Abstract
Google provides penetration testers and hackers alike with a surprisingly powerful tool. It relentlessly indexes error messages, files in unprotected directories, log files and a plethora of other information useful to anyone wanting to probe the security weaknesses of a site. But specially crafted searches – the technique of Google hacking – will find all sites with known vulnerabilities, making Google a virtual directory of attackable sites. A weakness in your site will attract hackers who might otherwise never have heard of you. It's like advertising your weak points. Steve Mansfield-Devine examines the basic techniques of Google hacking – the so-called Google dorks – as well as simple countermeasures. If you're looking for weak security points in a website, forget NMAP, Nessus and all those tools of the pen-tester's trade. Your first stop should be something much more basic: Google.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call