After starting a CSIRT for a CDN and web security vendor, I ran into a scenario where I needed to be able to find customers that had public security incidents that we could help them out plus we needed a way to find and track incidents for companies that weren’t customers.
To use this Googledork, I put it into a ticketing system via Scumblr. The process every morning for my team was to check the queue to see who had incidents. We ran a simple test to see if they were a customer and if they were, it turned into an incident to track them down and see how we could help. If they were not a customer, we mined the incident for information on the technique, attacker, etc if it was known.
The Googledork contains a relevancy test for website, web site, or DNS along with the common descriptions of attacks or attackers. Finally I add -“hacked to death” because I was getting some gruesome results from using “hacked” as a verb.
The Googledorks are…
(website|”web site”|DNS) (website|”web site”|DNS) (deface|”money mule”|phishing|carder|hack|hacked|hacktivist|hijack|ddos|sqli|xss|”cross-site scripting”|outage|”account takeover”|”credential stuffing”|scraping|”data breach”|”data leak”|”vulnerability”) -“hacked to death”
Or you can add a country (or semi-autonomous region in the case of HK):
(“Hong Kong”|HK) (website|”web site”|DNS) (website|”web site”|DNS) (deface|”money mule”|phishing|carder|hack|hacked|hacktivist|hijack|ddos|sqli|xss|”cross-site scripting”|outage|”account takeover”|”credential stuffing”|scraping|”data breach”|”data leak”|”vulnerability”) -“hacked to death”
Or multiple countries:
(Malaysia|Philippines|Thailand|Vietnam|Indonesia|Malaysian|Philippine|Thai|Vietnamese|Indonesian) (website|”web site”|DNS) (deface|”money mule”|phishing|carder|hack|hacked|hacktivist|hijack|ddos|sqli|xss|”cross-site scripting”|outage|”account takeover”|”credential stuffing”|scraping|”data breach”|”data leak”|”vulnerability”) -“hacked to death”
For this series on Blue Team Googledorks, the introduction post has the information on how to generate your own searches and how to automate the process.
Published on April 5, 2021.
Last Updated on 1 month ago.