Github is an amazing place to organize and publish programming code (plus a lot more things like lists of resources or a community-written howto.) Exploit developers are actively creating cutting-edge attack tools here.
The Googledork contains either:
- This query uses a qualifier for content on pastebin.com, the common path for readme.md (a formatted description of the software project), the words “tool,” “script,” or “exploit,” and a list of attack types you are interested in.
- Qualify content on gist.pastebin.com by identifying any of the words “tool,” “script,” or “exploit,” and list the attack types you are interested in.
You can add in any other kinds of attacks that are relevant to you, just add them with a “|” to the existing list. Or replace the list entirely. =)
The Googledorks are…
site:github.com inurl:/blob/master/readme.md (tool|script|exploit) (“cross site scripting”|ddos|”sql injection”|”vulnerability scanner”)
site:gist.github.com (tool|script) (“cross site scripting”|ddos|”sql injection”|”vulnerability scanner”|exploit)
For this series on Blue Team Googledorks, the introduction post has the information on how to generate your own searches and how to automate the process.
Published on May 10, 2021.
Last Updated on 4 weeks ago.