Shodan/Censys/Google Dorks
Ethical Hackers should learn how to use Google Dorks (also known as Google Hacking or Google Dorking). These are queries that take advantage of advanced Google operators and search parameters to refine the search results and locate/find sensitive or hidden information that might not easily be accessible through normal search queries.
Below you can find a Google Dork cheat sheet to use for reference. Make sure to look over this document and also watch the provided videos below.
Log files contain sensitive information that can be found on websites. These files, such as error logs and access logs, are sometimes located in the public area of a website. Attackers can use this information to determine the version of PHP you are using and the important system path of your content management system (CMS) or frameworks.
We can look for open FTP servers that are exposed to the Internet. These can provide information that we can download and view to gain more information.
.env files are the ones used by popular web development frameworks to declare general variables and configurations for local and online dev environments.
This shows to to search for a specific filetype. Keep this in mind and you can search for any filetype you wish!
The entire contents of a database that we can download and view? Recall, a database will contain user information.
Look for PHPMyAdmin database managenment sites. These should not be exposed to the Internet and could provide a means to gaining access to the entire database.
You never know what might be exposed that should not be. We can look for documents that are restricted for a specific TLD.
Brief demo showing how you can find systems on Hawaii.edu.
When I clicked and visited the site I went from passive to active as I engaged with the Hawaii.edu site. Keep that in mind.
Brief demo showing how you can find systems and learn about htem using Hawaii.edu.
Don't forget you should also look to see if the company is posting source code on any source code repos like GitHub! Even though GitHub is the most popular there are infrastructure as code tools like CloudFormation, Ansible, Puppet, Chef and SaltStack that could generate interesting code for you to review. And you never know what a repo might include.