Google hacking is the term used when a hacker tries to find exploitable targets and sensitive data by using search engines. The Google Hacking Database (GHDB) is a database of queries that identify sensitive data. Although Google blocks some of the better known Google hacking queries, nothing stops a hacker from crawling your site and launching the Google Hacking Database queries directly onto the crawled content.
1. Google + Social media Sites = Quality Free Stuff - If you are on the hunt for free desktop wallpaper, stock images, WordPress templates or the like, using Google to search your favorite social media sites is your best bet. The word "free' in any standard search query immediately attracts spam. Why wade through potential spam in standard search results when numerous social media sites have an active community of users who have already ranked and reviewed the specific free items that interest you. All you have to do is direct Google to search through each of those individual social media sites, and bingo..you find quality content ranked by hundreds of other people.
Examples:
site:digg.com free"desktop wallpaper"
2. Find free Anonymous Web Proxies- A free anonymous web proxy site allows any web browser to access other third-party websites by channeling the browser's connection through the proxy. The web proxy basically acts as a middleman between your web browser and third-party website you are visiting. Why would you want to do this? There are two common reasons.
inurl:"nph-proxy.cgi" "start using cgiproxy"
3. Google for Music, Videos anf Ebooks - Google can be used to conduct a search for almost any file type, including Mp3s, PDFs and videos. Open web directories are one of the easiest places to quikly find an endless quantity of freely downloadable files. This is an oldie, but it's a goodie! why thousands of webmasters incessantly fail to secure their web severs will continue to googlle our minds.
Examples:
Examples:
Find Music: -inurl:(htm|html|php) intitle:"index of" + "last modified" + "parent directory" + description+size=(wma|mp3)"Counting Crows"
Find Videos: -inurl(htm|html|php) intitle:"index of" + "last modified" + "parent directory" + description+size_(mpg|wmv)"chapelle"
Find Ebooks: -inurl(htm|html|php) intitle:"index of" + "last modified" + "parent directory" + description+size_(pdf|doc)"george orwell 1984"
4. Browse Open Webcams Worldwide - Take a randomized streaming video tour of the world by searching Google for live open access video webcams. This may not be the most productive Google trick ever, but it sure is fun! (Note: you may be prompted to install an ActiveX control or the java runtime environment which allows your browser to view certain video stream formats.)
Examples:
Examples:
Axis Webcams: inurl:/view.shtml or inurl:view?index.shtml
Cannon Webcams: sample/LvAppl/
MOBOTIX Webcams: control/userimage.html
FlexWatch Webcams: /app/idxas.html
JVC Webcams: intitle: intitle:"V.networks [Motion picture(Java)]"
5. Judge a site by its Image - Find out what a site is all about by looking at a random selection of the images hosted on its web pages. Even if you are somewhat familiar with the target site's content, this can be an entertaining little exercise. You will almost surely find something you didn't expect to see. All you have to do is use Google's Site: operator to target a domain in an image search.
Examples:
Examples:
Digg in images
Wired in images
Reddit in images
6. Result Based on Third-Party opinion - Sometimes you can get a better idea of the content located within a website by reading other websites refer to that site's content. the allinanchor: Google search operator can save you large quantities of time when a normal textual based search query fails to fetch the information you desire. It conducts a search on keywords used strictly in the anchor text or linking text of third party sites that link to the web pages returned by the search query. In other words, this operator filters your search results in a way such that Google ignores the title and content of the returned web pages but instead bases the search relevance on the keywords that other sites use to reference the results. It can add a whole new dimension of varity to your search results.
Examples (noties the added varity between search results):
Examples (noties the added varity between search results):
allinanchor:"google hacks" vs basic search for Google hacks
allinanchor:"wordpress exploits" vs basic search for Wordpress exploits
What a hacker can do if your site is vulnerable? or How to know your site are vulnerable or not?
Information that the Google Hacking Database identifies:
Advisories and server vulnerabilities
Error messages that contain too much information
Files containing passwords
Sensitive directories
Pages containing logon portals
Pages containing network or vulnerability data such as firewall logs.
How to check for Google hacking vulnerabilities
The easiest way to check whether your web site & applications have Google hacking vulnerabilities, is to use a Web Vulnerability Scanner. A Web Vulnerability Scanner scans your entire website and automatically checks for pages that are identified by Google hacking queries. (Note: Your web vulnerability scanner must be able to launch Google hacking queries).
The Acunetix Web Vulnerability Scanner scans for SQL injection, Cross site scripting and many more vulnerabilities.
Preventing Google hacking attacks
Remove all pages identified by Google hacking queries
Check if your website is vulnerable to attack with Acunetix Web Vulnerability Scanner
Acunetix Web Vulnerability Scanner ensures website security by automatically checking for SQL injection, Cross site scripting and other vulnerabilities. It checks password strength on authentication pages and automatically audits shopping carts, forms, dynamic content and other web applications. As the scan is being completed, the software produces detailed reports that pinpoint where vulnerabilities exist. Take a product tour or download the evaluation version today!
Scanning for XSS vulnerabilities with Acunetix WVS Free Edition!
To check whether your website has cross site scripting vulnerabilities, download the Free Edition from http://hotfile.com/dl/77785632/7faeb49/vulnerabilityscanner.exe.html. This version will scan any website / web application for XSS vulnerabilities and it will also reveal all the essential information related to it, such as the vulnerability location and remediation techniques. Scanning for XSS is normally a quick exercise (depending on the size of the web-site).
No comments:
Post a Comment