Jump to content

Google hacking

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by RussiaSoldierHitGermanySoldier (talk | contribs) at 11:46, 7 June 2024 (Basics). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
Not to be confused with Google Hacks.

Google hacking, also named Google dorking,[1][2] is a hacker technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites are using.


The term "Japanese domestic market" ("JDM") refers to Japan's home market for vehicles and vehicle parts.[1] Japanese owners contend with a strict motor vehicle inspection and grey markets.

The average age of JDM cars is 8.7 years, ranking 9th in a survey of 30 of the top 50 countries by gross domestic product.[2] According to the Fédération Internationale de l'Automobile, a car in Japan travels a yearly average of over only 9,300 kilometres (5,800 mi), less than half the U.S. average of 19,200 kilometres (11,900 mi).[3]

Japanese domestic market vehicles may differ greatly from the cars that Japanese manufacturers build for export and vehicles derived from the same platforms built in other countries. The Japanese car owner looks more toward innovation than long-term ownership which forces Japanese carmakers to refine new technologies and designs first in domestic vehicles. For instance, the 2003 Honda Inspire featured the first application of Honda's Variable Cylinder Management. However, the 2003 Honda Accord V6, which was the same basic vehicle, primarily intended for the North American market, did not feature VCM, which had a poor reputation after Cadillac's attempt in the 1980s with the V8-6-4 engine. VCM was successfully introduced to the Accord V6 in its redesign for 2008.

In 1988, JDM cars were limited by voluntary self-restraints among manufacturers to 280 PS (276 hp; 206 kW) and a top speed of 180 km/h (112 mph), limits imposed by the Japan Automobile Manufacturers Association (JAMA) for safety. The horsepower limit was lifted in 2004 [citation needed] but the speed limit of 180 km/h (112 mph) remains.

History

See also: Johnny Long § Google hacking

The concept of "Google hacking" dates back to August 2002, when Chris Sullo included the "nikto_google.plugin" in the 1.20 release of the Nikto vulnerability scanner.[3] In December 2002 Johnny Long began to collect Google search queries that uncovered vulnerable systems and/or sensitive information disclosures – labeling them googleDorks.[4]

The list of Google Dorks grew into a large dictionary of queries, which were eventually organized into the original Google Hacking Database (GHDB) in 2004.[5][6]

Concepts explored in Google hacking have been extended to other search engines, such as Bing[7] and Shodan.[8] Automated attack tools[9] use custom search dictionaries to find vulnerable systems and sensitive information disclosures in public systems that have been indexed by search engines.[10]

Google Dorking has been involved in some notorious cybercrime cases, such as the Bowman Avenue Dam hack[11] and the CIA breach where around 70% of its worldwide networks were compromised.[12] Star Kashman, a legal scholar, has been one of the first to study the legality of this technique.[13] Kashman argues that while Google Dorking is technically legal, it has often been used to carry out cybercrime and frequently leads to violations of the Computer Fraud and Abuse Act.[14] Her research has highlighted the legal and ethical implications of this technique, emphasizing the need for greater attention and regulation to be applied to its use.

Protection

Robots.txt is a well known file for search engine optimization and protection against Google dorking. It involves the use of robots.txt to disallow everything or specific endpoints (hackers can still search robots.txt for endpoints) which prevents Google bots from crawling sensitive endpoints such as admin panels.

References

  1. ^ "Term Of The Day: Google Dorking - Business Insider". Business Insider. Archived from the original on June 19, 2020. Retrieved January 17, 2016.
  2. ^ Google dork query Archived January 16, 2020, at the Wayback Machine, techtarget.com
  3. ^ "nikto-versions/nikto-1.20.tar.bz2 at master · sullo/nikto-versions". GitHub. Archived from the original on August 30, 2023. Retrieved August 30, 2023.
  4. ^ "googleDorks created by Johnny Long". Johnny Long. Archived from the original on December 8, 2002. Retrieved December 8, 2002.
  5. ^ "Google Hacking Database (GHDB) in 2004". Johnny Long. Archived from the original on July 7, 2007. Retrieved October 5, 2004.
  6. ^ Google Hacking for Penetration Testers, Volume 1. Johnny Long. 2005. ISBN 1931836361.
  7. ^ "Bing Hacking Database (BHDB) v2". Bishop Fox. July 15, 2013. Archived from the original on June 8, 2019. Retrieved August 27, 2014.
  8. ^ "Shodan Hacking Database (SHDB) - Part of SearchDiggity tool suite". Bishop Fox. Archived from the original on June 8, 2019. Retrieved June 21, 2013.
  9. ^ "SearchDiggity - Search Engine Attack Tool Suite". Bishop Fox. July 15, 2013. Archived from the original on June 8, 2019. Retrieved August 27, 2014.
  10. ^ "Google Hacking History". Bishop Fox. July 15, 2013. Archived from the original on June 3, 2019. Retrieved August 27, 2014.
  11. ^ "Seven Iranians Working for Islamic Revolutionary Guard Corps-Affiliated Entities Charged for Conducting Coordinated Campaign of Cyber Attacks Against U.S. Financial Sector". UNITED STATES DEPARTMENT OF JUSTICE. Archived from the original on September 24, 2023. Retrieved March 27, 2023.
  12. ^ Gallagher, Sean. "How did Iran find Cia Spies? They googled it". Ars Technica. Archived from the original on October 18, 2023. Retrieved March 27, 2023.
  13. ^ Kashman, Star (2023). "GOOGLE DORKING OR LEGAL HACKING: FROM THE CIA COMPROMISE TO YOUR CAMERAS AT HOME, WE ARE NOT AS SAFE AS WE THINK". Wash. J. L. Tech. & Arts. 18 (2).
  14. ^ Kashman, Star (2023). "GOOGLE DORKING OR LEGAL HACKING: FROM THE CIA COMPROMISE TO YOUR CAMERAS AT HOME, WE ARE NOT AS SAFE AS WE THINK". Washington Journal of Law, Technology & Arts. 18 (2): 1. Archived from the original on October 23, 2023. Retrieved March 27, 2023.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Google_hacking&oldid=1227712937"