Google Hacking StigeX This is a tut for www.thevalidus.com only! In this tut I’ll show you the basic of Google hacking!
www.thevalidus.com
6/10/2010
Google Hacking
So what is Google Hacking? Google hacking is the use of a search engine, such as Google, to locate a security vulnerability on the Internet.
In this little tut I ’ll show you the basic of google hacking and some good tools you can use. I would recommend you to read the book “Google Hacking for Penetration Testers ” by Johnny Long. You can download the ebook here: http://www.ziddu.com/download/6368031/Google_Hacking.rar.html
Google hacking is pretty much based on GHDB (Google Hacking Database) by Johnny Long, you can find GHDB here: http://www.hackersforcharity.org/ghdb/
1|Page
Google Hacking
SEAT (Search Engine Assessment Tool) SEAT is an information digging application geared toward the needs of security professionals. SEAT uses information stored in search engine databases, cache repositories, and other public resources to scan web sites for potential vulnerabilities. What you need: -
BackTrack 4
-
VMware workstation
-
GHDB (.xml)
Before you start using this app, make sure that you have a network connectio n, if you don’t go to terminal and type “sudo start-network” In BackTrack go to > K Menu > Backtrack > Information Gathering > Searchengine > SEAT 1. (2) Open GHDB.xml
2|Page
Google Hacking
3. Hook the queries you would like to use 4. Type in the site/domain you would like to target
5. Hook the Search Engines you would like to use (usually all of them) 6. Execute the search 7. View the analysis when the search is finished
3|Page
Google Hacking
Sitedigger Download: http://www.foundstone.com/us/resources/proddesc/sitedigger.htm
SiteDigger searches Google’s cache to look for vulnerabilities, errors, configuration issues, proprietary information, and interesting security nuggets on web sites. Sitedigger is a very easy to use program, all you need to do is to select what you would li ke to search for (usually everything) and then type the site/domain you want to search.
4|Page
Google Hacking
Gooscan Gooscan is a tool that automates queries against Google search appliances, but with a twist. These particular queries are designed to find potential vulnerabilities on web pages. Think “ cgi scanner”
that never communicates directly with the target web server, since all queries are answered by a Google appliance, not by the target itself. What you need: -
BackTrack 4
-
VMware workstation
Before you start using this app, make sure that you have a network connectio n, if you don’t go to terminal and type “sudo start-network” In BackTrack go to > K Menu > Backtrack > Information Gathering > Searchengine > Gooscan
5|Page
Google Hacking
Matagoofil Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,odp,ods) availables in the target/victim websites. It will generate a html page with the results of the metadata extracted, plus a list of potential usernames very useful for preparing a bruteforce attack on open services like ftp, pop3,web applications, vpn, etc. Also it will extract a list of disclosed PATHs in the metadata, with this information you can guess OS, network names, Shared resources, etc. This new version extracts MAC address from Mic rosoft Office documents. Now you can have an idea of what kind of hardware they are using.
What you need: -
BackTrack 4
-
VMware workstation
Before you start using this app, make sure that you have a network connectio n, if you don’t go to terminal and type “sudo start-network” In BackTrack go to > K Menu > Backtrack > Information Gathering > Searchengine > Metagoofil
The tool should be easy to use. Use the options you need to find/get what you are looking for.
6|Page
Google Hacking
Goolag Goolag, from CDC, expands on GHDB, and allows you to search for common risks exposed by Google indexing. Some basic examples would be searching for signs of known vulnerable scripts, searching for public PHP Info files, Apache information, etc. Download: http://www.plunder.com/Goolag-Scanner-download-a4df5720ba.htm This tool might pop up as a false positive!
1. Type in the host you want to target 2. Select the dorks you would like to use 3. Hit scan and sit back and relax while it does the job..
7|Page
Google Hacking
Wikto and SPUD Wikto is a Web Server Assessment Tool. It works by trying to find interesting directories and files on the web site, it looks for sample scripts that can be abused or finds known vulnerabilities in the web server implementation itself. It’s written for the MS .NET environment so, you need to install the
.NET framework for Wikto. A while back, Google encouraged developers to make use of their API. Many people built applications around the API, but alas, Google stopped issuing API keys for their API in 2006. This rendered that large parts of functionality for many tools fell away. SensePost Unified Data API (SPUD) will help get those tools working again. SPUD also integrates seamlessly with BiDiBLAH and Wikto.
Download SPUD: http://www.sensepost.com/labs/tools/pentest/spud Wikto: http://www.sensepost.com/labs/tools/pentest/wikto
1. Start SPUD 2. Start Wikto 3. When Wikto has started you should see a “Wikto Scan Wizard”. Click next
8|Page
Google Hacking 4. Type in the site you want to target, is it HTTP or HTTPS?, Is the host Internet-facing – yes, click next
5. Do you want to use a proxy? If so enter the proxy server’s IP and port. Click “Start SPUD”, to make sure that it’s running. “Do you want to make use of our scanning AI to reduce false positives?” – yes. Click next
6. Next 7. Next 8. Now you see that you have a lot of tabs to choose from: - Spider; search through the site to find URLs - Googler; Search for different types of files on the site - GackEnd; Find interesting files and directories on the web server. - Wikto; Using the Nikto database to check for flaws in the webserver. - GoogleHacks; Uses GHDB to find vulnerabilities on the site. - SystemConfig - Scan Wizard
9|Page
Google Hacking 9. Go to the GoogleHack tab, click “Load Google Hack Database” and then “Start”
GHH http://ghh.sourceforge.net/
10 | P a g e