Real time Google Hacking

Who doesn’t love a good googledork? Francis Brown and Rob Ragan over at Stach & Liu sure do. They have given us a few reasons to fall in love with Google hacking all over again. If you haven’t seen their excellent presentation called “Lord of the BIng” at Defcon, Blackhat, B-Sides, etc here is what you’ve missed.
Google considers all search results to be their intellectual property. To prevent automated scraping of their results they implemented controls that block tools that do hundreds of google searches to collect the results. That makes automatically launching hundreds or thousands of google searches to find sensitive data, configuration files and other interesting things a time consuming process. Francis and Rob have figured out a few ways to make that process simple.
First, BING doesn’t have any of the restrictions that Google does. But BING’s syntax is a little different that Googles so you can’t just plug your GoogleDorks into BING. So they converted the entire GHDB to BING Searches and have made that publicly available on their website. That is pretty awesome by itself. But there is more.
Second, Google doesn’t blacklist or apply restriction to searches conducted from Google services (imagine that). They took the entire Google Hacking Database, Foundstone Hacking Database and their new BING Hacking Database and turned them into Google READER RSS feeds. As soon as Google or BING indexes a new site that matches your “intitle:Index Of passwords” criteria Google reader adds it to your RSS feed. (Your Google reader is able to get BING results by leveraging BING’s &format=rss parameter) As a result, Google and BING are constantly searching for all the Googledorks in the database and maintaining a realtime database of the results! Then Rob and Francis exported their RSS feeds to OPML format so you can just import them into your own Google reader account. That is REALLY cool! (note: importing that huge xml file takes some time. Be patient) But there is more! If you order today they will send you the GHDB converted to the BHDB and the entire GHDB, FHDB and BHDB in Google Reader format but they don’t stop there. There is a suite of command-line and GUI based tools to make it easier to search your sites for sensitive data using Googledorks.
View image
How do we defend ourselves against Search Engine Data leakage? We use the “SITE:mysite.com” and the google dork to see what data we are leaking. Without automation it is very time consuming to try hundreds of Googledorks against one site. So what if you have 1000 or more sites? You probably just ignore the threat and hope for the best. Their SearchDiggity project comes to the rescue. With their tool you can plug in multiple domains and easily use the unfiltered BING results to keep tabs on you the sensitive data search engines are finding on your sites.
View image
All of the tools and the Google Reader OPML are available for download here:
http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/

Join me for SANS 504 Hacker Techniques, Exploits and Incident handling in San Antonio November 13th! REGISTER TODAY BY CLICKING HERE!!!