Detecting Information Leakage Via Advanced Google Searching
Google’s search engine offers many different searching features including web, image, newsgroups, catalog and more. These features offer obvious benefits to even the most uninitiated web surfer, but these same features allow for malicious possibilities to other types of Internet users including hackers, computer criminals and identity thieves. It is important that web administrators and the campus IT security community gain awareness of the avenues of information leakage that can be available via this public search engine. Administrators should aim to have a firm grasp of these basic techniques in order to fully comprehend the more advanced uses possible and take effective advantage of them.
Here are some examples of typical searches that can be performed on a DNS domain:
Detecting website Contamination via URL Referrer or XSS
viagra *:domain-name.com
allinurl:viagra *:domain-name.com
viagra *:domain-name.com
allinurl:viagra site:domain-name.com
inurl:php intitle:viagra site:domain-name.com
inurl:php viagra|cialis|pills|levitra site:domain-name.com (will return indexed words that might be associated to malicious activity or website compromise)
Insecure FTP Configuration
intext:index of/ WS_FTP.ini site:domain-name.com
intext:index of/ filetype.ini site:domain-name.com
Administrative Files openly accesible on site
intitle:index.of inurl:admin site:domain-name.com
Search for documents of specific types on websites or domains
filetype:pdf pci steering site:domain-name.com
filetype:pdf policy mcmaster site:domain-name.com
PCI inanchor:uts site:domain-name.com or PCI inanchor:uts site:domain-name.com/uts
filetype:txt site:www.domain-name.com (it is possible to drill down to folders)
filetype:pdf site:www.domain-name.com
filetype:pdf server* site:www.domain-name.com/path/ (PDF files with approximate Names on specific website/url)
List Apache servers with directory listing enabled
intitle:index.of Apache/ * Server at site:domain-name.com
intitle:Apache site:domain-name.com
intext:index of Parent Directory site:domain-name.com (open directory index sites)
Dangerous file types floating on sites/domains
filetype:sql site:domain-name.com (will return SQL scripts or sample scripts files that should not be present on production sites)
filetype:mp3 site:domain-name.com (copyrighted files floating on the domain)
filetype:bat site:domain-name.com (windows executable batch files)
filetype:jar site:domain-name.com (Java executable files)
filetype:ini site:domain-name.com (initialization files)
Dangerous strings leading to potential confidentiality issues
inurl:~password* site:domain-name.com (might return unencrypted password locations)
inurl:userlist site:domain-name.com (reveals lists of users on site)
mcauth site:domain-name.com
allinurl:login http site:domain-name.com (login with no SSL on URL)
filetype:txt site:www.domain-name.com (will return text files that could contain unintended private/insecure information)
Search operators that work with the Google search engine
allinanchor:, allintext:, allintitle:, allinurl:, cache:, define:, filetype:, id:, inanchor:, info:, intext:, intitle:, inurl:, link:, related:, site: