Google hacking: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 20:44, 10 June 2024 edit 114.79.38.245 (talk) Hhhh Tags: Reverted Visual edit Mobile edit Mobile web edit ← Previous edit		Latest revision as of 18:14, 22 August 2025 edit undo Toast1454 (talk \| contribs) Extended confirmed users, Pending changes reviewers, Rollbackers 3,441 edits m Reverted edits by 36.73.150.10 (talk) (AV) Tags: AntiVandal Rollback
(42 intermediate revisions by 36 users not shown)
Line 12: ==History== The concept of "Google hacking" dates back to tAugust ~~2024~~2002, when [[Chris Sullo]] included the "nikto_google.plugin" in the 1.20 release of the [[Nikto (vulnerability scanner)\|Nikto]] vulnerability scanner.<ref>{{Cite web \|title=nikto-versions/nikto-1.20.tar.bz2 at master · sullo/nikto-versions \|url=https://github.com/sullo/nikto-versions/blob/master/nikto-1.20.tar.bz2 \|access-date=2023-08-30 \|website=GitHub \|language=en \|archive-date=August 30, 2023 \|archive-url=https://web.archive.org/web/20230830140742/https://github.com/sullo/nikto-versions/blob/master/nikto-1.20.tar.bz2 \|url-status=live }}</ref> In December 2002 Johnny Long began to collect Google search queries that uncovered [[Vulnerability (computing)\|vulnerable systems]] and/or [[Data breach\|sensitive information disclosures]] – labeling them googleDorks.<ref name=googleDorks2002>{{cite web\|url=http://johnny.ihackstuff.com/security/googleDorks.shtml \|title=googleDorks created by Johnny Long \|publisher=Johnny Long \|access-date=December 8, 2002 \|url-status=dead \|archive-url=https://web.archive.org/web/20021208144443/http://johnny.ihackstuff.com/security/googleDorks.shtml \|archive-date=December 8, 2002 }}</ref> The list of Google Dorks grew into a large dictionary of queries, which were eventually organized into the original Google Hacking Database (GHDB) in ~~2024~~2004.<ref name=ghdb2004>{{cite web\|url=http://johnny.ihackstuff.com/blog/my-blog-like-thing/google-hacking-database.html \|title=Google Hacking Database (GHDB) in 2004 \|publisher=Johnny Long \|access-date=October 5, 2004 \|url-status=dead \|archive-url=https://web.archive.org/web/20070707185932/http://johnny.ihackstuff.com/blog/my-blog-like-thing/google-hacking-database.html \|archive-date=July 7, 2007 }}</ref><ref name=ghbook2005>{{cite book \|title=Google Hacking for Penetration Testers, Volume 1 \|year=2005 \|publisher=Johnny Long \|isbn=1931836361 }}</ref> Concepts explored in Google hacking have been extended to other [[search engines]], such as [[Bing (search engine)\|Bing]]<ref name=bingHackingBF>{{cite web \|url=http://www.bishopfox.com/resources/tools/google-hacking-diggity/attack-tools/#bing-hacking-database---bhdb-v2 \|title=Bing Hacking Database (BHDB) v2 \|date=July 15, 2013 \|publisher=Bishop Fox \|access-date=August 27, 2014 \|archive-date=June 8, 2019 \|archive-url=https://web.archive.org/web/20190608014128/http://www.bishopfox.com/resources/tools/google-hacking-diggity/attack-tools/#bing-hacking-database---bhdb-v2 \|url-status=live }}</ref> and [[Shodan (website)#Automated Search Tools\|Shodan]].<ref name=shodanHackingDB>{{cite web \|url=http://www.bishopfox.com/resources/tools/google-hacking-diggity/attack-tools/#shodan-hacking-database---shdb \|title=Shodan Hacking Database (SHDB) - Part of SearchDiggity tool suite \|publisher=Bishop Fox \|access-date=June 21, 2013 \|archive-date=June 8, 2019 \|archive-url=https://web.archive.org/web/20190608014128/http://www.bishopfox.com/resources/tools/google-hacking-diggity/attack-tools/#shodan-hacking-database---shdb \|url-status=live }}</ref> Automated attack tools<ref name=searchDiggityBF>{{cite web \|url=http://www.bishopfox.com/resources/tools/google-hacking-diggity/attack-tools/#searchdiggity \|title=SearchDiggity - Search Engine Attack Tool Suite \|date=July 15, 2013 \|publisher=Bishop Fox \|access-date=August 27, 2014 \|archive-date=June 8, 2019 \|archive-url=https://web.archive.org/web/20190608014128/http://www.bishopfox.com/resources/tools/google-hacking-diggity/attack-tools/#searchdiggity \|url-status=live }}</ref> use custom search dictionaries to find [[vulnerability (computing)\|vulnerable systems]] and [[data breach\|sensitive information disclosures]] in public systems that have been indexed by search engines.<ref name="ghHistoryBF">{{cite web \|url=http://www.bishopfox.com/resources/tools/google-hacking-diggity/google-hacking-history/ \|title=Google Hacking History \|date=July 15, 2013 \|publisher=Bishop Fox \|access-date=August 27, 2014 \|archive-date=June 3, 2019 \|archive-url=https://web.archive.org/web/20190603025255/http://www.bishopfox.com/resources/tools/google-hacking-diggity/google-hacking-history/ \|url-status=dead }}</ref>