Search This Blog

Monday, May 19, 2014

Google Dorks-Roles

Using Google Dorks as a part of Information Gathering Activity: -


Information gathering activity is a part of Web Pen. Testing and can be considered as a standalone activity. In brief , during this phase a security tester tries to find out lots of information regarding the target site.

Google Dorks: -

Google helps in searching/fetching certain information from the web with a search text . Google has various crawlers associated with it, they try to get into each and every site and collects information using the search text specified by following robots.txt for defined for every site.

So google also accepts various advanced queried parameters (advance google search).

And google dorks are nothing but such kind of parameters like : “site”

Eg: - site: “www.owasp.org



Observation : You can too use certain dorks like the above to query google and find out juicy information using google.

Google Hack DB: -

Google hack DB has been created by Johny Long and is a source of Search terms for file containing usernames,passowrds and certain secret information.

There is a very interesting python based simple tool i.e “Google Hack DB” is available at “http://www.secpoint.com/google-hack-database.html”.

It reduces the effort in terms of generating certain URL using dorks in a html file.

NOTE: Excessive search using the output file reports google as a spam.

Lets Start: -

Pre-requisites : - Python (windows/linux)

Start downloading the tool.It will give you provide certain files as seen below : -





Running the app. : -

Navigate to the corresponding folder where it has been extracted like in my case its: -

“C:\Users\krushnas\Desktop\Security\google-hack-db-tool-1.5\googleDB tool 1.5”

  1. Open command prompt and type Python to verify it has been installed successfully .
  1. Verify that it has been installed . try to browse to the directory where google hack db present.
  2. Read the instruction and available command options like “-q”, “-o” etc.
  3. Fire the following command : -
         python googleDB-tool.py "login_pages.txt" -q -t -o "OUT.HTML" -s www.owasp.org

    5. Navigate to the current location of the google hack DB and notice
    6. There would be a file called “OUT.html”
    7. Double click and notice
    8. It has been listed various url's containing google dorks like below : -

9.Try visiting each and every link and try to see if it can show any interesting info. Or not.
10. Try to use and explore it more and more.


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)