Mod 4 (Part I)

Google Dorking

Google dorking or Google hacking is a term that alludes to the speciality of creating complex web
searches so as to channel through a lot of list items for the data identified with computer security.
Google dorking is basically an advanced Google search technique that is used for information
gathering by a hacker. Google dorking can be utilized to recognize security vulnerabilities in web
applications, accumulate data about random or specific targets, find error messages that leak
sensitive data, find records that contain user credentials and other critical information.

The search strings created by hackers could also be used to discover web applications that contain
vulnerabilities, or a particular document type, such as .pwd, .sql, etc., so as to additionally confine
the search.

Some website have directory listing enabled (intitle:"index of"). To search for SQL files
(filetype:sql) that have been indexed by Google on such websites, the following Google hacking
search query can be used:

intitle: “index of" filetype:sql

The publicly accessible phpMyAdmin installations can be discovered by using the following
search query:

"phpMyAdmin" "running on" inurl:"main.php"

Advanced Google search operators
Searches can be refined by using advanced Google operators. The following is the syntax of
advanced Google operators:

Operator: search_string_text

There are three parts to the syntax, the operator, the colon (:) and the required keyword that is to
be searched. If a space needs to be added then double quotes (“) can be inserted. This pattern is
recognised by Google search and it confines the search utilising the data given for the search. For
example, utilising the intitle: "index of" filetype: sql query, the 'index of' string will be searched
for by Google in the title of a site and only the search results that contain SQL files will be
shown.

The following table shows some advanced operators that can be utilised to discover webistes that
have vulnerabilities.

Google hacking database scanning

GHDB (Google Hack Database) is an online database that contains hacking queries.

The Google Hacking Database can be used to discover:

• Error messages that leak sensitive information.
• Files containing sensitive directories and user credentials.
• Login portals on websites.
• Web pages that contain important vulnerability or network data such as IDS logs.

To search for vulnerabilities using google, Google dorks can be used. Some Google dorks are
listed below:

• dorks = these are the sub-fields and parameters that a hacker wants to scan:
o maps:
o book:
o info:
o movie:
o weather:
o related:
o link:
o intitle:
o inurl:
o intext:
o define:
o site:
o phonebook:

• inurl = this is the URL of the website that is to be queried
• “inurl: domain/” “any additional dorks
• domain = it is the domain for the website

Other tools for Scanning

i) Gr3NoX exploit scanner
ii) Google Bot
iii) GooDork
iv) Advanced Google search.
v) Revtan Tools
vi) Site Digger Tool