Google and all of it's services must be the most advanced and handy SaaS-solution(s) ever created.
Google is also known to be the "hackers best friend".
...so why bother to run automated "Google-Dork Scanners" manually, when Google just as well could do the job for you?

After some tinkering, and exploring of the wide range of services Google provides; I came up with something interesting.

So folks, behold.
The Skynet is born.

Here's how it works:

1. Login to your Google-account (or provide an e-mail address).
2. Go to http://www.google.com/alerts.
3. Enter the malicious dork, among other settings.
4. If you got more dorks, go back to to #2.


Simple, clean and easy.
Just (ab)use Google Alerts for your own evil deeds!
(The current trend is cloud-based solutions, so why fight against it?)


Whenever Google finds something matching your dork - you will receive an e-mail notification, telling you what sites it found as well as what it matched on.

The variety of malicious content Google may provide, could range from anything of the following:

* Public Advisories and Vulnerabilities (and well, 0-days if you have any).
* Server-Side Error Messages.
* Files containing logon credentials for various services. (Usernames, Passwords...)
* Footholds. (e.g; Administrative pages)
* Login portals.
* Network and/or Vulnerability logs.
* Online Shopping Information (Customer Data, Suppliers, Credit Cards...)
* Various Online Services (Printers, Surveillance cameras, Routers, SIP-switches...)
* Vulnerable Files & Servers
* Web-Server / OS Fingerprints

With other words, you'll never have to manually scan/query/search again.
Just configure your "Google Alerts"-page, and see the information-flow building up in your e-mails inbox.

What's even more cozy, is the user-friendly feature of allowing your GMAIL to act as a RSS-feed:

https://USERNAME:PASSWORD@gmail.google.com/gmail/feed/atom


...a perfect way to parse the data!

Heres some resources containing various Google dorks (which only may be used for educational purposes!):

* http://www.hackersforcharity.org/ghdb/
* http://www.exploit-db.com/google-dorks/
* http://www.googlebig.com/forum/google-dorks-f-4.html

Now, I'm not saying you should use this technique.
But it could become a serious threat - due to the ease of executing the process.

I hope I've enlightened you a bit! :)

0 comments:

Post a Comment

 
Share My Application © 2013. All Rights Reserved. Powered by Blogger
Top