". Bishop Fox. Retrieved 27 August 2014.

External links

Google Hacking Diggity Project - Bishop Fox – a research and development initiative dedicated to investigating the latest techniques that leverage search engines (such as Google, Bing, and Shodan) to quickly identify vulnerable systems and sensitive data on public networks. An arsenal of free attack and defense tools related to search engine hacking are available for download.
Google Hacking Database (GHDB) - REBORN - 09Nov2010 – Exploit-db.com folks picked up the effort of maintaining and adding to the original GHDB JohnnyIHackStuff.com created by Johnny Long.
"Google Hacking: .pdf Document", boris-koch.de (printable, .pdf)
"Google Hacking: .pdf Document", boris-koch.de (printable, .pdf)

"Google Help: Cheat Sheet", Google (printable)
Google Hacking for Penetration - Using Google as a Security Testing Tool, Introduction by Johnny Long
Google Hacking Tool, A free tool to demonstrate basic Google Hacking techniques

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.

[1] Term Of The Day: Google Dorking - Business Insider

[2] Google dork query, techtarget.com

[3] Karch, Marziah. "Allintitle Definition". About.com. About.com. Retrieved 29 February 2020.

[googleDorks2002-4] "googleDorks created by Johnny Long". Johnny Long. Archived from the original on 8 December 2002. Retrieved 8 December 2002.

[ghdb2004-5] "Google Hacking Database (GHDB) in 2004". Johnny Long. Archived from the original on 7 July 2007. Retrieved 5 October 2004.

[ghbook2005-6] "Google Hacking for Penetration Testers, Volume 1". Johnny Long. Retrieved 20 February 2005.

[bingHackingBF-7] "Bing Hacking Database (BHDB) v2". Bishop Fox. Retrieved 27 August 2014.

[shodanHackingDB-8] "Shodan Hacking Database (SHDB) - Part of SearchDiggity tool suite". Bishop Fox. Retrieved 21 June 2013.

[searchDiggityBF-9] "SearchDiggity - Search Engine Attack Tool Suite". Bishop Fox. Retrieved 27 August 2014.

[ghHistoryBF-10] "Google Hacking History". Bishop Fox. Retrieved 27 August 2014.