Search Engine Hacking

3 years ago 207
BOOK THIS SPACE FOR AD
ARTICLE AD

Thexssrat

As an ethical hackers, we can find that search engines will often do quite a lot of the work for us. They have perfected the art of crawling websites and thus can find things that we humans have a hard time finding.

Lucky for us, we can manipulate these search engines to display the exact results we are looking for, but of course we need to know what we are looking for ourselves before we can tell a robot how to help us.

Photo by Fitore Fazliu on UnsplashBaidu, China’s most popular search engine.Bing, a search engine owned and operated by Microsoft, and the second most popular worldwide. Supports advanced search keywords.binsearch.info, a search engine for binary Usenet newsgroups.Common Crawl, “an open repository of web crawl data that can be accessed and analyzed by anyone.”DuckDuckGo, a privacy-focused search engine that compiles results from many different sources. Supports search syntax.Google, which offers the world’s most popular search engine, and uses a ranking system to attempt to return the most relevant results. Supports search operators.Internet Archive Wayback Machine, “building a digital library of Internet sites and other cultural artifacts in digital form.”Startpage, a search engine that uses Google’s results without collecting personal information through trackers and logs. Supports search operators.Shodan, a service for searching Internet-connected devices and services. Usage options include a limited free plan as well as paid subscription plans.site: will limit the search to the provided domain.inurl: will only return results that include the keyword in the URL.intitle: will only return results that have the keyword in the page title.intext: or inbody: will only search for the keyword in the body of pages.filetype: will match only a specific filetype, i.e. png, or php.cache: Search the cacheOR,AND, -, *, IN( ) Group termsRelated: Find sites related to a given domain.FootholdsFiles containing usernamesSensitive DirectoriesWeb Server DetectionVulnerable FilesVulnerable ServersError MessagesFiles containing juicy infoFiles containing passwordsSensitive Online Shopping InfoNew subdomainsGoogle hacking database (https://www.exploit-db.com/google-hacking-database)SANS Cheat sheet: https://www.sans.org/security-resources/GoogleCheatSheet.pdfgbhackers: https://gbhackers.com/latest-google-dorks-list/pentest-tools.com: https://pentest-tools.com/information-gathering/google-hacking#https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/01-Information_Gathering/01-Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_LeakageSite: google.comSite: google.com -wwwSite: google.com -www -blogSite: google.com -www -blog -mail -maps….Go to GHDBFind dork that fits your targetsSite: google.com filetype:pdfSite: google.com filetype:csvSite: google.com filetype:…Site: google.com filetype:BAKGoogle Dork Query: intitle:”index of” “backup.bak”

site:google.com inurl:login | inurl:signin | intitle:Login | intitle:”sign in” | inurl:auth

site:google.com intitle:index.of

site:google.com ext:sql | ext:dbf | ext:mdb

site:google.com intext:”sql syntax near” | intext:”syntax error has occurred” | intext:”incorrect syntax near” | intext:”unexpected end of SQL command” | intext:”Warning: mysql_connect()” | intext:”Warning: mysql_query()” | intext:”Warning: pg_connect()”

site:google.com “PHP Parse error” | “PHP Warning” | “PHP Error”

site:google.com inurl:signup | inurl:register | intitle:Signup

Site:www.google.com -inurl:index.phpSite:www.google.com -inurl:index.php -inurl:login.php

https://github.com/tomnomnom/waybackurls

PDFDOCX, DOCXLSX, XLSPPT, PPTXBAKSQL,DBF,MDBCONFYAMLXMLLOG
Read Entire Article