I'll be talking about a new Open-Source Intelligence (OSINT) tool I developed in this blog post to help with target organization information collection during penetration testing engagements. I refer to it as Meta-Detector.
Recently, I have observed that certain automated technologies used in the process of acquiring OSINT, such as Google Dorking, have been less than effective or have not produced any findings at all. That's what inspired me to develop Meta-Detector.
Google Dorking
In case you are unfamiliar with the phrase, let me define Google Dorking before I talk about Meta-Detector.
Google Dorking is the practice of using search strategies and targeted search terms (sometimes referred to as "Google Dorks") to find confidential or hidden material that may be difficult to find using standard search approaches. It entails using Google's search functions to locate particular kinds of information or data that might have been unintentionally made public or available online.
Operators and search modifiers, such as Google Dorking, enable users to hone and restrict search results according to particular standards. Typical Google Dorking strategies include the following:
- File Type Searches: You can search for particular file kinds, like spreadsheets, configuration files, or PDFs, by using the "filetype" operator. The search query "filetype:pdf site:example.com" looks for PDF files hosted on the example.com domain, for instance.
- Site searches: involve conducting a search inside a certain domain or website using the "site" operator. For instance, "site:example.com" limits the scope of the search results to the website example.com.
- Title and URL Searches: Look for particular words or phrases in the URL or title of webpages by using the "intitle" and "inurl" operators. When a webpage has "index of" in the title, for instance, "intitle:index of /" searches for it and frequently returns directory listings.
- Authentication Bypass: Locating websites or web applications with known vulnerabilities or misconfigurations that could permit unauthorized access by using targeted search queries. For instance, a website URL search for login pages can be performed with "inurl:/admin/login".
- Disclosure of Sensitive Information: Utilizing search terms to locate potentially accidentally exposed online sensitive data, such as credit card numbers, usernames, passwords, and private documents. For instance, the search term "intext:password filetype:txt" looks for text files that contain the word "password."
There are several uses for Google Dorking, including as penetration testing, cybersecurity research, and investigations. But it's crucial to use Google Dorking sensibly and morally, according to all applicable laws and privacy regulations, and refraining from any illegal or invasive activity. Organizations should also routinely audit and safeguard their internet assets to avoid unintentionally exposing confidential data via Google Dorking scams.
Practical Use Cases
Here are some suggestions to begin you thinking about the potential benefits of this kind of study if you are unfamiliar with it.
Recognizing Disclosureed Credentials:
Penetration testers can look for exposed credentials, including usernames and passwords, by using Google Dorking. Through targeted searches for strings or patterns (e.g., "admin," "password," "login," etc.) that represent login credentials, they can find instances when private data has been unintentionally leaked online.
Find Out Which Servers and Services Are Misconfigured:
Servers and services that are misconfigured or left in default situations, which could present security threats, can be found with the use of Google Dorking. To evaluate a system's security posture, penetration testers can utilize search operators to locate instances of exposed configuration files, open ports, or default login sites.
Finding Dangerous Web Applications:
Penetration testers frequently utilize Google Dorking to identify web applications that are vulnerable to typical security issues like file inclusion vulnerabilities, SQL injection vulnerabilities, and cross-site scripting (XSS). Testers might find possible targets for additional evaluation by looking for particular keywords or error messages related to these vulnerabilities.
Internal Network Infrastructure Mapping:
Google Dorking can occasionally be used to learn more about the internal network architecture of a company. Penetration testers can learn more about the structure and connectivity of the target network by looking for publicly available documentation, network diagrams, or configuration files that make reference to internal IP addresses or domain names.
Evaluating Security of Third-Party Vendors:
For a variety of services and solutions, organizations frequently depend on outside providers. Penetration testers can utilize Google Dorking to look for information on client portals, vendor-specific documentation, and infrastructure-related data breaches in order to evaluate the security of these suppliers. This aids businesses in assessing the security risks related to their vendor relationships.
Meta-Detector
Go v1.22.1 was used to build Meta-Detector, and it may be compiled on any system with Go installed (but Go v1.22.1 is advised for optimal performance). The tool's purpose is to help identify relevant material for the target company in Google's search results by taking a domain name as an input and creating an HTML page with several prepared Google Dork Searches as hyperlinks.
This will make it easier to obtain Google search results by providing personalized links for particular domain names and search operators. With these preloaded Google Dork connections, you won't have to remember intricate syntax or miss important searches.
You can follow each link to be taken directly to the Google search results page for the particular domain name and search operator. It's crucial to remember that the results shown could change depending on whether the business has access to the specific kind of file or data you're looking for.
Furthermore, every link is made to open in a new tab on its own, guaranteeing a smooth surfing experience. Please make sure that any pop-up blockers are turned off if you choose to use the bottom button to open all links at once in order to prevent any disruptions.
Please be advised that if Google detects dorking activity, it may slow searches, which may occasionally lead to a "Prove you are not a robot" captcha. To resume uninterrupted browsing, simply fill out the captcha.
Please be advised that if Google detects dorking activity, it may slow searches, which may occasionally lead to a "Prove you are not a robot" captcha. To resume uninterrupted browsing, simply fill out the captcha.
"Where do we find the Google Search Operators?" may be on your mind. I'm happy you asked, though. Meta-Detector is dependent on a "search.config" configuration file that has several helpful search operators specifically designed for your OSINT activities. Meta-Detector is included with this file, giving you access to a large number of predefined search operators. Using a text editor, you can add your own Google Search Operators to the search.config file to suit your specific use case.
Getting the Meta-Detector and Using It
I will go more deeply into ideas that were first presented in this blog post as well as the nuances of using Meta-Detector in this section.
Make Directory: On the computer where you plan to install Meta-Detector, start by making a directory.
Clone Repository: Type the command git clone from the directory's command line
Construct a Meta-Detector: Launch the meta-detector.go Go build. Note: Go must be installed on your machine in order to complete this step.
The search.config file contains search parameters and descriptions that Meta-Detector reads in order to function. creating Google search URLs with the parameters entered.
incorporating these URLs into an HTML page and saving it as a file.
The search.config file contains descriptions and search parameters in the format ": ". Operators like site:, filetype:, inurl:, intitle:, and intext:, as well as logical operators like OR, can be used with parameters.
incorporating these URLs into an HTML page and saving it as a file.
The search.config file contains descriptions and search parameters in the format ": ". Operators like site:, filetype:, inurl:, intitle:, and intext:, as well as logical operators like OR, can be used with parameters.
To make changes to search.config: Use a text editor to open the file. Add or change parameters according to the format given. Save the modifications. You may also use the following command to obtain the most recent version of search.config:./meta-detector --download
Use: Make sure the parameters in search.config are set to what you want.
Use the domain as an input when running Meta-Detector (e.g.,./meta-detector domain.com).
Google Dork search results are generated into an HTML file called "_search_results.html" by Meta-Detector. There is a button to open all of the links at once, and each link in the HTML file opens the search results in a new tab.
Google Dork search results are generated into an HTML file called "_search_results.html" by Meta-Detector. There is a button to open all of the links at once, and each link in the HTML file opens the search results in a new tab.
Example Output: The program creates thisdomaindoesntexist.com_search_results.html with the search results for a given domain, such as thisdomaindoesntexist.com.
Troubleshooting:
Pop-up Blocker: Make sure links open properly by allowing or disabling pop-ups.
"Prove You Are Not a Robot" Due to Google's throttling, you may be requested to complete the CAPTCHA verification.
Changing Delay: If throttling problems continue, change the delay in the code (var delay = 1000;). One second is equal to 1000. After any changes, you must build the application. As an alternative, you can update this directly in the resulting HTML file. I have discovered that it is ideal to have a longer delay to minimize throttling and to address captchas as they are presented. Additionally, it helps avoid receiving several captchas in a row.
Want to start your learning journey on Cyber Security and Ethical Hacking field?
.png)
Comments
Post a Comment