Google Hacking
Definition¶
Google Dorking is an advanced search technique that uses specific operators and keywords in the Google search engine to find information that does not normally appear in regular search results.
The 'Google Dorking' technique is often used in hacking to find sensitive and critical information online. It is an effective way to collect valuable information from an organization or individual that can be used for penetration testing and other security purposes.
It is important to note that the Google Dorking technique is not illegal per se, but it can be used for malicious purposes. Therefore, it is crucial to use this technique responsibly and ethically in the context of computer security and ethical hacking.
site: google.com # filter by site
inurl google.com # filter by domain
intitle:google.com # search by domain
filetype: pdf # filter by file type
intex: google.com # filter by head text
site: *.google.com # filter by subdomains
Tools¶
shodan.io¶
hen you are tasked to run a penetration test against specific targets, as part of the passive reconnaissance phase, a service like shodan.io can be helpful to learn various pieces of the client's network, without actively connecting to it. Furthermore, on the defensive side, you can use different services from shodan.io to learn about connect and exposed devices belonging to your organization.
DNSDumpters¶
DNS lookup tools, such as nslookup and dig, cannot find subdomains on their own. The domain you are inspecting might include a different subdomain that can reveal much information about the target
DNSDumpters will also represent the collect information graphically. DNSDumpters displayed the data from the table earlier as a graph. You can see the DNS and MX branching to their respective servers and also showing the IP addresses.