Connect with us


Google Dorking And How Are Hackers Using This Technique Against You



Google is the encyclopedia of the internet that carries the answer to all your questions and curiosity. After all, it is just a web index to find images, articles, and videos, right?

Well, if you think so, you are turning a blind eye to the untapped potential of the behemoth search engine’s crawling capabilities. This side of Google is lesser-known to the average user but propelled effectively by bad actors to hijack websites and steal sensitive data from companies. Here, we’ll address how security professionals and hackers use Google as an effective reconnaissance tool to access sensitive data, hijack websites, and more.

What is Google Dorking?

Google dorking or Google hacking is the technique of feeding advanced search queries into the Google search engine to hunt for sensitive data such as username, password, log files, etc., of websites that Google is indexing due to site misconfiguration. This data is publicly visible and, in some cases, downloadable.

A regular Google search involves a seed keyword, sentence, or question. But, in Google dorking, an attacker uses special operators to enhance search and dictate the web crawler to snipe for very specific files or directories on the internet. In most cases, they are log files or website misconfigurations.

How Hackers Use Google Dorking to Hack Websites

Google dorking involves using special parameters and search operators called “dorks” to narrow down search results and hunt for exposed sensitive data and security loopholes in websites.

The parameters and operators direct the crawler to look for specific file types in any specified URL. The search results of the query include but are not limited to:

  • Open FTP servers.
  • A company’s internal documents.
  • Accessible IP cameras.
  • Government documents.
  • Server log files containing passwords and other sensitive data can be leveraged to infiltrate or disrupt an organization.

Most-Used Google Dorking Operators

Although there are tons of operators and parameters that one can apply to a search query, it only takes a handful of them to serve the needs of a security professional. Here are a few commonly used queries:

  • inurl: Dictates the crawler to search for URLs that contain a specified keyword.
  • allintext: This parameter searches for user-specified text in a webpage.
  • filetype: This parameter tells the crawler to look for and display a specific file type.
  • intitle: Scrapes for sites containing specified keywords in the title.
  • site: Lists all the indexed URLs for the specified site.
  • cache: When paired with the site parameter, this one displays the cached or older version of a website.
  • Pipe operator (|): This logical operator will list results that contain either of two specified search terms.
  • Wildcard operator (*): This is a wildcard operator that searches for pages that contain anything connected to your search term.
  • Subtract operator (-): This eliminates unwanted results from your search.

Is Google Dorking Illegal?

While it may seem intimidating, Google dorking will not land you behind bars, given you are only using it to refine your search results and not infiltrate an organization.

It is a necessary evil and, in fact, an encouraged practice amongst power users. Keep in mind that Google is tracking your searches all the time, so if you access sensitive data or search with malicious intent, Google will flag you as a threat actor.

In case you are carrying out a pen test or hunting for bug bounty, ensure that you are fully authorized and backed by the organization. Otherwise, if you get caught, things can take a turn for the worst, and one can even slap you with a lawsuit.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Four Key Tips for Beginners Learning JavaScript



If you have ever been interested in Web Development then chances are you have heard of JavaScript. JavaScript is an object-oriented programming language. It is used by developers to make the client-side (front end) of web pages dynamic and interactive. 

It is also used alongside HTML and CSS to make websites and web applications. The market for application development in 2022 is huge. Freelancing as a developer or pursuing a full-time job are lucrative options for anyone dedicated and determined to learn programming skills.

While learning to program can seem like a daunting task, it is not impossible. There are many resources online that can be used to learn to program. Paid options are the best in the end, but that does not mean free resources are bad. Let’s take a look at some tips for beginners in JavaScript to improve their command of the language.

  1. Comment a Lot

Using comments is important when learning any programming language. Comments help make your code more readable and understandable.

In the beginning, you will frequently forget what certain syntax means or what a particular line you wrote does in your code. To save yourself some headaches, write comments about any line that you feel you might forget for later reference. In fact, in the beginning, you should be commenting more than actually writing code.

With time, your grasp of the language will increase and your need to comment on your code will decrease. Eventually, your code will have very few comments or not at all.

  1. Do Programming Exercises

Even if you learn to code in JavaScript, you will not be able to understand how to apply it without sufficient practice. To get the practice you need, do additional coding exercises. There are a ton of free resources when it comes to practice exercises. A simple Google search will direct you to a long list of them. Make sure to start with exercises within your skill level, then advance upwards as you gain proficiency.

One common exercise is to learn how to convert XML to JSON. JavaScript libraries frequently use JSON files. Learning how to convert XML to JSON and vice versa is a good idea because you will be working with both a lot using JavaScript.

  1. Leverage Multiple Resources

There are many resources available online that can be used to learn JavaScript. YouTube has a variety of video tutorials explaining the obscure and obvious features of using JavaScript.

Similarly, many forums exist solely for JavaScript programmers and their programming problems. Let’s face it, you will run into problems, and you can use these resources to resolve issues you run into. There are also groups and communities that can provide expert and amateur advice on programming problems. JavaScript is a popular language, so it is easy to find communities specifically for JavaScript and solutions to most problems.

  1. Always Make Documentation for Your Projects

You will be making a few practice projects when learning JavaScript. No matter how small or insignificant a project seems, make some documentation about it.

Documentation can include a ‘How to’ that tells how to run the project. You can also include ‘Read Me’ files to tell you what the project does.

The point is to make documentation of all your projects. In the beginning, you will be making really simple documentation that only gives basic information. Later on, you will be adding more and more details.

Documentation will improve your understanding of what you have done. Beginners often follow tutorials and just code along with them. Unfortunately, such practices usually end up with beginners forgetting what they’ve done and not being able to understand their code.

Continue Reading


Four Ways AI Can Improve Your Next Meeting



It may not be noticeable to most, but AI is now rooted in many aspects of our lives. From voice assistants to the cars we drive, to social media and shopping – AI is integrated into a multitude of everyday processes.

It should be of little surprise that AI is also becoming heavily embedded in our businesses. And while some people feel uncomfortable about this intersection of human and machine, it truly offers an abundance of transformative opportunities.

Here are four reasons why AI will continue to be important today and in the future:

  1. Automated note-taking allows brainstorms to go full speed

The days of being the meeting scribe and not absorbing what’s been said around you are over. Automated note-taking and accurate meeting transcripts are one of the simplest ways AI can help free up meeting attendees to focus on the discussion taking place.

Using this software means that transcripts can be searched for important keywords and ideas, allowing participants to fully absorb details after the meeting has concluded. Giving everyone at the meeting the ability to participate without the burden of constant note-taking fosters a lively and uninhibited discussion, encouraging a seamless flow of ideas.

  1. AI-powered action items, agenda updates, and deadline management

AI technology is founded on rules-based responses to decisions, meaning it can be taught to recognize keywords. Organizers can plug in important words such as “follow up” or “action item” and the AI can recognize them and react for easier sharing and review after a meeting.

In addition, AI can help to record deadlines and, if programmed to do so, could send out reminders as deadlines approach. With something like Natural Language Processing (NLP) embedded, AI can also know which parts of the meeting are most important, based on vocal tones, and can automatically record and share those parts with attendees, ensuring that none of the actions are forgotten.

  1. Automated capture of nonverbal cues

We all know those golden moments during a meeting where ideas are born and everyone reacts in a positive way – but they can be hard to identify, particularly if you’re engaging with remote workers on the phone or via video conference.

Wouldn’t it be great if AI was able to more easily recognize and record those moments, because they are generally identified by nonverbal cues such as facial expressions, nods, laughter, or peaks in the audio when everyone has that aha moment? A human note-taker may not be able to accurately capture this, but AI may be able to.

  1. Improved overall efficiency prevents meetings from dragging on

Everyone has experienced a meeting that seems to drag on endlessly, or watched co-workers talk in circles. This can happen when people are not paying attention because they’re scribbling on notepads and typing on laptops, bringing up topics that were already discussed. This is what turns meetings into chores instead of the energizing moments of team collaboration they are meant to be.

When AI removes the more mundane aspects of a meeting like scheduling or taking attendance, attendees can move through administrative tasks and housekeeping items rapidly, knowing the AI will have it all recorded for later reference, and move into free-flowing exchanges of ideas.

And for those routine meetings that occur frequently and don’t always entail a major brainstorming, AI also facilitates effective and concise meetings, so everyone can get into the meeting quickly, be productive with the time set out, and then get back into more inspiring work.

Continue Reading


How To Mitigate Shadow IT Risks



Using unapproved tools, software, and devices is risky. You never know what vulnerabilities so-called shadow IT may have. The pandemic that began in 2020 put a new spin on the shadow IT problem. The sudden need to handle all processes remotely was a true challenge since the majority of corporate networks were not configured to be safely accessed by employees from home.

Although it may seem that telecommuters got used to the security rules for remote work, there’s a risk they learned how to get around them. Using unauthorized third-party software while accessing corporate networks may pose a danger to an organization’s critical assets. In this article, we define what shadow IT is and why employees use unapproved software. We also specify major cybersecurity risks that can be caused by shadow IT and offer six ways to effectively address them.

What is Shadow IT?

Shadow IT refers to any IT system, solution, device, or technology used within an organization without the knowledge and approval of the corporate IT department.

Common examples of shadow IT are cloud services, file-sharing applications, and messengers that aren’t explicitly allowed according to an organization’s cybersecurity rules and guidelines. The risk of using such software is that it can have cybersecurity flaws and lead to various incidents like sensitive data exposure.

How to mitigate shadow IT risks:

  1. Build a flexible corporate policy

A well-thought-out corporate policy that addresses your business’s most critical cybersecurity issues is a must. To achieve it, start with establishing comprehensible guidelines around the use of personal devices, third-party applications, and cloud services. For starters, you can divide your software into categories to help employees better understand the risks of using shadow IT and offer them alternatives. Here are examples of categories in which you can place shadow IT resources:

  • Sanctioned. Tools that are approved by an organization’s IT department and recommended for use within the corporate network
  • Authorized. Additional software whose use is allowed
  • Prohibited. Potentially dangerous solutions that may have vulnerabilities or store data insecurely.
  1. Educate your employees on shadow IT

One of the most effective ways to mitigate shadow IT risks is to educate your employees about the true dangers of using unapproved software. People often don’t fully understand the possible consequences of their actions and don’t realize the risks.

By explaining the true reasons behind shadow IT prohibitions, you can significantly lower the number of unsanctioned software installations. Also, it will help you encourage workers to be more transparent about the difficulties they have with approved solutions and the true reasons for secretly deploying alternatives.

  1. Give your employees the tools they need

Remember why people usually turn to shadow IT in the first place? In most cases, it’s because the standard corporate tools aren’t effective and convenient enough.

A good practice is to create a space for open communication between workers and the IT department. When you learn what your employees really need, you can find efficient software and eliminate the risks of employees using unapproved software in secret.

In case a solution your employees want to use isn’t secure enough or may lead to non-compliance with requirements, it’s essential to clearly explain the potential risks. And if possible, offer alternatives that provide the required data security.

Continue Reading