Google can be used to enumerate a large number of hosts, to find potential security flaws. The primary danger by using this method is that a target could be cased without the criminal ever touching the target. Experiment using this search terms against your own server.
| Google Search Term |
War-Googling Search Terms |
| Find similar domains |
related:<domain|host> |
| Find links to domain |
link:<domain|host> |
| Find information about domain |
info:<domain|host> |
| Find matches in URL |
inurl:<token>
allinurl:<token> [token] ... |
| Find specific files |
filetype:<type>
type such as .htaccess, .xls, .doc |
| Basic searches |
“password hint”
“password hint –email”
“show password hint –email”
mrtg
bb4 conn |
Poor information management
(combine with a hostname or domain
suffix, such as Acme or gov) |
“internal use only”
proprietary
confidential |
| filetype:htaccess old |
“config password” |
| Enumerate OWA users |
inurl:exchange inurl:finduser inurl:root |
| Passwords |
“index of” passwd.txt
“index of” etc passwd |
| Include files |
include db.inc
include config.inc |
| XML resources |
“index of” wsdl |
| More info |
http://www.unixlibre.org/listas/bugtraq/0075.html |
