HEY! Amazing hackers, let’s talk about instant bounties, the low-hanging fruits. Google Dorking is very powerful and yet people do not like to generally use it in their workflow. Any experienced hunter will tell you that this is one of the quickest ways to know around a system.
What is Google Dorking?
Google Dorking, is a hacker technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites are using. Google Dorking could also be used for OSINT to find larger vulnerabilities and chain them to get a better bug.
Google dorks used by me:
Some are stolen from various talks while others are modified, but most are custom-made. Let's first discuss tools I use:
Pentest Secrets- Google dorks:
Uses 14 different dorks ranging from publically exposed documents to log files and even directory listing.
CUSTOM DORKS:
inurl:.gov password | credential | username filetype:log
This dork checks for password, credential and username in a log file, used .gov as an example, change it to your target.
inurl:nokia not for distribution | confidential | “employee only” | proprietary | top secret | classified | trade secret | internal | private filetype:pdf
All-time favorite and a worker, i have reported so many using this, again it searches for confidential data within pdfs. QUICK TIP: Try it out with other targets and I'm sure you’ll find something, make sure to check for confidentiality before reporting.
PS: I have taught this to a bunch of noobs and they have reported everything with Nokia but try it with others :)
inurl:.gov not for distribution | confidential | “employee only” | proprietary | top secret | classified | trade secret | internal | private | WS_FTP | ws_ftp | log | LOG filetype:log
Another log hunter but its better than most tools which actually gives bugs:)
Spitting my notes out:
inurl:.gov not for distribution | confidential | “employee only” | proprietary | top secret | classified | trade secret | internal | private filetype:xls
inurl:.gov not for distribution | confidential | “employee only” | proprietary | top secret | classified | trade secret | internal | private filetype:csv
inurl:.gov not for distribution | confidential | “employee only” | proprietary | top secret | classified | trade secret | internal | private filetype:doc
inurl:.gov not for distribution | confidential | “employee only” | proprietary | top secret | classified | trade secret | internal | private filetype:txt
CONCLUSION:
Are these effective? Yes, with a large company you will find something at least a foothold, keep track of the URLs, i have found multiple IDORS on many occasions. Use this and again a disclaimer if you find stuff, report it.
That’ll be all for today, keep trying out on different hosts and you’ll be good to go- Ravaan:)