Skip to main content

What is Google Hacking?

Google hacking is the term used when a hacker tries to find exploitable targets and sensitive data by using search engines. The Google Hacking Database (GHDB) is a database of queries that identify sensitive data. Although Google blocks some of the better known Google hacking queries, nothing stops a hacker from crawling your site and launching the Google Hacking Database queries directly onto the crawled content.

More information about Google hacking can be found on: http://www.informit.com/articles/article.aspx?p=170880.


What a Hacker can do if your Website is Vulnerable

Information that the Google Hacking Database identifies:
  • Advisories and server vulnerabilities
  • Error messages that contain too much information
  • Files containing passwords
  • Sensitive directories
  • Pages containing logon portals
  • Pages containing network or vulnerability data such as firewall logs.



In 2014 the total number of websites on the internet reached 1 billion. Today it’s hovering somewhere in the neighborhood of 944 million due to websites going inactive, and it is expected to normalize again at 1 billion sometime in 2015. Let’s take a minute to absorb that number for a moment – 1 billion.
Another surprising statistic is that Google, one of the most popular search engines in the world, quarantines approximately 10,000 websites a day via its Safe Browsing technology. From our own research, out of the millions of websites that push through our scanning technology, roughly 2 – 5% of the them have some Indicator of Compromise (IoC) that signifies a website attack. Granted, this might be a bit high, as the websites being scanned are often suspected of having an issue, so to be conservative we would extrapolate that to suggest about 1% of the total websites online are hacked or infected. To put that into perspective, we are talking somewhere in the neighborhood of 9 million websites that are currently hacked or infected.



How to Check for Google Hacking Vulnerabilities


The easiest way to check whether your web site & applications have Google hacking vulnerabilities, is to use a Web Vulnerability Scanner. A Web Vulnerability Scanner scans your entire website and automatically checks for pages that are identified by Google hacking queries. (Note: Your web vulnerability scanner must be able to launch Google hacking queries).
Labels:

Comments

Post a Comment

Popular posts from this blog

How to Identify the Gender of your Twitter Followers??

Do you ever wonder what is the demographics of people who follow you on Twitter. How many of your Twitter friends are men? Or women? Or random colored eggs, people who are either too lazy to change their default avatar or maybe they are  Twitter bots . The  Graph Search of Facebook  can provide deep insights into the demographics of people who are connected with you on the social network. For instance, you can write a natural language query like “ My friends who are older than 30 ” or “ My female friends who live in Delhi ” and the answer will be available instantly. Such granular data is however not available for Twitter users. Who Follows You? Males, Females or Eggs How do you programmatically determine the gender of a person on Twitter? The  Twitter API  doesn’t provide the gender information but there’s a workaround. You can take the profile picture of a Twitter user, feed it into Siftr’s  Vision API  and it will detect the gender of the most prominent face in the photogr
Post a Comment
Read more

5 real-world events which ‘prove’ that time travel actually exists

In Back to the Future, you need an expensive car, and a conveniently placed lightning bolt – but what if time travel was easier than that? What if time travellers were ALL AROUND US? The ‘time travelling hipster’ (above) is one of the creepier pieces of evidence touted as proof that time travel exists – but we’ve picked out some of the best below, including several people from black-and-white films who appear to be using mobile phones. Nigel Watson, paranormal expert and author of the UFO Investigations Manual, ‘Would time travelers from the future really be using mobile phones? Wouldn’t they use something more sophisticated and less visible? Then again Dr Who still uses a sonic screwdriver and that is so 20th Century…’ Entry by  Cervus Entry by  Chan Teik Onn Entry by  GordonHaid Entry by  gicusudoru
Post a Comment
Read more

How to Make Phone Numbers Callable in Google Sheets?

How to Insert Clickable Phone Numbers in Web Pages We use the simple tel protocol to convert a plain text phone number on a web page into a clickable telephone link For instance, if you click  this link  on a mobile phone, it will open the phone dialer prefilled with the specified number. There’s no need to copy-paste numbers. How to Type Phone Numbers in a Google Sheet It is a bit tricky to type phone numbers inside Google Spreadsheets. Here’s why: Phone numbers are mostly made of digits preceded by the plus (+) symbol. The problem is as soon as add the plus sign in the spreadsheet cell, it assumes that you entering a math formula and tries to calculate the value. There are two simple workarounds to this problem. You can enclose the phone number inside double quotes (“) and precede it with an equal to (=) sign. An even easier alternative is to use the single quote (‘) before the phone number. Google Sheets will then interpret the cell’s value as text and
Post a Comment
Read more