The term
“Google Hacking “certainly does not mean hacking Google Company. It means that
you can do specially selected queries for the popular Google search engine,
which allow you to find information useful for analyzing the security of other
websites. With the help of these queries, you will find e.g. vulnerable pages,
holes in the code, server and script version, data that should not be published,
passwords, databases, etc.
Google Hacks
is also called Google Dorks.
All you need
is web browser, access to Google Web Search and Google Dorks. There is a nice
and big list of popular and fresh Google Dorks called Google Hacking Database.
#Examples
Below I
share with you some of the interesting Google Dorks I used in the past (one
Google Dork per line):
1.
allintext:
“Pixie Powered”
2.
“script_filename”
“HTTP Headers Information” “allow_url_fopen” ext:php
3.
intitle:”Index
of” “/ .WNCRY”
4.
inurl:/help/readme.nsf
intitle:”release notes” intitle:domino
5.
“Apache
Server Status for” “Server Version” -“How to” -Guide -Tuning
6.
inurl:”/web.config”
ext:config
7.
inurl:logs/gravityforms
8.
“not
for public release” filetype:pdf
9.
“pcANYWHERE
EXPRESS Java Client”
10.
wwwboard
WebAdmin inurl:passwd.txt wwwboard|webadmin
11.
filetype:pem
“PRIVATE KEY”
12.
inurl:/t/
(portal OR intranet OR login)
13.
intitle:”index
of” “places.sqlite” “key3.db” -mozilla.org
14.
inurl:”?db_backup”
| inurl:”dbbackup” -site:http://github.com
“sql.gz” | “sql.tgz” | “sql.tar” | “sql.7z”
15.
inurl:.php?
intext:CHARACTER_SETS,COLLATIONS intitle:”phpmyadmin”
16.
intitle:”=[
1n73ct10n privat shell ]=”
17.
filetype:rdp
password
18.
filetype:sh
inurl:cgi-bin
19.
allinurl:index.php?db=information_schema
20.
inurl:index.rb
21.
ext:json
OR inurl:format=json
22.
inurl:”server-status”
intitle:”Apache Status” intext:”Apache Server Status for”
23.
inurl:”.s3.amazonaws.com/”
24.
site:http://s3.amazonaws.com intitle:index.of.bucket
25.
site:http://blob.core.windows.net
26.
site:*
inurl:/user/register
27.
intext:”There
isn’t a Github Pages site here”
28.
intitle:”Site
not found · GitHub Pages”
29.
inurl:%26
inurl:%3D
30.
inurl:&
inurl:%3D
31.
intitle:”Dashboard
[Hudson]”
32.
intitle:”Dashboard
[Jenkins]” intext:”Manage Jenkins”
33.
“or
greater is required”+”You have no flash plugin installed”
34.
site:target.com
filetype:”xls | xlsx | doc | docx | ppt | pptx | pdf”
Copy and
paste each of them to Google Search and check the result. Interesting right?
So, how it works?
2: Search Operators
As you can
see there is a lot of operators you can use in search, to narrow your search
results to the most interesting ones. Here is the list with some examples. Read
it and create some search queries combining several of them.
OR - Search
for X or Y. Examples: jobs OR gates / jobs | gates
AND - Search
for X and Y. Example: jobs AND gates
- - Exclude
a term or phrase. Example: jobs –apple
* - Acts as
a wildcard and will match any word or phrase. Example: steve ***** apple
( ) - Group
multiple terms or search operators to control how the search is executed.
Example: (ipad OR iphone) apple
$ - Search
for prices. Example: ipad $329
define: - A
dictionary built into Google, basically. This will display the meaning of a
word in a card-like result in the SERPs. Example: define:entrepreneur
cache: -
Returns the most recent cached version of a web page. Example: cache:apple.com
filetype: -
Restrict results to those of a certain filetype. E.g., PDF, DOCX, TXT, PPT,
etc. Example: apple filetype:pdf / apple ext:pdf
site: -
Limit results to those from a specific website. Example: site:apple.com
related: -
Find sites related to a given domain. Example: related:apple.com
intitle: -
Find pages with a certain word (or words) in the title. Example: intitle:apple
allintitle:
- Similar to “intitle,” but only results containing all of the specified words
in the title tag will be returned. Example: allintitle:apple iphone
inurl: -
Find pages with a certain word (or words) in the URL. Example: inurl:apple
allinurl: -
Similar to “inurl,” but only results containing all of the specified words in
the URL will be returned. Example: allinurl:apple iphone
intext: -
Find pages containing a certain word (or words) somewhere in the content.
Example: intext:apple
allintext: -
Similar to “intext,” but only results containing all of the specified words
somewhere on the page will be returned. Example: allintext:apple iphone
AROUND(X) -
Proximity search. Find pages containing two words or phrases within X words of
each other. For this example, the words “apple” and “iphone” must be present in
the content and no further than four words apart. Example: apple AROUND(4)
iphone
weather: -
Find the weather for a specific location. This is displayed in a weather
snippet, but it also returns results from other “weather” websites. Example: weather:
san Francisco
stocks: -
See stock information (i.e., price, etc.) for a specific ticker. Example: stocks:aapl
map: - Force
Google to show map results for a locational search. Example: map: Silicon
Valley
movie: -
Find information about a specific movie. Also finds movie show times if the
movie is currently showing near you. Example: movie: Steve jobs
in - Convert
one unit to another. Works with currencies, weights, temperatures, etc.
Example: $329 in GBP
source: -
Find news results from a certain source in Google News. Example: apple
source:the_verge
_ - Acts as
a wildcard for Google Autocomplete. Example: apple CEO _ jobs
3: Automation
During
various types of search, it is useful to automate this process. Here are some
interesting programs/scripts that will help you to run search using Google
Dorks.
I am using
these on Kali Linux, but they will work on most Linux distributions. Especially
on distros for hackers.
4: Katana
Katana-ds
(ds for dork_scanner) is a simple python tool that automates Google
Hacking/Dorking and support Tor. It becomes a more powerful in combination with
GHDB.
This tool
search for websites automatically.
1.
python3
kds.py -h (for help)
2.
Options
:
3.
-g
:for google mode
4.
-s
:for scada mode
5.
-t
:for tor mode
6.
-p
:for proxy mode
Scada mode
gives interesting results and it is awesome function.
GitHub: https://github.com/adnane-X-tebbaa/Katana
5: uDork
uDork is a
script written in Bash Scripting that uses advanced Google search techniques to
obtain sensitive information in files or directories, find IoT devices, detect
versions of web applications, and so on. uDork does NOT make attacks against
any server, it only uses predefined dorks and/or official lists from
exploit-db.com GHDB.
1.
./uDork.sh
<Domain/IP> [option] <string> / all
2.
========================
OPCIONES ========================
3.
-e
<extensión> / <all> : Search files by extension. Use all to find
the list extension.
4.
-s
<text> / <all> : Find text in website content.
5.
-u
<string> / <all> : Locate text strings within the URL.
6.
-t
<string> / <all> : Lists text string in site title.
7.
-g
<dork_name> : Attack a site with a predefined list of dorks. Review list
<-l>.
8.
-l
: Shows the list of predefined dorks (Exploit-DB).
9.
-f
<custom_list> : Use your own personalized list of dorks.
10.
-p
<number> : Number of pages to search in Google. (By default 1 pages).
11.
-o
<name_file> : Export results to a file.
12.
========================
EXAMPLES ========================
13.
./uDork.sh
host.com -e pdf -p 3 (Search for .pdf files on the indicated website)
14.
./uDork.sh
host.com -e all (Search files by all extensions)
15.
./uDork.sh
host.com -t "Twitter David" (Find errors by the indicated chain)
16.
./uDork.sh
host.com -u all (Find the most used chains)
17.
./uDork.sh
host.com -g admin (Lists administration panels)
18.
-h
: Show this help.
This tool
allows you to define specific domain/IP address.
GitHub: https://github.com/m3n0sd0n4ld/uDork
6: XSS-LOADER
All in one
tools for XSS payload generator, XSS Scanner and also XSS Dork Finder.
This tool
creates payload for use in xss injection, select default payload tags from
parameter or write your payload. It makes xss inj. with Xss Scanner parameter
and it finds vulnerable sites url with Xss Dork Finder parameter.
1.
hoek@bughunter:/opt/XSS-LOADER$
python3 payloader.py
2.
╭━╮╭━┳━━━┳━━━╮╱╱╭╮╱╱╭━━━┳━━━┳━━━┳━━━┳━━━╮
3.
╰╮╰╯╭┫╭━╮┃╭━╮┃╱╱┃┃╱╱┃╭━╮┃╭━╮┣╮╭╮┃╭━━┫╭━╮┃
4.
╱╰╮╭╯┃╰━━┫╰━━╮╱╱┃┃╱╱┃┃╱┃┃┃╱┃┃┃┃┃┃╰━━┫╰━╯┃
5.
╱╭╯╰╮╰━━╮┣━━╮┣━━┫┃╱╭┫┃╱┃┃╰━╯┃┃┃┃┃╭━━┫╭╮╭╯
6.
╭╯╭╮╰┫╰━╯┃╰━╯┣━━┫╰━╯┃╰━╯┃╭━╮┣╯╰╯┃╰━━┫┃┃╰╮
7.
╰━╯╰━┻━━━┻━━━╯╱╱╰━━━┻━━━┻╯╱╰┻━━━┻━━━┻╯╰━╯
8.
|||||||||||||||||||||||||||||||||||||||||||||||||||||
9.
|| XSS-LOADER TOOL ||
10.
|| INSTAGRAM==>TMRSWRR ||
11.
|| CODED BY HULYA KARABAG ||
12.
|||||||||||||||||||||||||||||||||||||||||||||||||||||
13.
|| WELCOME TO XSS-LOADER ||
14.
|||||||||||||||||||||||||||||||||||||||||||||||||||||
15.
-----------------------------------
16.
||| XSS-LOADER TOOLS |||
17.
-----------------------------------
1)
BASIC
PAYLOAD
2)
DIV
PAYLOAD
3)
IMG
PAYLOAD
4)
BODY
PAYLOAD
5)
SVG
PAYLOAD
6)
ENTER
YOUR PAYLOAD
7)
XSS
SCANNER
8)
XSS
DORK FINDER
9)
EXIT
18.
SELECT
PAYLOAD TO TAG:8
19.
e.g---->inurl:"search.php?q="
20.
Please
enter your dork:
Enter your
dork and check results.
GitHub: https://github.com/capture0x/XSS-LOADER
7: Epilog
The use of
Google Dorks is completely legal and not prohibited. The question is what you
will do with the results you get. Everything that Google indexes becomes
public, but in the case of private data it is mostly developer or user error.
Perform your searches/scans with the use of a proxy or VPN. Don’t act to harm
others. Use the finds to earn money as a bounty hunter.
If you know
any interesting programs or scripts that you use, I’ll be happy to hear what.
Happy Hacking.
Reviewed by PEHT
on
February 02, 2021
Rating:
No comments:
Please do not enter any spam link in the comment box.