Search Engines

Web - Google Dorking

Cheatsheet: https://gist.github.com/sundowndev/283efaddbcf896ab405488330d1bbc06

Google Dorking is pretty versatile, is a good way to do a massive searching for files, parameters, etc. to extract sensitive or hidden information about the target organization.

There are operators like "cache," "allinurl," "inurl," "allintitle," "inanchor," "allinanchor," "link," "related," "info," and "location." Each operator is explained at the cheatsheet.

Examples

intitle:login site:eccouncil.org

This search command will find login pages on the ECCouncil.org website. Attackers and penetration testers can use this to identify potential targets for login page-based attacks.

EC-Council filetype:pdf ceh

This search command will retrieve PDF files related to EC-Council that contain the keyword "ceh." These files may provide valuable information about EC-Council's products and services and can potentially be exploited by attackers.

allinurl: EC-Council career

This search command restricts results to pages containing both the words "EC-Council" and "career" in the URL. It helps narrow down the search to pages specifically related to EC-Council careers.

allintitle: detect malware

This search command restricts results to pages containing both the words "detect" and "malware" in the title. It helps find pages specifically focused on detecting malware.

FTP Search - Napalm

Napalm is a File Transfer Protocol (FTP) search engines to gather information from FTP servers. which can contain valuable information about an organization. Various industries, institutions, companies, and universities use FTP servers to store large file archives and shared software among their employees.

NAPALM FTP Indexer

Example:

There are some alternatives like https://www.freewareweb.com

IoT Search - Shodan

These search engines are designed to crawl the Internet and identify publicly accessible IoT devices. By using these platforms, we can extract crucial details about various IoT devices, including vulnerable ones.

To get this kind of information, the best tool is Shodan

ShodanShodan

Take some time to review the information provided in the search results. It can include information like SCADA system control, traffic control systems, household appliances, industrial appliances, CCTV cameras, and more.

Alternative:

Censys offers a range of features, including gathering manufacturer details, geographical location, IP address, hostname, open ports, and more. Feel free to explore Censys on your own to broaden your understanding of IoT search engines.

Home - CensysCensys

PreviousModule 02 - Summary NextWeb Services

Last updated 1 year ago