Thats quite a list already Runs like a charm
google dorks, Yahoo Dorks, Any Dorks!
-
computathug
- Administrator
- Posts: 2693
- Joined: 29 Mar 2007, 16:00
- 17
- Location: UK
- Contact:
goolag
Goolag
February 27th, 2008 by Flack
The Cult of the Dead Cow has officially released GoolagScan — but what exactly does it do?
Google is a very powerful search engine. Google indexes billions of websites, and lots and lots of little bits of information about each of those websites — lots of information, in fact, that website owners may not even realize is being archived. Through crafty and sometimes complex Google searches, that information can be retrieved.
Everybody who’s used Google for any length of time has learned its nuances and advanced search options. For example, by using quotation marks you can group words together (+”Michael Jackson”) and by using plus and minus symbols, you can include or exclude words in your results (+mp3 -avi). The real power comes in linking these things together: (+”Michael Jackson” +thriller +mp3 -avi). Unfortunately due to the thousands of sites that sell mp3s, this isn’t a very effective search. You’re pretty unlikely to find Michael Jackson’s Thriller this way without a lot of manual searching. That’s where advanced searches come in to play. Google for “parent directory” +mp3 +thriller -html -htm -download -links and all of a sudden you’ll find indexes of open shares that contain both the words “mp3″ and “thriller”. This method’s not foolproof either. If you run that query on Google you’ll notice that the first two hits are fake webpages set up to look like indexes of files. Boo, hiss. The third hit, however, is a real index of an mp3 share hosted on a webserver. And, if you’re needing your daily zombie/Vincent Price/Michael Jackson fix, here’s Thriller.
Obviously, sitting around and Googling for mp3s is kind of silly in today’s world of P2P, FTP and Usenet. But what else could we use Google for? I’m glad you asked! What if we want to search for Microsoft Excel spreadsheets that contain the word “salary” or Word documents that contain the words “dmz” and “password”? Woo hoo, now we’re having fun, right?
Johnny, of johnny.ihackstuff.com took Google Hacking to new heights by compiling an online database of Google Hacks. Want to know how to search for files, or passwords, or login portals, or vulnerabilites? Johnny has a collection of these search tidbits, called “dorks”, that can be viewed. Once the idea of storing/shaing dorks grabbed a foothold, the Google Hacking scene took off. Everybody was doing it; even I wrote my own app, Scroogle, which was a small GUI that allowed users to use built-in dorks or add their own (stored in text files). The software is actually quite functional, although it was never officially released.
So anyway, full circle — what is Goolag? Goolag is a web auditing tool that takes Johnny iHackStuff’s Google Hacking to new heights by automating Google searches and providing a collection of security-related “dorks”. Want to scan your domain for vulnerabilities, files containing usernames and/or sensitive directories? Now you can! Want to scan someone else’s domain for those same things? That’s naughty and you shouldn’t think of things like that.
---- The cult of the dead cow was like my first hacker group to be a part of like back in the 1990's. cDc and ninja strike force are pretty decent folks.
DNR
February 27th, 2008 by Flack
The Cult of the Dead Cow has officially released GoolagScan — but what exactly does it do?
Google is a very powerful search engine. Google indexes billions of websites, and lots and lots of little bits of information about each of those websites — lots of information, in fact, that website owners may not even realize is being archived. Through crafty and sometimes complex Google searches, that information can be retrieved.
Everybody who’s used Google for any length of time has learned its nuances and advanced search options. For example, by using quotation marks you can group words together (+”Michael Jackson”) and by using plus and minus symbols, you can include or exclude words in your results (+mp3 -avi). The real power comes in linking these things together: (+”Michael Jackson” +thriller +mp3 -avi). Unfortunately due to the thousands of sites that sell mp3s, this isn’t a very effective search. You’re pretty unlikely to find Michael Jackson’s Thriller this way without a lot of manual searching. That’s where advanced searches come in to play. Google for “parent directory” +mp3 +thriller -html -htm -download -links and all of a sudden you’ll find indexes of open shares that contain both the words “mp3″ and “thriller”. This method’s not foolproof either. If you run that query on Google you’ll notice that the first two hits are fake webpages set up to look like indexes of files. Boo, hiss. The third hit, however, is a real index of an mp3 share hosted on a webserver. And, if you’re needing your daily zombie/Vincent Price/Michael Jackson fix, here’s Thriller.
Obviously, sitting around and Googling for mp3s is kind of silly in today’s world of P2P, FTP and Usenet. But what else could we use Google for? I’m glad you asked! What if we want to search for Microsoft Excel spreadsheets that contain the word “salary” or Word documents that contain the words “dmz” and “password”? Woo hoo, now we’re having fun, right?
Johnny, of johnny.ihackstuff.com took Google Hacking to new heights by compiling an online database of Google Hacks. Want to know how to search for files, or passwords, or login portals, or vulnerabilites? Johnny has a collection of these search tidbits, called “dorks”, that can be viewed. Once the idea of storing/shaing dorks grabbed a foothold, the Google Hacking scene took off. Everybody was doing it; even I wrote my own app, Scroogle, which was a small GUI that allowed users to use built-in dorks or add their own (stored in text files). The software is actually quite functional, although it was never officially released.
So anyway, full circle — what is Goolag? Goolag is a web auditing tool that takes Johnny iHackStuff’s Google Hacking to new heights by automating Google searches and providing a collection of security-related “dorks”. Want to scan your domain for vulnerabilities, files containing usernames and/or sensitive directories? Now you can! Want to scan someone else’s domain for those same things? That’s naughty and you shouldn’t think of things like that.
---- The cult of the dead cow was like my first hacker group to be a part of like back in the 1990's. cDc and ninja strike force are pretty decent folks.
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
-
bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
yeah, they are one of the few primary rocks of hacktivism left.---- The cult of the dead cow was like my first hacker group to be a part of like back in the 1990's. cDc and ninja strike force are pretty decent folks.
the only ones that play in the same league are the guys from CCC imo, they were already around when little b_b drove his poor daddy insane by causing an astronomic phonebill with his C64+acoustic coupler...the "internet" was about 500 computers at that time...
-
Still_Learning
- Fame ! Where are the chicks?!
- Posts: 1040
- Joined: 11 Jun 2008, 16:00
- 15
- Location: Trigger City
sounds exactly like my story, i think i started with a 1 node wildcat BBS on a 386dx? also had a c64 that was my first pc, (i remember having a cult of the dead cow text downloading / reading section to help distribute their stuff, along with 2600, razor, ice, acid, ect.., except at 10th grade high school started hanging out with gang members, doing illegal activitys, getting arrested alot, then many years later after getting my life together and not being arrested or locked up for the last 7 years , trying to re-learn all this new stuff, after much thought in what i like to do and can get paid well for (that is also legal) decided that computers are what i want to get a paycheck for the rest of my life and enjoy useing them, and here i am lolbad_brain wrote:yeah, they are one of the few primary rocks of hacktivism left.---- The cult of the dead cow was like my first hacker group to be a part of like back in the 1990's. cDc and ninja strike force are pretty decent folks.
the only ones that play in the same league are the guys from CCC imo, they were already around when little b_b drove his poor daddy insane by causing an astronomic phonebill with his C64+acoustic coupler...the "internet" was about 500 computers at that time...
i cant stand jobs where you wake up in the morning and hate going to work everyday.. i feel it is very important to enjoy your work
oops.. here i go ranting
Sweet mother of cheese, I have not seen a list like this in a while ^^;. Great lists, learned a few new ones myself.