Drop #247 (2023-04-25): Come With Me To The Dork Side (But Bring Your Own 🍪)
You Are (Going To Be?) Such a Dork; oxdork; DorkGenius / DorkSearch;
“Dorking”, also known as “Google Dorking”, “Google Hacking” — or, more technically/boringly, as “advanced and focused search engine query operator use” — is a technique that utilizes search engines, like Google, to obtain information that may not be readily available through simple search queries. This technique involves using advanced search operators to filter and refine search results, making it easier for users to locate specific information that might be hidden or not easily accessible.
Dorks are beloved by my core profession, since they, ultimately (s l o w l y), help breakers, builders, and defenders make the internet and organization networks a bit safer to work in.
Today, we'll cover what this “dorking” entails, showcase one cool CLI tool by one cool human that's can assist in said activity, then close with, sigh, how our AI overlords have managed to corrupt even this pseudo-sacrosanct space.
You Are (Going To Be?) Such a Dork
The term “dorking” originated from the word “dork,” which refers to a socially awkward or clueless — but also lovable and endearing — human. In our search/cyber context, “dorking” means using unconventional methods to achieve a goal. The technique was (AFAICanRemember) first documented by Johnny Long, a cybersecurity aficionado, who compiled what is also thought to be one of the first lists of search queries called “Google Dorks” to help users locate hidden or sensitive information online.
Dorking works by exploiting search engine indexing and making use of the advanced search operators that search engines like Googleprovide. These operators allow users to filter search results based on specific criteria such as file types, website domains, or keywords within the URL. By combining different operators, users can create powerful search queries to uncover sensitive information or data that may be unintentionally exposed.
Ahrefs is a popular and comprehensive SEO (Search Engine Optimization) toolset and analytics platform used by digital marketers, content creators, and website owners. It provides a suite of tools that help users with various aspects of SEO, including keyword research, competitor analysis, backlink analysis, content research, and rank tracking. I mention this background, since it would make sense that they know alot about how Google and other search engines work; and, they do! So, it further makes sense that they have a great 'splainer on all these fancy search operators you likely never use (but should).
One (short) example will both show how these advanced operators are useful and let you show your mates what a l33t cyber h@x0r you.
At work, we recently published a tag to our globally distributed, multi-thousand node internet sensor fleet that will detect exploitation attempts against a really daftly named — I'm sure they thought they were being clever — print manager software.
My money is on us not seeing too many exploitation attempts (at least initially). Why? Well, you don't have to do a mass internet scan to find them when Google will help you target them individually. Mass scanning is noisy (hence, our company name), so if you can avoid hitting one of our tripwires, you can go unseenby all but your victims.
Now, here's your chance to make a killing in the bug bounty business! Head on over to Google and enter:
It's likely all 1-3K PaperCut instances (depending on when you come across this edition) are or were vulnerable the day this Drop came out. Bug bounty hunters — ostensibly on the side of “good” — use these dorks to find bugs (hence “bug” and “hunter”) and warn organizations about potential harm coming their way (since most orgs do not pay attention to cyber things). They also hope to be rewarded handsomely for their nigh superhuman ability to type “
intitle:…” into a search box, hence the term “bounty”.
You, too!, can use these advanced search operators to:
identify vulnerabilities and misconfigurations in your own systems, allowing you to address these issues before they can be exploited or letting Han shoot first
monitor and protect your online presence by understanding how your information can be discovered, indexed, and displayed in search results
conduct competitive research by gathering insights about competitors or industry trends that may not be easily accessible through regular search queries
Given the prolific use of these dorks, you'll see — in the next two sections — that you have some tools at your disposal to make the most of them.
Rather than blather, I'm going to ask you to check out this bird site thread from back in November of last year. It does as 👍🏽 a job as I would have of: (a) showing how talented Richard Mwewa is; (b) how none of us should be as fussy as we are about our computing and creative environments; and, (c) points you to a sweet Python CLI tool — oxdork — for dorking at the command line.
The section header shows an example use of it, though you're only really likely to get back ~100 for any given search (lest ye be banned by the Alphabet).
There are nigh countless more tools like this, which I’ll show you how to find at the close.
DorkGenius / DorkSearch
DorkGenius is “the ultimate tool for generating custom search queries for Google, Bing, and DuckDuckGo. - [Their] cutting-edge app uses the power of AI to help you create advanced search queries that can find exactly what you're looking for on the web. Whether you're a digital marketer, a researcher, or just someone who wants to uncover hidden gems on the internet, DorkGenius can help you search smarter, not harder.”
It’s a freemium service that’s dead simple to use, hence the inclusion here, but — as you can hopefully see from the section header — it helps craft even more fine-tuned dorks based on information about exploits, applications, services, and more.
Like ChatGPT, it kind of produces terrible results half (or more) of the time (as it did in this case — just try those results). So, the bug bounty hunters still have to risk acquiring carpal tunnel syndrome for their hard work and rewards. The more effort you put into the initial dork prompt (which is, effectively, what that is), the better the results will be.
DorkSearch is similar, but is free vs freemium, and has an excellent 'splainer on how you can incorporate ChatGPT into any dorking process. Their article covers:
real-world use cases of ChatGPT’s assistance in Google Dorking for OSINT (open-source intelligence)
how to use ChatGTP for Dorking
where can AI help OSINT
top 10 most potent Dorks, according to ChatGTP
ethical and legal considerations
and is also just a good primer on dorking.
You can start finding more dork helpers at this GH tag and this GH query (you'll need to go down the various tag/search rabbit holes on your own to learn more.) May the dorks be with you! ☮
I'm deliberately focusing on one search engine to keep this edition short. I'm also not including what you can do with paid search engines, since not everyone can afford to use them.
well, until you see what we release later this year!
Obvious snark aside, there are some good uses of bug bounty programs and some decent bug bounty hunters.
best. punk. band. name. ever.