Well I’m definitely not a Dork, so I must be Dorking.

Dorking is just a fancy word for conducting Advanced Searches with Google, Bing, DDG, etc.  These advanced searches in many cases divulge information or vulnerabilities on web applications not easily discovered when doing a standard search.  Penetration Testers will use these advanced search techniques to find more information or even data leaked online about a company.

The Security Team at Falcon Network Services, uses these Advanced Searches during the Information Gathering phase of a client’s Penetration Test.  These Advanced Searches assist in revealing some of the following information about a client:

  1. Public Email Addresses
  2. Leaked Documents
  3. Website Vulnerabilities

The Advanced Searches can also be used to perform malicious attacks or exploits on a web application.  This article doesn’t teach you on how to perform the searches, but if you will be dappling in this realm, please be cautious.  Some actions performed with the use of Advanced Searches are illegal and prosecuted in a court of law under the “Computer Fraud and Abuse Act”.

Some of the Dorking Operators:

  • intitle (Search page Title)
  • allintitle (Search page title)
  • inurl (Search URL)
  • allinurl (Search URL)
  • filetype (Specific files)
  • intext (Search text of page only)
  • allintext (Search text of page only)
  • site (Search a specific site)
  • link (Search for links to pages)
  • inanchor (Search link anchor text)
  • numrange (Locate number)
  • daterange (Search in a date range)
  • author (Group author search)
  • group (Group name search)
  • insubject (Group subject search)
  • msgid (Group msg id search)

 

OUR SECURITY SERVICES INCLUDE:

FNS1 THREATcheck

 Register for your FREE Threat Check today: https://fns1.com/threatcheck/
Advertisements