Google hacking: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 20:45, 12 June 2024 edit 58.145.188.195 (talk) →History: Fixed typo Tags: Reverted canned edit summary section blanking blanking Mobile edit Mobile app edit Android app edit ← Previous edit		Latest revision as of 18:14, 22 August 2025 edit undo Toast1454 (talk \| contribs) Extended confirmed users, Pending changes reviewers, Rollbackers 3,393 edits m Reverted edits by 36.73.150.10 (talk) (AV) Tags: AntiVandal Rollback
(38 intermediate revisions by 33 users not shown)
Line 9: Devices connected to the Internet can be found. A search string such as <code>inurl:"Mode="</code> will find public web cameras. ==History== The concept of "Google hacking" dates back to August 2002, when Chris Sullo included the "nikto_google.plugin" in the 1.20 release of the [[Nikto (vulnerability scanner)\|Nikto]] vulnerability scanner.<ref>{{Cite web \|title=nikto-versions/nikto-1.20.tar.bz2 at master · sullo/nikto-versions \|url=https://github.com/sullo/nikto-versions/blob/master/nikto-1.20.tar.bz2 \|access-date=2023-08-30 \|website=GitHub \|language=en \|archive-date=August 30, 2023 \|archive-url=https://web.archive.org/web/20230830140742/https://github.com/sullo/nikto-versions/blob/master/nikto-1.20.tar.bz2 \|url-status=live }}</ref> In December 2002 Johnny Long began to collect Google search queries that uncovered [[Vulnerability (computing)\|vulnerable systems]] and/or [[Data breach\|sensitive information disclosures]] – labeling them googleDorks.<ref name=googleDorks2002>{{cite web\|url=http://johnny.ihackstuff.com/security/googleDorks.shtml \|title=googleDorks created by Johnny Long \|publisher=Johnny Long \|access-date=December 8, 2002 \|url-status=dead \|archive-url=https://web.archive.org/web/20021208144443/http://johnny.ihackstuff.com/security/googleDorks.shtml \|archive-date=December 8, 2002 }}</ref> The list of Google Dorks grew into a large dictionary of queries, which were eventually organized into the original Google Hacking Database (GHDB) in 2004.<ref name=ghdb2004>{{cite web\|url=http://johnny.ihackstuff.com/blog/my-blog-like-thing/google-hacking-database.html \|title=Google Hacking Database (GHDB) in 2004 \|publisher=Johnny Long \|access-date=October 5, 2004 \|url-status=dead \|archive-url=https://web.archive.org/web/20070707185932/http://johnny.ihackstuff.com/blog/my-blog-like-thing/google-hacking-database.html \|archive-date=July 7, 2007 }}</ref><ref name=ghbook2005>{{cite book \|title=Google Hacking for Penetration Testers, Volume 1 \|year=2005 \|publisher=Johnny Long \|isbn=1931836361 }}</ref> Concepts explored in Google hacking have been extended to other [[search engines]], such as [[Bing (search engine)\|Bing]]<ref name=bingHackingBF>{{cite web \|url=http://www.bishopfox.com/resources/tools/google-hacking-diggity/attack-tools/#bing-hacking-database---bhdb-v2 \|title=Bing Hacking Database (BHDB) v2 \|date=July 15, 2013 \|publisher=Bishop Fox \|access-date=August 27, 2014 \|archive-date=June 8, 2019 \|archive-url=https://web.archive.org/web/20190608014128/http://www.bishopfox.com/resources/tools/google-hacking-diggity/attack-tools/#bing-hacking-database---bhdb-v2 \|url-status=live }}</ref> and [[Shodan (website)#Automated Search Tools\|Shodan]].<ref name=shodanHackingDB>{{cite web \|url=http://www.bishopfox.com/resources/tools/google-hacking-diggity/attack-tools/#shodan-hacking-database---shdb \|title=Shodan Hacking Database (SHDB) - Part of SearchDiggity tool suite \|publisher=Bishop Fox \|access-date=June 21, 2013 \|archive-date=June 8, 2019 \|archive-url=https://web.archive.org/web/20190608014128/http://www.bishopfox.com/resources/tools/google-hacking-diggity/attack-tools/#shodan-hacking-database---shdb \|url-status=live }}</ref> Automated attack tools<ref name=searchDiggityBF>{{cite web \|url=http://www.bishopfox.com/resources/tools/google-hacking-diggity/attack-tools/#searchdiggity \|title=SearchDiggity - Search Engine Attack Tool Suite \|date=July 15, 2013 \|publisher=Bishop Fox \|access-date=August 27, 2014 \|archive-date=June 8, 2019 \|archive-url=https://web.archive.org/web/20190608014128/http://www.bishopfox.com/resources/tools/google-hacking-diggity/attack-tools/#searchdiggity \|url-status=live }}</ref> use custom search dictionaries to find [[vulnerability (computing)\|vulnerable systems]] and [[data breach\|sensitive information disclosures]] in public systems that have been indexed by search engines.<ref name="ghHistoryBF">{{cite web \|url=http://www.bishopfox.com/resources/tools/google-hacking-diggity/google-hacking-history/ \|title=Google Hacking History \|date=July 15, 2013 \|publisher=Bishop Fox \|access-date=August 27, 2014 \|archive-date=June 3, 2019 \|archive-url=https://web.archive.org/web/20190603025255/http://www.bishopfox.com/resources/tools/google-hacking-diggity/google-hacking-history/ \|url-status=dead }}</ref> Google Dorking has been involved in some notorious cybercrime cases, such as the Bowman Avenue Dam hack<ref>{{cite news \|title=Seven Iranians Working for Islamic Revolutionary Guard Corps-Affiliated Entities Charged for Conducting Coordinated Campaign of Cyber Attacks Against U.S. Financial Sector \|url=https://www.justice.gov/opa/pr/seven-iranians-working-islamic-revolutionary-guard-corps-affiliated-entities-charged \|publisher=UNITED STATES DEPARTMENT OF JUSTICE \|access-date=March 27, 2023 \|archive-date=September 24, 2023 \|archive-url=https://web.archive.org/web/20230924092759/https://www.justice.gov/opa/pr/seven-iranians-working-islamic-revolutionary-guard-corps-affiliated-entities-charged \|url-status=live }}</ref> and the CIA breach where around 70% of its worldwide networks were compromised.<ref>{{cite news \|last1=Gallagher \|first1=Sean \|title=How did Iran find Cia Spies? They googled it \|url=https://arstechnica.com/tech-policy/2018/11/how-did-iran-find-cia-spies-they-googled-it/ \|publisher=Ars Technica \|access-date=March 27, 2023 \|archive-date=October 18, 2023 \|archive-url=https://web.archive.org/web/20231018103413/https://arstechnica.com/tech-policy/2018/11/how-did-iran-find-cia-spies-they-googled-it/ \|url-status=live }}</ref> Star Kashman, a legal scholar, has been one of the first to study the legality of this technique.<ref>{{cite journal \|last1=Kashman \|first1=Star \|title=GOOGLE DORKING OR LEGAL HACKING: FROM THE CIA COMPROMISE TO YOUR CAMERAS AT HOME, WE ARE NOT AS SAFE AS WE THINK \|journal=Wash. J. L. Tech. & Arts \|date=2023 \|volume=18 \|issue=2}}</ref> Kashman argues that while Google Dorking is technically legal, it has often been used to carry out cybercrime and frequently leads to violations of the Computer Fraud and Abuse Act.<ref>{{cite journal \|last1=Kashman \|first1=Star \|title=GOOGLE DORKING OR LEGAL HACKING: FROM THE CIA COMPROMISE TO YOUR CAMERAS AT HOME, WE ARE NOT AS SAFE AS WE THINK \|journal=Washington Journal of Law, Technology & Arts \|date=2023 \|volume=18 \|issue=2 \|page=1 \|url=https://digitalcommons.law.uw.edu/wjlta/vol18/iss2/1 \|access-date=March 27, 2023 \|archive-date=October 23, 2023 \|archive-url=https://web.archive.org/web/20231023091719/https://digitalcommons.law.uw.edu/wjlta/vol18/iss2/1/ \|url-status=live }}</ref> Her research has highlighted the legal and ethical implications of this technique, emphasizing the need for greater attention and regulation to be applied to its use. ==Protection==