Saturday, August 11, 2012

Google Hacking Diggity Project

I was in DEFCON 20 a couple of weeks ago and was introduced to a few cool applications and I thought I should share them so I'll be posting making some posts introducing them the following weeks.


Today I want to introduce the Google Hacking Diggity Project, http://www.stachliu.com/resources/tools/google-hacking-diggity-project/.
Probably everyone reading this post  already knows about Google hacking (if not, start with http://en.wikipedia.org/wiki/Google_hacking, fast) but it is so much nicer to have one tool that will build all your queries for you.
Now despite the name, they do more than google.

 
Francis Brown and Rob Ragan have developed a search engine hacking tool arsenal that leverages Google, Bing and Shodan to quickly identify vulnerable systems or sensitive data leaks from corporate networks.

To start all you need to do is go to the link mentioned above and download search diggity from the attack tools menu.
 

some cool features include PortScan

NotInMyBackyard is becoming one of my favorites, allowing to search for passwords or sensitive information intentionally or recklessly posted on the net. The tool comes with pre-built queries that make it really easy to find information on pastebin, youtube, twitter, dropbox, googledocs and more.

Just try :
  1. type 'password' in the Query appender
  2. select site:s3.amazoneaws.com from the locations list (inside cloud storage).
  3. from the extensions section choose XLS and XLSX
  4. look at all the documents you can find.


Try different settings for better results.













7 comments:

  1. Cheers, good information, is there any more tutorials specifically on the SearchDiggity tool?

    ReplyDelete
    Replies
    1. Hi, Great.. Tutorial is just awesome..It is really helpful for a newbie like me.. I am a regular follower of your blog. Really very informative post you shared here. Kindly keep blogging. If anyone wants to become a Front end developer learn from Javascript Training in Chennai . or learn thru Javascript Training in Chennai. Nowadays JavaScript has tons of job opportunities on various vertical industry. JavaScript Training in Chennai

      Delete
  2. The abundance of cheats for some of the most popular games is proof that machines and computers are still often a poor match for the curiosity and cunning ability of the human mind jailbreak roblox cheat

    ReplyDelete
  3. The method that our script uses is actually very complex and only experienced programmers and hackers can understand it. It basically grabs the URL of the victim and take the username Blue Portal

    ReplyDelete
  4. This blog has left its gathering of spectators completely enchanted.
    paypal money hack

    ReplyDelete
  5. It aims to secure the loopholes and breaches in the cyber-security system of a company. Legal hacking experts are usually Certified Ethical Hackers who are hired to prevent any potential threat to the computer security system or network.Wireless Hacking

    ReplyDelete
  6. First off, hacks and viruses have become so common in the internet world that they are no longer looked at as "threats" by the general public and are seen as mere annoyances. hack FB

    ReplyDelete