Exploring Vulnerability Vectors: An Approach to Manual Google Dorking
Introduction
Google Dorking, or Bing Dorking, represents a technique leveraging search engines to uncover sensitive files and intriguing endpoints like login panels. These endpoints often get indexed through various channels, such as User-Generated content.
Background
Participating in Bug Bounty and Vulnerability Disclosure Programs underscores the importance of uncovering vulnerabilities that Pentesters may have missed due to time constraints. Google Dorking, a component of the passive Reconnaissance Phase, enables the identification of potential vulnerabilities without direct interaction with the target. Success with dorking, however, depends on the target, particularly when only a few pages are indexed.
Discovery of Vulnerabilities
The nature of these vulnerabilities can range from an organization being obligated to publish financial documents to a misconfiguration, which becomes a potential vulnerability vector when disclosing sensitive information. Determining the relevance of a vulnerability to the organization’s Threat Model involves defining the impact, explaining what adversaries can achieve.
Manual Google Dorking Process
1. Specify the target domain using site:example.com or the organization name with an optional © symbol, “© OrganizationName“
2. Check for various file formats using ext: and the or operator|
site:example.com ext:log | ext:txt | ext:pdf | ext:docx | ext:docm | ext:dot | ext:dotx | ext:odt | ext:rtf | ext:xls | ext:xlsx3. Narrow the search for special terms in the files like “confidential” “internal”
site:example.com "confidential" ext:log | ext:txt | ext:pdf | ext:docx | ext:docm | ext:dot | ext:dotx | ext:odt | ext:rtf | ext:xls | ext:xlsx4. If no sensitive files are found, search for other interesting endpoints using inurl: and intitle:
site:example.com inurl:login | intitle:login | intitle:dashboard | inurl:dashboard5. Finally, it’s worth checking Bing for interesting endpoints, especially if the target is running Windows IIS.
site:example.com "login"Risk Assessment
Potential risks of vulnerabilities, such as information disclosure of Personally Identifiable Information (PII) through files, can lead to significant fines by authorities, reputational damage, and more, depending on the scale and sensitivity.
Mitigation
Mitigating vulnerabilities identified through Google Dorking requires organizations to implement Attack Surface Management, in addition to Pentesting, VDPs/BBPs, and advising employees not to publish sensitive links on social media.
Lessons Learned
- Include Google and Bing Dorking among the initial steps in your methodology
- Adjust your Dorking keywords depending on the target
- Check Bing Dorking for any target with Windows IIS technology (Good Tip by Orwa Atyat)
Conclusion
While the vulnerability vectors I discovered weren’t groundbreaking, they provided me with valuable insights and leads on vulnerabilities.
