Google Hacking Database
Another aspect of Google searching to note is that there is a data‐
base of useful search queries. This is the Google Hacking Database
that was started in 2004 by Johnny Long, who began collecting use‐
ful or interesting search terms in 2002. Currently, the
Google Hack‐
ing Database
is hosted at
exploit-db.com
. The dorks are maintained
by categories, and there are a lot of interesting keywords that you
may be able to use as you are doing security testing for a company.
You can take any search term you find in the database and add
site:
followed by the domain name. You will then turn up potentially
vulnerable pages and sensitive information using Google hacking.
One final keyword that you can use, though you may be limited in when you might
use it, is
cache:
. You can pull a page out of Google’s search cache to see what the page
looked like the last time Google cached it. Because you can’t control the date you are
looking for, this keyword may not be as useful as the
Wayback Machine
in terms of
the cache results you can get. However, if a site is down for whatever reason, you can
pull the pages down from Google. Keep in mind, though, that if you are referring to
the Google cache because the site is down, you can’t click links in the page because
they will still refer to the site that is down. You would need to use the
cache:
keyword
again to get that page back.
Automating Information Grabbing
All of this searching can be time-consuming, especially if you have to go through
many queries in order to get as many results as possible. Fortunately, we can use tools
in Kali to get results quickly. The first tool we are going to look at is called the‐
Harvester. This is a program that can use multiple sources for looking for details.
This includes not only Google or Bing, two popular search providers, but also
LinkedIn, a social networking site for business opportunities where you post your
resume online and make connections with people for business purposes, including
hiring searches. theHarvester will also search through Twitter and Pretty Good Pri‐
vacy (PGP). When the Harvester looks through PGP, it is looking through an online
database of people who use PGP to encrypt or sign their emails. Using the online
PGP database, theHarvester will be able to turn up numerous email addresses if the
people have ever registered a PGP key.
In
Example 3-1
, we take a look for PGP keys that have been registered using the
domain name
oreilly.com
. This will provide us with a list of email addresses, as you
can see, though the email addresses have been obscured here just for the sake of pro‐
priety. The list of email addresses has been truncated as well. Several more results
were returned. Interestingly, even though I created my first PGP key in the 90s and
have had to regenerate keys a few times for my personal email address because I
