Google and all of it's services must be the most advanced and handy SaaS-solution(s) ever created.
Google is also known to be the "hackers best friend". why bother to run automated "Google-Dork Scanners" manually, when Google just as well could do the job for you?

After some tinkering, and exploring of the wide range of services Google provides; I came up with something interesting.

So folks, behold.
The Skynet is born.

Here's how it works:

1. Login to your Google-account (or provide an e-mail address).
2. Go to
3. Enter the malicious dork, among other settings.
4. If you got more dorks, go back to to #2.

Simple, clean and easy.
Just (ab)use Google Alerts for your own evil deeds!
(The current trend is cloud-based solutions, so why fight against it?)

Whenever Google finds something matching your dork - you will receive an e-mail notification, telling you what sites it found as well as what it matched on.

The variety of malicious content Google may provide, could range from anything of the following:

* Public Advisories and Vulnerabilities (and well, 0-days if you have any).
* Server-Side Error Messages.
* Files containing logon credentials for various services. (Usernames, Passwords...)
* Footholds. (e.g; Administrative pages)
* Login portals.
* Network and/or Vulnerability logs.
* Online Shopping Information (Customer Data, Suppliers, Credit Cards...)
* Various Online Services (Printers, Surveillance cameras, Routers, SIP-switches...)
* Vulnerable Files & Servers
* Web-Server / OS Fingerprints

With other words, you'll never have to manually scan/query/search again.
Just configure your "Google Alerts"-page, and see the information-flow building up in your e-mails inbox.

What's even more cozy, is the user-friendly feature of allowing your GMAIL to act as a RSS-feed:

...a perfect way to parse the data!

Heres some resources containing various Google dorks (which only may be used for educational purposes!):


Now, I'm not saying you should use this technique.
But it could become a serious threat - due to the ease of executing the process.

I hope I've enlightened you a bit! :)


Post a Comment

Share My Application © 2013. All Rights Reserved. Powered by Blogger