Google Dorks 2.0

Google and all of it's services must be the most advanced and handy SaaS-solution(s) ever created.
Google is also known to be the "hackers best friend".
...so why bother to run automated "Google-Dork Scanners" manually, when Google just as well could do the job for you?

After some tinkering, and exploring of the wide range of services Google provides; I came up with something interesting.

So folks, behold.
The Skynet is born.

Here's how it works:

1. Login to your Google-account (or provide an e-mail address).
2. Go to http://www.google.com/alerts.
3. Enter the malicious dork, among other settings.
4. If you got more dorks, go back to to #2.

Simple, clean and easy.
Just (ab)use Google Alerts for your own evil deeds!
(The current trend is cloud-based solutions, so why fight against it?)

Whenever Google finds something matching your dork - you will receive an e-mail notification, telling you what sites it found as well as what it matched on.

The variety of malicious content Google may provide, could range from anything of the following:

• Public Advisories and Vulnerabilities (and well, 0-days if you have any).
• Server-Side Error Messages.
• Files containing logon credentials for various services. (Usernames, Passwords...)
• Footholds. (e.g; Administrative pages)
• Login portals.
• Network and/or Vulnerability logs.
• Online Shopping Information (Customer Data, Suppliers, Credit Cards...)
• Various Online Services (Printers, Surveillance cameras, Routers, SIP-switches...)
• Vulnerable Files & Servers
• Web-Server / OS Fingerprints

With other words, you'll never have to manually scan/query/search again.
Just configure your "Google Alerts"-page, and see the information-flow building up in your e-mails inbox.

What's even more cozy, is the user-friendly feature of allowing your GMAIL to act as a RSS-feed:

https://USERNAME:PASSWORD@gmail.google.com/gmail/feed/atom

...a perfect way to parse the data!

Heres some resources containing various Google dorks (which only may be used for educational purposes!):

• http://www.hackersforcharity.org/ghdb/
• http://www.exploit-db.com/google-dorks/
• http://www.googlebig.com/forum/google-dorks-f-4.html

Now, I'm not saying you should use this technique.
But it could become a serious threat - due to the ease of executing the process.

I hope I've enlightened you a bit!

Ciao Bella!

Fredrik Nordberg Almroth

Hey, I'm Fredrik. I'm from Sweden, born 1990, and I got a huge interest for information technology and information security. So far, I've been studying for three years at the Internation IT College of Sweden and one year at the Royal Institute of Technology (Kista, Sweden). I'm one of the Co-Founders of Detectify. I'm working closely together with the swedish firm Young & Skilled. ...Not to forget, I'm the previous founder of Arctic Security. If you wish to contact me, please email me at h@ackack.net or follow me on twitter @Almroot.

6 Comments

1. 

   03/04/2011 @ 20:00

   Stealth- says:

   Clever! It's strange someone hasn't thought of this sooner.

2. 

   04/04/2011 @ 08:01

   Fredrik Nordberg Almroth says:

   Thanks! And yeah, it's weird no one have published an article of it earlier.

3. 

   14/04/2011 @ 07:05

   SyRiAn_34G13 says:

   that great hehehe
   we can use it every where ..
   thanx for this job

4. 

   27/04/2011 @ 10:05

   TheTestManager says:

   I've been doing it for about 4 years now.

   So well done for also working it out.

   before there was google alerts I was using another tool called googlealerts which has since had to change its name to gigaalerts, they are both the same thing. Google just copied Giga's idea and forced them to change names.

   So it seems that people have been doing it for years , however I've kept quiet about it as like most things its a tool to be used for good or bad.

   I've been contacting corps and other smaller businesses to advise them of what I have been alerted about on their site, and they should secure the issue.
   Most of my alerts are for SQLInjection.

   I was one of the first contributors to GHDB, and I think one of the other early contributors spoke about setting this up. So my idea to create the alerts about 5 or 6 years or so ago came from our early GHDB chats.

   Nice to see someone else using the service either Giga Alerts or Google Alert, for Vuln research.

   Also just as heads up that there is also the GoogleHackDigity project
   http://www.stachliu.com/resources/tools/google-hacking-diggity-project/

   Which has been up and running or about a year now I think which also carries out similar alerts, however I think they use RSS feeds.

5. 

   27/04/2011 @ 20:24

   Fredrik Nordberg Almroth says:

   Woah, that is awesome.
   Always nice to find like-minded people! (Or well, at least we discovered the same technique).

   Isn't it strange that it haven't gotten more attention?
   More people than just you and me must have found the same usage of Google Alerts
   (or Giga Alerts for that matter).
   I mean, if you look around; the net is still spitting out new "google dork tools" for automatic polling
   on the search engine(s). So it really is weird that this approach isn't circulating more.

   But I suppose you're right - it can most certainly be used in both good / bad ways, and maybe
   that's the reason people isn't writing about it.

   I must salute you! Good job on your four year old dorking secret, and thanks for
   your superb comment and information!

   Cheers!

6. 

   05/04/2012 @ 14:19

   unknown says:

   do you know how to use this strategy but on specify google? like i want to use google alerts with one dork only for google.co.uk, or google.ca for ex? can i customize this in some way?