OWASP G0rKing

Origin

G0rKing was created as the Capstone Project delivery for the completion of the COHORT-3 course and certification. COHORT-3 was offered through the joint initiative of C3i Center (IIT, Kanpur) and Talentsprint in the year 2021. The course title is “Advanced Certification Program in Cyber Security and Cyber Defense”

Capabilities

The objective of G0rKing is to automate the Google Dorking process and offers a way to save the end results in a text file for easy reference and reporting purposes. It can also automate the process of checking one URL against multiple dorks and can hence provide a quick health check.

Future Roadmap

To create a vulnerability scoring system based on the findings.

Getting Involved

You can contribute to the project on GitHub repository. If you have any questions feel free to reach out at [email protected]


What is Google Dorking ?

When investigating, you often need to gather as much information as possible about a topic. Advanced search techniques can help to uncover files or leads that are relevant to the questions you are trying to answer. For example you may be able to find a company’s tax returns or a local government’s expenditure reports, information that may not appear on their websites or show up when you do a regular web search.

Google dorking (also known as Google hacking) is a technique used by newsrooms, investigative reporting organisations, security auditors and tech savvy criminals to query search engines in order to find hidden information that might be available on public websites or to identify evidence of digital security vulnerabilities. This technique can be used on most search engines, not just Google’s, so we typically refer to it simply as “dorking.”

Dorking involves using search engines to their full potential to unearth results that are not visible with a regular search. It allows you to refine your searches and dive deeper, and with greater precision, into webpages and documents that are available online. Uncovering hidden files and security flaws by dorking does not require a great deal of technical knowledge. It really boils down to learning just a few search techniques and using them across a number of search engines.

All you need to carry out a Google dork is a computer, an internet connection and a basic understanding of the appropriate search context.

The concept of “Google hacking” dates back to 2002, when Johnny Long began to collect Google search queries that uncovered vulnerable systems and/or sensitive information disclosures – labeling them googleDorks.

The list of Google Dorks grew into a large dictionary of queries, which were eventually organized into the original Google Hacking Database (GHDB) in 2004.

Since its heyday, the concepts explored in Google hacking (sometimes referred to as Google Dorking) have been extended to other search engines, such as Bing and Shodan. Automated attack tools use custom search dictionaries to find vulnerable systems and sensitive information disclosures in public systems that have been indexed by search engines.

Reference Source - Wikipedia
Reference Source - Exposing The Invisible