Google Hacking and its Database (GHDB)

Attackers call the practice of crafting complex search engine queries "Google Hacking." Footprinting using advanced Google hacking techniques involves locating specific strings of text within search results using advanced operators in the Google search engine. Attackers can use the database of searches known as the Google Hacking Database (GHDB) to find sensitive information. 

The attacker can not only detect websites and web servers that are vulnerable to exploitation but also locate private, sensitive information about others, such as credit card numbers, social security numbers, passwords, and so on.

The Google Hacking Database (GHDB) is an authoritative source for querying the ever-widening scope of the Google Search Engine. Google Hacking Database Categories are as follows:

  • Footholds
  • Files Containing Usernames
  • Sensitive Directories
  • Web Server Detection
  • Vulnerable Files
  • Vulnerable Servers
  • Error Messages
  • Files Containing Juicy Info
  • Files Containing Passwords
  • Sensitive Online Shopping Info
  • Network or Vulnerability Data
  • Pages Containing Login Portals
  • Various Online Devices
  • Advisories and Vulnerabilities

Examples of sensitive information on public servers that can be extracted by an attacker with the help of GHDB queries include:
  • Error messages that contain sensitive information
  • Files containing passwords
  • Sensitive directories
  • Pages containing login portals
  • Pages containing network or vulnerability data, such as IDS, firewall logs, and configurations. 
  • Advisories and server vulnerabilities
  • Software version information
  • Web application source code
  • Connected IoT devices and their control panels, if unprotected
  • Hidden web pages such as intranet and VPN services

You might be interested in,
We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

No comments:

Post a Comment