Building on the concepts from our Account Checker Tutorial, a logical next step is to broaden our search to uncover other software tools and the communities that develop and use them. You’ll find numerous websites offering tools, ranging from direct downloads to Software-as-a-Service (SaaS) models for basic functionalities. Mastering the ability to locate these sites has been a significant breakthrough for my incident response efforts over the years, providing crucial intelligence on attacker methods.
However, this comes with a significant caveat: these websites are operated by criminals. It is imperative that you exercise extreme caution, as there is a high risk of encountering malware, such as drive-by installations. Please practice extreme safe browsing techniques, like using a virtual machine or a sandboxed environment, to protect your system.
The Googledork we’ll use combines the two most common terms for these tools with “UG,” which is short for “Underground”—a term carders often use to describe themselves and their communities. We’ll also include two variations of the word “tools” to ensure our search captures both downloadable software and the SaaS versions they offer.
The Googledorks are…
(“account checker|”acc checker”) ug (tool|tools)
(“account checker|”acc checker”) ug (tool|tools) <company or service name>
For this series on Blue Team Googledorks, the introduction post has the information on how to generate your own searches and how to automate the process.
Published on March 29, 2021.
Last Updated on 3 months ago.