Appzlogic

Google Hacking or Google Dorking

Searching the sensitive information hidden in clusters of publically-accessible information using advanced search terms called “dorks”. This technique is referred to as both “Google hacking” or “Google Dorking”. In this article, we will learn about manual Google and Github dorking and then automate the process of dorking using the Dor-king tool.

Dorking in Cyber Security

Dorking is very useful for pen-testers and security researchers when analyzing web application vulnerabilities. It also helps you dig deeper into the security analysis of your existing web security structure: loopholes, strengths, and even possible signs of attack.

List Of Most Basic Dorks Used:

Example:

  1. Allintext : Searches for occurrences of all the keywords provided.

            Syntax: allintext:”keyword”

using allintext for searching keyword

2. intext: The query intext:term limits the results to the documents containing keyword “term” in the text.

Syntax: intext:”keyword”

use intext for searching the keywords

3. Inurl: Searches for a URL matching one of the keywords provided.

Syntax:inurl:”keyword”

inurl for find the keyword

4. Allinurl: Searches for a URL matching all the keywords provided in the query.

Syntax: Allinurl:”keyword”

5. Intitle: It searches for occurrences of keywords in the title all or one.

Syntax:intitle:”keyword”

Searches for a URL matching all the keywords provided in the query

6. Allintitle: It searches for the occurrences of keywords all at a time.

Syntax:allintitle:”keyword”

7. Site: It specifically searches that particular site and lists all the results for that site.

Syntax:site:”www.google.com

searches for the occurrences of keywords all at a time

8. Filetype: It is used for Searching a particular filetype mentioned in the query.

Syntax:filetype:”pdf”

Searching a particular filetype mentioned in the query

9. Link: It Searches for external links to pages.

Syntax link:”keyword” The query link URL shows pages that point to that URL

Searches for external links to pages

10. Numrange: It is used to locate specific numbers in your searches.

Syntax:numrange:10-100

locate specific numbers in your searches

11. Before/after: It is used to search within a particular date range by providing a specific range.

Syntax:filetype:pdf & (before:2022-01-01 after:2021-01-01)

search within a particular date range by providing a specific range

12. Allinanchor (and inanchor): This shows sites that have the key terms in links pointing to them, in order of the most links.

Syntax:inanchor:flower

sites that have the key terms in links pointing to them, in order of the most links

13. allinpostauthor (and also inpostauthor): It is used in blog search, this one picks out blog posts that are written by a specific individual provided in the search query.

Syntax:allinpostauthor:”keyword”

14. Related: It will list the web pages that are “similar” to a specified web page.

Syntax:related:www.google.com

one picks out blog posts that are written by a specific individual provided in the search query

15. Cache: This shows the version of the web page that Google has in its cache.

Syntax:cache:www.google.com

web page that Google has in its cache

Advance Google DORKS

  1. Directory listing vulnerabilities

Syntax : site:abcde.com intitle:index.of

2. Exposed Configuration files

Syntax: site:abcde.com ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini

3. Exposed Database files

            Syntax: site:abcde.com ext:sql | ext:dbf | ext:mdb

4. Find WordPress

 Syntax:  site:abcde.com inurl:wp- | inurl:wp-content | inurl:plugins | inurl:uploads | inurl:themes | inurl:download

5. Exposed log files

Syntax: site:abc.com ext:log

6. Backup and old files

Syntax: site:abcde.com+ext:bkf+|+ext:bkp+|+ext:bak+|+ext:old+|+ext:backup

7. Login pages

Syntax: site:abcde.com inurl:login

8. SQL errors

Syntax:  site:abcde.com intext:”sql syntax near” | intext:”syntax error has occurred” | intext:”incorrect syntax near” | intext:”unexpected end of SQL command” | intext:”Warning: mysql_connect()” | intext:”Warning: mysql_query()” | intext:”Warning: pg_connect()”

9. Publicly exposed documents

Syntax:  site:abcde.com ext:doc | ext:docx | ext:odt | ext:pdf | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv 

10. PHPinfo()

 Syntax: site:abcde.com ext:php intitle:phpinfo “published by the PHP Group”

 11. Finding Backdoors

Syntax:  site:abcde.com inurl:shell | inurl:backdoor | inurl:wso | inurl:cmd | shadow | passwd | boot.ini | inurl:backdoor

 12. Install / Setup files

 Syntax: site:abcde.com inurl:readme | inurl:license | inurl:install | inurl:setup | inurl:config

13. Open Redirects

Syntax: site:abcde.com inurl:redir | inurl:url | inurl:redirect | inurl:return | inurl:src=http | inurl:r=http

14. Apache STRUTS RCE

Syntax: site:abcde.com ext:action | ext:struts | ext:do1

15. Find Pastebin entries

Syntax: site:pastebin.com abcde.com

 16. Employees on LINKEDIN

Syntax: site:linkedin.com employees abcde.com

17. htaccess sensitive files

Syntax: site:abcde.com inurl:”/phpinfo.php” | inurl:”.htaccess” | inurl:”/.git” abcde.com -github.

18. Find Subdomains

Syntax: site:*.abcde.com

19. Find Sub-Subdomains

 Syntax:  site:*.*.abcde.com

20. Find WordPress

Syntax: site:abcde.com inurl:wp-content | inurl:wp-includes

 

You can find a list of popular dorks in the Exploit DB Dorks database. Google Dorking is an effective method to list out sensitive information from publicly accessible data.

Some useful tools for Google Dorking-

  1. Dor-king, Tool Link:https://github.com/mbappzlogic/Dor-king
  2. Dorks Eye,  Tool Link: https://github.com/BullsEye0/dorks-eye
  3. Webdork, Tool Link: https://github.com/HACKE-RC/webdork
  4. Pagodo – Automate Google Hacking Database Scraping And Searching, Tool Link:https://github.com/opsdisk/pagodo

Defending against Google Dorking

  • txt: Use the robots.txt file to avoid indexing of sensitive files, documents or folders.
  • Consider removing your sensitive files from Google’s index.
  • Encrypt your sensitive information (username, passwords, credit cards, emails, addresses, IP addresses, phone numbers, etc).

GitHub Dorking

In the same way that Google dorks can be used to scan websites for sensitive data, Scanning GitHub Repositories for Sensitive Data is known as GitHub Dorking.

Github Dorking is used to access sensitive data from public repositories, and because it’s a part of public sources, it can be included in any OSINT research.

You need a  Github Account and analysis skills to perform Github Dorking. Things you’ll be looking for, such as database user and password, secret access keys, tokens, etc.

Before performing any recon, login into your account first. If you don’t have an account on GitHub you can register yourself using this  https://github.com/ link.

List of a few random sensitive keywords such as:

  • Username
  • Api key
  • password
  • dbpassword
  • dbuser
  • access_key
  • secret_access_key
  • bucket_password
  • redis_password
  • Root_passwor

Let’s see some examples of GitHub Dorking-

  1. Search for specific credentials strings in configuration files such as –

filename:sftp-config.json password 

Here, we obtained the IP address, root password and SSH port credentials.

2. SMTP login credentials

Let’s search for smtp login credentials using search string like –

filename:.env MAIL_HOST=smtp.gmail.com

3. SQL dumps

Let’s search for SQL Dumps using the search query like-

extension:sql mysql dump

4. Git Credentials

Let’s Search for git credentials using –

 filename:.git-credentials

If any organization lacks the proper configuration and sensitive information is publically available or configured to be publicly accessible then it may cause the organization to be vulnerable to cyber-attacks.

List of a few GitHub dorks which can be used to scan GitHub repositories:

  • filename:.npmrc _auth
  • filename:.dockercfg auth
  • extension:pem private
  • extension:ppk private
  • filename:id_rsa or filename:id_dsa
  • extension:sql mysql dump
  • extension:sql mysql dump password
  • filename:credentials aws_access_key_id
  • filename:.s3cfg
  • filename:wp-config.php
  • filename:.htpasswd
  • filename:.env DB_USERNAME NOT homestead
  • filename:.env MAIL_HOST=smtp.gmail.com
  • filename:.git-credentials

Some useful tools to perform GitHub Dorking-

  1. Dor-king, Tool Link:https://github.com/mbappzlogic/Dor-king
  2. Gitrob, Tool Link: https://github.com/michenriksen/gitrob
  3. Repo security scanner, Tool Link: https://github.com/techjacker/repo-security-scanner
  4. TruffleHog, Tool Link: https://github.com/trufflesecurity/trufflehog

Best Practices for GitHub security

  • Managing two-factor authentication for your organization
  • Viewing whether users in your organization have 2FA enabled
  • Managing security settings for your organization
  • Managing security and analysis settings for your organization
  • Reviewing the audit log for your organization
  • Reviewing your organization’s installed integrations
  • When employees no longer work for your company, be sure to revoke all their access.
  • Never allow your company developers to share GitHub credentials with anyone

Automating Google and Github Dorking using Dor-king Tool

This tool automates the process of searching for vulnerabilities using Google and GitHub dorks. It’s designed to make it easier for security researchers to find potential vulnerabilities in web applications.

This tool is used for finding sensitive information by automating the dorking process.  This information may contain usernames and passwords, SQL queries, api keys, tokens, log files, configuration files, and many more. Dor-king also supports saving the results onto an HTML as well as JSON formatted file. This tool is an open source freely available tool on the GitHub platform.

Installation of Dor-king Tool on Kali Linux OS

Step 1: Use the following command to install the tool.

Command: git clone https://github.com/mbappzlogic/Dor-king.git

Step 2: Navigate to the directory of the tool using the following command.

Command: cd Dor-king   

 

Make the file executable by using the following command.

Command: chmod +x dorking.sh

After successfully installing the tool, let’s see how to use it.

Working With Dor-king Tool

Google Dorks

Usage: Finding information using Google Dorks. Run the tool and select the Google Dorks option.

Find the information using GoogleDorks

It will open the links of the target site with the dork query in the Firefox browser.

Github Dorks

Usage: Finding information using Github Dorks. Run the tool and select the GitHub Dorks option.

Find information using Github Dorks

The script will automate the process of using the specified dork query and opens the link of the target site with a dork query in the Firefox browser.

References:

  1. Exploit Database: https://www.exploit-db.com/
  2. https://github.com/mbappzlogic/Dor-king

 

Talk To Our Security Expert

When you reach out to us, you are reaching out to our security team member who will understand your business and suggest the best service plan.

Get in Touch

Give us a call or drop by anytime; we endeavour to answer all inquiries within 24 hours, and for the career, please click here.