TROJAN HORSE SECURITY IS TEACHING THESE CONCEPTS FOR EDUCATIONAL PURPOSES ONLY. WE DO NOT CONDONE ILLEGAL HACKING. TROJAN HORSE SECURITY CONSULTANTS ARE HIRED AS ETHICAL HACKERS AT THE REQUEST OF ORGANIZATIONS WITH PERMISSION TO HACK THEIR NETWORKS AND SYSTEMS.
Google searches are a great way to find out information about an organization, sometimes without ever 'touching' their systems. These searches may be known as Google Hacking or Google Dorking.
Try running a simple search about an organization by simply entering in their name and looking at the results. Do you see how much information is returned? Organizations need to be very careful to control what information there is about them on the Internet. More importantly, organizations need to stop data leakage; that is, sensitive information being leaked onto the Internet.
Try running the folling search:
site:<target_site.com> filetype:DOC OR filetype:DOCX filetype:XLS OR filetype:XLSX OR filetype:PPT OR filetype:PPTX OR filetype:PDF OR filetype:TXT OR filetype:RTF OR filetype:BAT OR filetype:INI OR filetype:PCF
This will find any files that match the chosen criteria. If you find a file, it may contain sensitive data that will assist you in your attack. Even if it doesn't contain sensitive data, the file properties may contain meta-data that may be useful in an attack.
This is a very simple search type but it is only 1 of thousands! There is a database of these searches called the Google Hacking Database. If we manually entered every search option into Google manually it would take us days to complete.
What we need is a way to search our target with an automated tool...