Вы находитесь на странице: 1из 11
Google Hacking
Google
Hacking
StigeX
StigeX
w w w . t h e v a l i d u s .
w w w . t h e v a l i d u s . c o m
6 / 1 0 / 2 0 1 0
This is a tut for www.thevalidus.com only! In this tut I’ll show you the basic
This is a tut for www.thevalidus.com only!
In this tut I’ll show you the basic of Google hacking!

Google Hacking

So what is Google Hacking?

Google hacking is the use of a search engine, such as Google, to locate a security vulnerability on the Internet.

In this little tut Ill show you the basic of google hacking and some good tools you can use. I would recommend you to read the book Google Hacking for Penetration Testersby Johnny Long. You can download the ebook here:

” by Johnny Long. You can download the ebook here:

Google hacking is pretty much based on GHDB (Google Hacking Database) by Johnny Long, you can find GHDB here: http://www.hackersforcharity.org/ghdb/

(Google Hacking Database) by Johnny Long, you can find GHDB here: http://www.hackersforcharity.org/ghdb/ 1 | P a

Google Hacking

SEAT (Search Engine Assessment Tool)

SEAT is an information digging application geared toward the needs of security professionals. SEAT uses information stored in search engine databases, cache repositories, and other public resources to scan web sites for potential vulnerabilities.

What you need:

- BackTrack 4

- VMware workstation

- GHDB (.xml) Before you start using this app, make sure that you have a
- GHDB (.xml)
Before you start using this app, make sure that you have a network connection, if you don’t go to
terminal and type “sudo start-network”
In BackTrack go to > K Menu > Backtrack > Information Gathering > Searchengine > SEAT
1.
(2) Open GHDB.xml

Google Hacking

3. Hook the queries you would like to use

4. Type in the site/domain you would like to target

to use 4. Type in the site/domain you would like to target 5. Hook the Search
to use 4. Type in the site/domain you would like to target 5. Hook the Search

5. Hook the Search Engines you would like to use (usually all of them)

6. Execute the search

7. View the analysis when the search is finished

like to use (usually all of them) 6. Execute the search 7. View the analysis when

Sitedigger

Google Hacking

Download:

http://www.foundstone.com/us/resources/proddesc/sitedigger.htm

SiteDigger searches Google’s cache to look for vulnerabilities, errors, configuration issues, proprietary information, and interesting security nuggets on web sites.

Sitedigger is a very easy to use program, all you need to do is to select what you would like to search for (usually everything) and then type the site/domain you want to search.

what you would like to search for (usually everything) and then type the site/domain you want
what you would like to search for (usually everything) and then type the site/domain you want

Gooscan

Google Hacking

Gooscan is a tool that automates queries against Google search appliances, but with a twist. These particular queries are designed to find potential vulnerabilities on web pages. Think “cgi scanner” that never communicates directly with the target web server, since all queries are answered by a Google appliance, not by the target itself.

What you need:

- BackTrack 4

- VMware workstation

itself. What you need: - BackTrack 4 - VMware workstation Before you start using this app,

Before you start using this app, make sure that you have a network connection, if you don’t go to terminal and type “sudo start-network”

In BackTrack go to > K Menu > Backtrack > Information Gathering > Searchengine > Gooscan

In BackTrack go to > K Menu > Backtrack > Information Gathering > Searchengine > Gooscan

Matagoofil

Google Hacking

Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,odp,ods) availables in the target/victim websites.

It will generate a html page with the results of the metadata extracted, plus a list of potential usernames very useful for preparing a bruteforce attack on open services like ftp, pop3,web applications, vpn, etc. Also it will extract a list of disclosed PATHs in the metadata, with this information you can guess OS, network names, Shared resources, etc.

This new version extracts MAC address from Microsoft Office documents. Now you can have an idea of what kind of hardware they are using.

can have an idea of what kind of hardware they are using. What you need: -

What you need:

- BackTrack 4

- VMware workstation

Before you start using this app, make sure that you have a network connection, if you don’t go to terminal and type “sudo start-network”

In BackTrack go to > K Menu > Backtrack > Information Gathering > Searchengine > Metagoofil

Information Gathering > Searchengine > Metagoofil The tool should be easy to use. Use the options

The tool should be easy to use. Use the options you need to find/get what you are looking for.

Goolag

Google Hacking

Goolag, from CDC, expands on GHDB, and allows you to search for common risks exposed by Google indexing. Some basic examples would be searching for signs of known vulnerable scripts, searching for public PHP Info files, Apache information, etc.

This tool might pop up as a false positive!

This tool might pop up as a false positive! 1. 2. 3. Type in the host
This tool might pop up as a false positive! 1. 2. 3. Type in the host
1. 2.
1.
2.

3.

Type in the host you want to target

Select the dorks you would like to use

Hit scan and sit back and relax while it does the job

Google Hacking

Wikto and SPUD

Wikto is a Web Server Assessment Tool. It works by trying to find interesting directories and files on the web site, it looks for sample scripts that can be abused or finds known vulnerabilities in the web server implementation itself. It’s written for the MS .NET environment so, you need to install the .NET framework for Wikto.

A while back, Google encouraged developers to make use of their API. Many people built applications around the API, but alas, Google stopped issuing API keys for their API in 2006. This rendered that large parts of functionality for many tools fell away. SensePost Unified Data API (SPUD) will help get those tools working again. SPUD also integrates seamlessly with BiDiBLAH and Wikto.

SPUD also integrates seamlessly with BiDiBLAH and Wikto. Download SPUD:

Download

1. Start SPUD

2. Start Wikto

3. When Wikto has started you should see a “Wikto Scan Wizard”. Click next

1. Start SPUD 2. Start Wikto 3. When Wikto has started you should see a “Wikto

Google Hacking

4. Type in the site you want to target, is it HTTP or HTTPS?, Is the host Internet-facing yes, click next

5. Do you want to use a proxy? If so enter the proxy server’s IP
5. Do you want to use a proxy? If so enter the proxy server’s IP and port. Click “Start SPUD”, to
make sure that it’s running. “Do you want to make use of our scanning AI to reduce false
positives?” – yes. Click next
6. Next
7. Next
8. Now you see that you have a lot of tabs to choose from:
-
Spider; search through the site to find URLs
-
Googler; Search for different types of files on the site
-
GackEnd; Find interesting files and directories on the web server.
-
Wikto; Using the Nikto database to check for flaws in the webserver.
-
GoogleHacks; Uses GHDB to find vulnerabilities on the site.
-
SystemConfig
-
Scan Wizard

Google Hacking

9. Go to the GoogleHack tab, click “Load Google Hack Database” and then “Start”

GoogleHack tab, click “Load Google Hack Database” and then “Start” GHH http://ghh.sourceforge.net/ 10 | P a
GoogleHack tab, click “Load Google Hack Database” and then “Start” GHH http://ghh.sourceforge.net/ 10 | P a

GHH

GoogleHack tab, click “Load Google Hack Database” and then “Start” GHH http://ghh.sourceforge.net/ 10 | P a