SlideShare uma empresa Scribd logo

Google Dorks

Transferir como PPTX, PDF
Adhoura Academy
Adhoura Academy

Presentation on Google Dorks

Software
1 de 26
August 21,2014 Kaushal Kishore [ kaushal@osscube.com ] Lead Engineer OSSCube Google Dorks (Google Hacking)
Quick Survey
2 Quick Survey • How many people have heard of Google Dorks before this Meet up ? • How many people have tried Google Dorks? • How many people are using Google Dorks for hacking purpose ?
Google Dorks • “Using public sources openly and without resorting to illegal means, it is possible to gather at least 80 percent of all information required about the enemy” - Al Qaeda training manual
What is Google Dorks and Google Hacking ?
What is Google Hacking • It's not hacking into Google servers! • Google hacking is using different Google operators to effectively optimize search results. • It also involves using Google to identify vulnerabilities in websites. • Results are highly customizable. All Web site content is exposed to Google • Sensitive content might be available for months before the compromise is discovered • Even after sensitive pages are removed, they will be stored in Google Cache
Google Hacking • Google hacking is a term that refers to the art of creating complex search engine queries in order to filter through large amounts of search results for information related to computer security.
How it Works ? • Google Search indexes everything that is made public including “virtual notebooks” and the information stored within that notebook in their search results. • Google is one of the most powerful databases in the world
Information disclosure with Google • Private information • Remote Admin Interface • Configuration management • Error messages • Backup files • Public vulnerabilities • Technology Profile
How Google Works ?
How Google Works
Google Operators “Operators are used to refine the results and to maximize the search value. They are your tools as well as hackers’ weapons”
Google Operators • Basic Operators  +, -, ~ , ., *, “”, |, OR • Advanced Operators  allintext:, allintitle:, allinurl:, bphonebook:, cache:, define:, filetype:, info:, intext:, intitle:, inurl:, link:, phonebook:, related:, rphonebook:, site:, numrange:, daterange
Basic Operators • (+) force inclusion of something common – Google ignores common words (where, how, digit, single letters) by default: – Example: StarStarWars Episode +I • (-) exclude a search term – Example: apple –red • (“) use quotes around a search term to search exact phrases: – Example: “Robert Masse” – Robert masse without “” has the 309,000 results, but “robert masse” only has 927 results. Reduce the 99% irrelevant results • (~) search synonym: – Example: ~food – Return the results about food as well as recipe, nutrition and cooking information • ( . ) a single-character wildcard: – Example: m.trix – Return the results of M@trix, matrix, metrix……. • ( * ) any word wildcard
Advance Operators “Site” • Advance Operator : “Site” – Find Web pages only on the specified domain. If we search a specific site, usually we get the Web structure of the domain – Examples: • site:com • site:osscube.ca • site:www.osscube.ca
Advance Operators “Filetype” • Advanced Operators: “Filetype:” – Filetype: extension_type – Find documents with specified extensions – Example • filetype:pdf • filetype:xls • Site:osscube.com filetype:pdf • Site:osscube.com filetype:txt • Budget filetype: xls
Advance Operators “Intitle” • Advanced Operators “Intitle:” – Intitle: search_term – Find search term within the title of a Webpage – Allintitle: search_term1 search_term2 search_term3 – Find multiple search terms in the Web pages with the title that includes all these words – These operators are specifically useful to find the directory lists – Example: • Find directory list: • Intitle: Index.of “parent directory”
Advance Operators “Inurl” • Advanced Operators “Inurl:” – Inurl: search_term – Find search term in a Web address – Allinurl: search_term1 search_term2 search_term3 – Find multiple search terms in a Web address – Examples: • Inurl: cgi-bin • Allinurl: cgi-bin password
Advance Operators “Intext” • Advanced Operators “Intext;” – Intext: search_term – Find search term in the text body of a document. – Allintext: search_term1 search_term2 search_term3 – Find multiple search terms in the text body of a document. – Examples: • Intext: Administrator login • Allintext: Administrator login
Advance Operators “Cache” • Advanced Operators: “Cache:” – Cache: URL – Find the old version of Website in Google cache – Sometimes, even the site has already been updated, the old information might be found in cache – Examples: • Cache: www.osscube.com
Advance Operators “<number1>..<number2>” • Advanced Operators – <number1>..<number2> – Conduct a number range search by specifying two numbers, separated by two periods, with no spaces. Be sure to specify a unit of measure or some other indicator of what the number range represents – Examples: • Computer $500..1000 • DVD player $250..350
Advance Operators “Link” • Advanced Operators “Link:” – Link: URL • Find the Web pages having a link to the specified URL – Related: URL • Find the Web pages that are “similar” to the specified Web page – info: URL • Present some information that Google has about that Web page – Define: search_term • Provide a definition of the words gathered from various online sources – Examples: • Link: osscube.com • Related: osscube.com • Info: osscube.com • Define: Network security
References • http://www.googleguide.com/advanced_oper ators_reference.html • http://www.google.com/advanced_search • http://www.google.com/help/operators.html • http://www.exploit-db.com/google-dorks/ • http://www.hackersforcharity.org/ghdb/
Google “Friend or Enemy” • Google is everyone’s best friend (yours or hackers) • Information gathering and vulnerability identification are the tasks in the first phase of a typical hacking scenario • Passitive, stealth and huge data collection • Google can do more than search • Have you used Google to audit your organization today?
Questions ?
Thank you! Email : kaushal@osscube.com

Recomendados

Google Dorks
Google DorksGoogle Dorks
Google DorksAndrea D'Ubaldo
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
Google Dorks and SQL Injection
Google Dorks and SQL InjectionGoogle Dorks and SQL Injection
Google Dorks and SQL InjectionMudassir Hassan Khan
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessLeon Teale
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019Priyanka Aash
 
Darknet
DarknetDarknet
DarknetShubham Dwivedi
 
Google Dorking Tutorial | What Is Google Dorks And How To Use It? | Ethical H...
Google Dorking Tutorial | What Is Google Dorks And How To Use It? | Ethical H...Google Dorking Tutorial | What Is Google Dorks And How To Use It? | Ethical H...
Google Dorking Tutorial | What Is Google Dorks And How To Use It? | Ethical H...Simplilearn
 
What is Open Source Intelligence (OSINT)
What is Open Source Intelligence (OSINT)What is Open Source Intelligence (OSINT)
What is Open Source Intelligence (OSINT)Molfar
 

Recomendados

Google Dorks
Google DorksGoogle Dorks
Google DorksAndrea D'Ubaldo
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
Google Dorks and SQL Injection
Google Dorks and SQL InjectionGoogle Dorks and SQL Injection
Google Dorks and SQL InjectionMudassir Hassan Khan
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessLeon Teale
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019Priyanka Aash
 
Darknet
DarknetDarknet
DarknetShubham Dwivedi
 
Google Dorking Tutorial | What Is Google Dorks And How To Use It? | Ethical H...
Google Dorking Tutorial | What Is Google Dorks And How To Use It? | Ethical H...Google Dorking Tutorial | What Is Google Dorks And How To Use It? | Ethical H...
Google Dorking Tutorial | What Is Google Dorks And How To Use It? | Ethical H...Simplilearn
 
What is Open Source Intelligence (OSINT)
What is Open Source Intelligence (OSINT)What is Open Source Intelligence (OSINT)
What is Open Source Intelligence (OSINT)Molfar
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanningamiable_indian
 
Osint {open source intelligence }
Osint {open source intelligence }Osint {open source intelligence }
Osint {open source intelligence }AkshayJha40
 
Information Gathering With Google
Information Gathering With GoogleInformation Gathering With Google
Information Gathering With GoogleZero Science Lab
 
The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0Michael Gough
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Sudhanshu Chauhan
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptx
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptxCapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptx
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptxCapitolTechU
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaNSConclave
 
Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printingleminhvuong
 
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...DirkjanMollema
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Dangerous google dorks
Dangerous google dorksDangerous google dorks
Dangerous google dorksWitgie Solutions
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissancen|u - The Open Security Community
 
Osint
OsintOsint
OsintKamal Rathaur
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark WebCase IQ
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINTChristian Martorella
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation Nikolaos Georgitsopoulos
 
aclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHoundaclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHoundDirkjanMollema
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
Composición básica de dorks
Composición básica de dorksComposición básica de dorks
Composición básica de dorksTensor
 
Documents About [Credit Card]
Documents About [Credit Card]Documents About [Credit Card]
Documents About [Credit Card]abaraham mores
 

Mais conteúdo relacionado

Mais procurados

Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanningamiable_indian
 
Osint {open source intelligence }
Osint {open source intelligence }Osint {open source intelligence }
Osint {open source intelligence }AkshayJha40
 
Information Gathering With Google
Information Gathering With GoogleInformation Gathering With Google
Information Gathering With GoogleZero Science Lab
 
The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0Michael Gough
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Sudhanshu Chauhan
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptx
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptxCapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptx
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptxCapitolTechU
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaNSConclave
 
Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printingleminhvuong
 
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...DirkjanMollema
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark WebCase IQ
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
aclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHoundaclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHoundDirkjanMollema
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 

Mais procurados (20)

Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanning
 
Osint {open source intelligence }
Osint {open source intelligence }Osint {open source intelligence }
Osint {open source intelligence }
 
Information Gathering With Google
Information Gathering With GoogleInformation Gathering With Google
Information Gathering With Google
 
The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
 
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptx
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptxCapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptx
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptx
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan Braganza
 
Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printing
 
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Dangerous google dorks
Dangerous google dorksDangerous google dorks
Dangerous google dorks
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissance
 
Osint
OsintOsint
Osint
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark Web
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINT
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
 
aclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHoundaclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHound
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
 

Destaque

Composición básica de dorks
Composición básica de dorksComposición básica de dorks
Composición básica de dorksTensor
 
Documents About [Credit Card]
Documents About [Credit Card]Documents About [Credit Card]
Documents About [Credit Card]abaraham mores
 
Assistive technology
Assistive technologyAssistive technology
Assistive technologyk4yl4hamilton
 
Getting Started With SlideShare
Getting Started With SlideShareGetting Started With SlideShare
Getting Started With SlideShareSlideShare
 
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...Rob Ragan
 
Putting Content in Context: Getting Information into SharePoint for Content M...
Putting Content in Context: Getting Information into SharePoint for Content M...Putting Content in Context: Getting Information into SharePoint for Content M...
Putting Content in Context: Getting Information into SharePoint for Content M...Kofax
 
Developing Your Ultimate Package
Developing Your Ultimate PackageDeveloping Your Ultimate Package
Developing Your Ultimate PackageSimon Collison
 
いちばん簡単なconcrete5テーマ
いちばん簡単なconcrete5テーマいちばん簡単なconcrete5テーマ
いちばん簡単なconcrete5テーマHideki MACHIDA
 
Technote Index Map Help
Technote Index Map HelpTechnote Index Map Help
Technote Index Map Helpguest0e7fb2
 

Destaque (19)

Composición básica de dorks
Composición básica de dorksComposición básica de dorks
Composición básica de dorks
 
Documents About [Credit Card]
Documents About [Credit Card]Documents About [Credit Card]
Documents About [Credit Card]
 
Php
PhpPhp
Php
 
Assistive technology
Assistive technologyAssistive technology
Assistive technology
 
Havij dork
Havij dorkHavij dork
Havij dork
 
Google dorks
Google dorksGoogle dorks
Google dorks
 
Getting Started With SlideShare
Getting Started With SlideShareGetting Started With SlideShare
Getting Started With SlideShare
 
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
 
Docker Presentation
Docker PresentationDocker Presentation
Docker Presentation
 
Putting Content in Context: Getting Information into SharePoint for Content M...
Putting Content in Context: Getting Information into SharePoint for Content M...Putting Content in Context: Getting Information into SharePoint for Content M...
Putting Content in Context: Getting Information into SharePoint for Content M...
 
Dr.Repi
Dr.Repi Dr.Repi
Dr.Repi
 
Google as a Hacking Tool
Google as a Hacking ToolGoogle as a Hacking Tool
Google as a Hacking Tool
 
Google hacking 2015
Google hacking 2015Google hacking 2015
Google hacking 2015
 
Introduction Php
Introduction PhpIntroduction Php
Introduction Php
 
Developing Your Ultimate Package
Developing Your Ultimate PackageDeveloping Your Ultimate Package
Developing Your Ultimate Package
 
C lipagem tarumã maio 2010
C lipagem tarumã maio 2010C lipagem tarumã maio 2010
C lipagem tarumã maio 2010
 
いちばん簡単なconcrete5テーマ
いちばん簡単なconcrete5テーマいちばん簡単なconcrete5テーマ
いちばん簡単なconcrete5テーマ
 
Xdebug confoo11
Xdebug confoo11Xdebug confoo11
Xdebug confoo11
 
Technote Index Map Help
Technote Index Map HelpTechnote Index Map Help
Technote Index Map Help
 

Semelhante a Google Dorks

Share point 2013 enterprise search (public)
Share point 2013 enterprise search (public)Share point 2013 enterprise search (public)
Share point 2013 enterprise search (public)Petter Skodvin-Hvammen
 
Exploring Google Dorks for Ethical Hacking.pptx
Exploring Google Dorks for Ethical Hacking.pptxExploring Google Dorks for Ethical Hacking.pptx
Exploring Google Dorks for Ethical Hacking.pptxPravash Chandra Das
 
Searching the internet - what patent searchers should know
Searching the internet - what patent searchers should knowSearching the internet - what patent searchers should know
Searching the internet - what patent searchers should knowEric Sieverts
 
Scaling Recommendations, Semantic Search, & Data Analytics with solr
Scaling Recommendations, Semantic Search, & Data Analytics with solrScaling Recommendations, Semantic Search, & Data Analytics with solr
Scaling Recommendations, Semantic Search, & Data Analytics with solrTrey Grainger
 
Web search engines and search technology
Web search engines and search technologyWeb search engines and search technology
Web search engines and search technologyStefanos Anastasiadis
 
Kiran karnad rtc2014 ghdb-final
Kiran karnad rtc2014 ghdb-finalKiran karnad rtc2014 ghdb-final
Kiran karnad rtc2014 ghdb-finalRomania Testing
 
Scalability andefficiencypres
Scalability andefficiencypresScalability andefficiencypres
Scalability andefficiencypresNekoGato
 
Séminaire Big Data Alter Way - Elasticsearch - octobre 2014
Séminaire Big Data Alter Way - Elasticsearch - octobre 2014Séminaire Big Data Alter Way - Elasticsearch - octobre 2014
Séminaire Big Data Alter Way - Elasticsearch - octobre 2014ALTER WAY
 
Searching the internet - what patent searchers should know
Searching the internet - what patent searchers should knowSearching the internet - what patent searchers should know
Searching the internet - what patent searchers should knowEric Sieverts
 
searchengineppt-171025105119 (1).docx
searchengineppt-171025105119 (1).docxsearchengineppt-171025105119 (1).docx
searchengineppt-171025105119 (1).docxNiteshRaj48
 
Lessons learned while building Omroep.nl
Lessons learned while building Omroep.nlLessons learned while building Omroep.nl
Lessons learned while building Omroep.nltieleman
 
Lessons learned while building Omroep.nl
Lessons learned while building Omroep.nlLessons learned while building Omroep.nl
Lessons learned while building Omroep.nlbartzon
 

Semelhante a Google Dorks (20)

3 google hacking
3 google hacking3 google hacking
3 google hacking
 
Share point 2013 enterprise search (public)
Share point 2013 enterprise search (public)Share point 2013 enterprise search (public)
Share point 2013 enterprise search (public)
 
Exploring Google Dorks for Ethical Hacking.pptx
Exploring Google Dorks for Ethical Hacking.pptxExploring Google Dorks for Ethical Hacking.pptx
Exploring Google Dorks for Ethical Hacking.pptx
 
Searching the internet - what patent searchers should know
Searching the internet - what patent searchers should knowSearching the internet - what patent searchers should know
Searching the internet - what patent searchers should know
 
Scaling Recommendations, Semantic Search, & Data Analytics with solr
Scaling Recommendations, Semantic Search, & Data Analytics with solrScaling Recommendations, Semantic Search, & Data Analytics with solr
Scaling Recommendations, Semantic Search, & Data Analytics with solr
 
ki
kiki
ki
 
Google Hacking Basic
Google Hacking BasicGoogle Hacking Basic
Google Hacking Basic
 
Web search engines and search technology
Web search engines and search technologyWeb search engines and search technology
Web search engines and search technology
 
Kiran karnad rtc2014 ghdb-final
Kiran karnad rtc2014 ghdb-finalKiran karnad rtc2014 ghdb-final
Kiran karnad rtc2014 ghdb-final
 
Elasticsearch speed is key
Elasticsearch speed is keyElasticsearch speed is key
Elasticsearch speed is key
 
DC presentation 1
DC presentation 1DC presentation 1
DC presentation 1
 
Google Hacking 101
Google Hacking 101Google Hacking 101
Google Hacking 101
 
Search engine ppt
Search engine pptSearch engine ppt
Search engine ppt
 
Scalability andefficiencypres
Scalability andefficiencypresScalability andefficiencypres
Scalability andefficiencypres
 
Séminaire Big Data Alter Way - Elasticsearch - octobre 2014
Séminaire Big Data Alter Way - Elasticsearch - octobre 2014Séminaire Big Data Alter Way - Elasticsearch - octobre 2014
Séminaire Big Data Alter Way - Elasticsearch - octobre 2014
 
Searching the internet - what patent searchers should know
Searching the internet - what patent searchers should knowSearching the internet - what patent searchers should know
Searching the internet - what patent searchers should know
 
searchengineppt-171025105119 (1).docx
searchengineppt-171025105119 (1).docxsearchengineppt-171025105119 (1).docx
searchengineppt-171025105119 (1).docx
 
Splunk bsides
Splunk bsidesSplunk bsides
Splunk bsides
 
Lessons learned while building Omroep.nl
Lessons learned while building Omroep.nlLessons learned while building Omroep.nl
Lessons learned while building Omroep.nl
 
Lessons learned while building Omroep.nl
Lessons learned while building Omroep.nlLessons learned while building Omroep.nl
Lessons learned while building Omroep.nl
 

Mais de Adhoura Academy

Drupal Content Management System
Drupal Content Management SystemDrupal Content Management System
Drupal Content Management SystemAdhoura Academy
 
Content management system
Content management systemContent management system
Content management systemAdhoura Academy
 
Java script final presentation
Java script final presentationJava script final presentation
Java script final presentationAdhoura Academy
 
Open Source Presentation
Open Source PresentationOpen Source Presentation
Open Source PresentationAdhoura Academy
 

Mais de Adhoura Academy (6)

SQL Injection
SQL Injection SQL Injection
SQL Injection
 
Drupal Content Management System
Drupal Content Management SystemDrupal Content Management System
Drupal Content Management System
 
Content management system
Content management systemContent management system
Content management system
 
Java script final presentation
Java script final presentationJava script final presentation
Java script final presentation
 
Android Presentation
Android PresentationAndroid Presentation
Android Presentation
 
Open Source Presentation
Open Source PresentationOpen Source Presentation
Open Source Presentation
 

Último

CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceanilsa9823
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 

Último (20)

CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 

Google Dorks

  • 1. August 21,2014 Kaushal Kishore [ kaushal@osscube.com ] Lead Engineer OSSCube Google Dorks (Google Hacking)
  • 3. 2 Quick Survey • How many people have heard of Google Dorks before this Meet up ? • How many people have tried Google Dorks? • How many people are using Google Dorks for hacking purpose ?
  • 4. Google Dorks • “Using public sources openly and without resorting to illegal means, it is possible to gather at least 80 percent of all information required about the enemy” - Al Qaeda training manual
  • 5. What is Google Dorks and Google Hacking ?
  • 6. What is Google Hacking • It's not hacking into Google servers! • Google hacking is using different Google operators to effectively optimize search results. • It also involves using Google to identify vulnerabilities in websites. • Results are highly customizable. All Web site content is exposed to Google • Sensitive content might be available for months before the compromise is discovered • Even after sensitive pages are removed, they will be stored in Google Cache
  • 7. Google Hacking • Google hacking is a term that refers to the art of creating complex search engine queries in order to filter through large amounts of search results for information related to computer security.
  • 8. How it Works ? • Google Search indexes everything that is made public including “virtual notebooks” and the information stored within that notebook in their search results. • Google is one of the most powerful databases in the world
  • 9. Information disclosure with Google • Private information • Remote Admin Interface • Configuration management • Error messages • Backup files • Public vulnerabilities • Technology Profile
  • 12. Google Operators “Operators are used to refine the results and to maximize the search value. They are your tools as well as hackers’ weapons”
  • 13. Google Operators • Basic Operators  +, -, ~ , ., *, “”, |, OR • Advanced Operators  allintext:, allintitle:, allinurl:, bphonebook:, cache:, define:, filetype:, info:, intext:, intitle:, inurl:, link:, phonebook:, related:, rphonebook:, site:, numrange:, daterange
  • 14. Basic Operators • (+) force inclusion of something common – Google ignores common words (where, how, digit, single letters) by default: – Example: StarStarWars Episode +I • (-) exclude a search term – Example: apple –red • (“) use quotes around a search term to search exact phrases: – Example: “Robert Masse” – Robert masse without “” has the 309,000 results, but “robert masse” only has 927 results. Reduce the 99% irrelevant results • (~) search synonym: – Example: ~food – Return the results about food as well as recipe, nutrition and cooking information • ( . ) a single-character wildcard: – Example: m.trix – Return the results of M@trix, matrix, metrix……. • ( * ) any word wildcard
  • 15. Advance Operators “Site” • Advance Operator : “Site” – Find Web pages only on the specified domain. If we search a specific site, usually we get the Web structure of the domain – Examples: • site:com • site:osscube.ca • site:www.osscube.ca
  • 16. Advance Operators “Filetype” • Advanced Operators: “Filetype:” – Filetype: extension_type – Find documents with specified extensions – Example • filetype:pdf • filetype:xls • Site:osscube.com filetype:pdf • Site:osscube.com filetype:txt • Budget filetype: xls
  • 17. Advance Operators “Intitle” • Advanced Operators “Intitle:” – Intitle: search_term – Find search term within the title of a Webpage – Allintitle: search_term1 search_term2 search_term3 – Find multiple search terms in the Web pages with the title that includes all these words – These operators are specifically useful to find the directory lists – Example: • Find directory list: • Intitle: Index.of “parent directory”
  • 18. Advance Operators “Inurl” • Advanced Operators “Inurl:” – Inurl: search_term – Find search term in a Web address – Allinurl: search_term1 search_term2 search_term3 – Find multiple search terms in a Web address – Examples: • Inurl: cgi-bin • Allinurl: cgi-bin password
  • 19. Advance Operators “Intext” • Advanced Operators “Intext;” – Intext: search_term – Find search term in the text body of a document. – Allintext: search_term1 search_term2 search_term3 – Find multiple search terms in the text body of a document. – Examples: • Intext: Administrator login • Allintext: Administrator login
  • 20. Advance Operators “Cache” • Advanced Operators: “Cache:” – Cache: URL – Find the old version of Website in Google cache – Sometimes, even the site has already been updated, the old information might be found in cache – Examples: • Cache: www.osscube.com
  • 21. Advance Operators “<number1>..<number2>” • Advanced Operators – <number1>..<number2> – Conduct a number range search by specifying two numbers, separated by two periods, with no spaces. Be sure to specify a unit of measure or some other indicator of what the number range represents – Examples: • Computer $500..1000 • DVD player $250..350
  • 22. Advance Operators “Link” • Advanced Operators “Link:” – Link: URL • Find the Web pages having a link to the specified URL – Related: URL • Find the Web pages that are “similar” to the specified Web page – info: URL • Present some information that Google has about that Web page – Define: search_term • Provide a definition of the words gathered from various online sources – Examples: • Link: osscube.com • Related: osscube.com • Info: osscube.com • Define: Network security
  • 23. References • http://www.googleguide.com/advanced_oper ators_reference.html • http://www.google.com/advanced_search • http://www.google.com/help/operators.html • http://www.exploit-db.com/google-dorks/ • http://www.hackersforcharity.org/ghdb/
  • 24. Google “Friend or Enemy” • Google is everyone’s best friend (yours or hackers) • Information gathering and vulnerability identification are the tasks in the first phase of a typical hacking scenario • Passitive, stealth and huge data collection • Google can do more than search • Have you used Google to audit your organization today?
  • 26. Thank you! Email : kaushal@osscube.com