Scribd
Upload
379 views42 pages

Google Hacking For Auditors (3/2022)

Slides from Google Hacking for Auditors given at the I Heart Audit virtual conference on March 3, 2022. Google Hacking for Auditors (3/2022) © 2022 by Brian Markham is licensed under CC BY-NC-SA 4.0

Uploaded by

Brian Markham
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
379 views42 pages

Google Hacking For Auditors (3/2022)

Slides from Google Hacking for Auditors given at the I Heart Audit virtual conference on March 3, 2022. Google Hacking for Auditors (3/2022) © 2022 by Brian Markham is licensed under CC BY-NC-SA 4.0

Uploaded by

Brian Markham
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 42

Google Hacking for Auditors

Brian Markham // March 3, 2022


Google Hacking for Auditors (3/2022) © 2022 by Brian Markham is
licensed under CC BY-NC-SA 4.0. 
To view a copy of this license, visit http://creativecommons.org/
licenses/by-nc-sa/4.0/

bmarkham-01-MBP:~ bmarkham$ whoami


Brian Markham
Present: CISO @ EAB
Past: PwC, KPMG, University of Maryland, George Washington University

Search Engines

• Thereare a number of different search engines but


for the purposes of this webinar, we will focus on
Google.

• Googleallows a user to create powerful search


criteria to find exactly what they are looking for.

• Let’sreview Google Dorking, cached pages, and


Image Searches

Everybody’s looking for something

• Org chart

• Documentatio
• Report
• SOP
• Contact informatio

• Training
5
s

6
7
Search Engines

• Byadding a single search operator we’re able to


narrow our search from 7M results to only eight

• Thesesearch operators make Google the most


effective of all OSINT tools

• Youcan chain search operators together to find


more specific information. Let’s review some of the
most useful search operators.

8
.

Google Search Operators

site

Use the site operator to search within a specific


website

Site:gwu.edu “CFO”

Search the entire GW official website for matches on


CFO.

9
:

10
Google Search Operators

inurl

Use the inurl operator to search for a string in a


URL

site:umd.edu inurl:logi

Look for any University of Maryland website with


login in the URL.

11
.

12
Google Search Operators

intext

Use the intext operator to search for a string in


the body of webpages or content of document

site:nd.edu intext:”data warehouse

Searches the entire nd.edu domain for the term “data


warehouse” in all html pages and documents.

13
:

14
Google Search Operators
filetype

Use the filetype operator to search for files. You


can specify a specific site and string for
additional granularit

site:*.edu filetype:pe

Search all websites in the .edu TLD for .pem files


(usually stores cryptographic keys)

15
:

16
17
18
Google Search Operators

inanchor

Use the inanchor operator to search for the keyword


in linked pages. Links or other linked pages are
known as the anchor

inanchor:"chief hacking officer" site:linkedin.co

19
:

20
21
Other useful tricks
• Usethe minus sign (-) to exclude terms from your
search. One that I frequently use is -inurl:www as it
will exclude all sites with www in the url and show me
other subdomains

• ANDis assumed (you don’t have to explicitly use this


operator) but OR is not. A pipe (|) is identical to OR

• Use * as a wild card

• before:YYYY-MM-DD or after:YYYY-MM-DD

22
.

23
Google Hacking Database

• https://www.exploit-db.com/google-hacking-database
• Databaseof Google search queries to help you find
specific technologies, devices, and much more.

24
25
26
Google Dorking Exercise (10 minutes)

• Lookup your employer or school; try to find


interesting files from the main domain

• Whatoperators do you have to use to reliably find


yourself on Google

• Share anything interesting you find in the chat.

27
?

Google Search Operators


• Site
• Intext
• Inurl
• Filetype
• Inanchor
• Before
• After
•| = O
• * = wild card
28
:

Google Reverse Image Search

• https://www.google.com/imghp?hl=en&ogbl
• Uploador link a photo and let Google find a matching
photo for you.

29
30
31
32
33
Reverse Image Search

• https://yandex.com/images/
• Yandexreverse image search can also return some useful
results.

34
Cached Pages
• Dependingon the nature of our investigation, we may
not want to visit any of the sites that we find.
Rather, let’s look for cached pages

• Cachedpages are essentially complete web pages that


Google scrapes during its web crawls

• You’revisiting some version of the site but accessing


it through Google

• Use the cache:[URL] operator.

35
.

36
37
Internet Archive
• The Internet never forgets…thanks to the Internet
Archiv

• If you’re looking for pages and websites that are no


longer available, the Internet Wayback Machine is a
great resourc

• https://archive.org/web
• The Internet Archive may have information that is not
otherwise available via a Google Search (cached or
live)

38
e

Google Alerts
• Google Alerts are a great way to create search queries
that will automatically return results if that criteria
is met

• Visit google.com/alerts

• Enter your search query in the search field (you


probably want to test it first

• Click “Create Alert”

39
.

40
Wrapping Up
• Googleis an incredibly powerful tool for gathering
information about just about anything

• Thereare many great resources for crafting Google


searches to find very specific information or devices on
the Internet

• Cachedpages can help you access content no longer


available and without connecting to the target's webpage

• Googlenews alerts can report when new information


becomes available.

41
.

Say hello
@maru3
[email protected]

42
7

You might also like