SlideShare a Scribd company logo

Google Dorks: Analysis, Creation, and new Defenses

Flavio Toffalini
Flavio Toffalini

Presentation brought to DIMVA 2016

Internet
1 of 26
Download to read offline
Google Dorks: Analysis, Creation, and new Defenses Flavio Toffalini, University of Verona, IT, flavio.toffalini@gmail.com Maurizio Abbà, LastLine, UK, mabba@lastline.com Damiano Carra, University of Verona, IT, damiano.carra@univr.it Davide Balzarotti, Eurecom, FR, davide.balzarotti@eurecom.fr
2 GOOGLE DORKS
3 MOTIVATION ● Attackers use Dorks to quickly locate targets ● After a new vulnerability is disclosed, one Google query is sufficient to identify a large amount of vulnerable installations ● No time for sysadmins to apply patches !!
4 MOTIVATION ● Attackers use Dorks to quickly locate targets ● After a new vulnerability is disclosed, one Google query is sufficient to identify a large amount of vulnerable installations ● No time for sysadmins to apply patches !! ● If we could prevent dorks, attackers would need to resort to Internet scanning … which is several orders of magnitude slower
5 GOALS ● Current practices ● Understand which information is used by existing dorks ● Design simple solutions to defeat those dorks ● Future threats ● Test if attackers could move towards new styles of dorks ● Design simple solutions to prevent it
6 GOOGLE DORKS
7 TAXONOMY ● The Exploit-DB database contains over 5143 dorks ● Automated/manual analysis URL Patterns (44%) File Extensions (6%) Content-Based (74%)
8 ● The Exploit-DB database contains over 5143 dorks ● Automated/manual analysis URL Patterns (44%) File Extensions (6%) Content-Based Banners (54%) Misconfigurations (8%) Error messages (1%) Common words (11%) TAXONOMY
10 DORKS EVOLUTION BY CATEGORY URL Patterns Banner Common words Misconfiguration
11 KNOWN DEFENSES URL Patterns File Extensions Content-Based Banners remove banners Misconfigurations improve system configuration Error messages proper error handling Common words
12 CONTRIBUTION URL Patterns ?? File Extensions Content-Based Banners remove banners Misconfigurations improve system configuration Error messages proper error handling Common words ??
13 ● Force search engines to index “randomized” URLs ● Let the users navigate and share using cleartext URLs http://www.web-site.com/wp-content/dimva.html http://www.web-site.com/HD12DAF35TR/dimva.html URL-DORKS
14 ● XOR (part of) URLs with random seed kept in the server a = resource a O(a) = obfuscated resource a ● Redirect 301 to inform search engine that the page is moved ● Canonical URL Tag to delete plain URLs in the results ● Intercept and replace SiteMap URL-DORKS
15 OBFUSCATION PROTOCOL - CRAWLERS Crawler URL Obfuscator Web Site a a resp. of a Redir. 301 to O(a) O(a) resp. of a + canonical tag
16 OBFUSCATION PROTOCOL - BROWSER Browser URL Obfuscator Web Site O(a) a resp. of a resp. of a b resp. of b resp. of b b
17 URL Patterns File Extensions Content-Based Banners remove banners Misconfigurations improve system configuration Error messages proper error handling Common words ??
18 WORD-BASED DORKS ● Goal ● Using words left by CMSs to create a Google Dork ● Greedy search algorithm to maximizes ● Hit-rank: percentage of web site made by a target technology ● Coverage: number of entries extracted by the Dork
19 WORD-BASED DORKS: CREATION Joomla!
20 “Category” + “Submit” + “....” Vanilla installation WORD-BASED DORKS: CREATION Categories SubmitRegister Contact Buy Recent Users List Registration Compute hit rank & coverage
22 WORD-BASED DORKS: CREATION ● Gradient Ascent algorithm ● How to add a new word? ● At each step, we add the word that provides the highest hit rank between the ones that have a coverage above the median of all candidate words (more details in the paper)
24 Common Words Ground Truth WordPress 938/1000 967/1000 Hit rank 47.1 M 83.6 M Coverage Joomla! 878/1000 887/1000 Hit rank 7.24 M 3.73 M Coverage Drupal 827/1000 997/1000 Hit rank 7.87 M 3.27 M Coverage Magento 871/1000 852/1000 Hit rank 0.39 M 0.68 M Coverage OpenCart 891/1000 998/1000 Hit rank 0.59 M 1.42 M Coverage WORD-BASED DORKS:
25 Common Words Ground Truth WordPress 938/1000 967/1000 Hit rank 47.1 M 83.6 M Coverage Joomla! 878/1000 887/1000 Hit rank 7.24 M 3.73 M Coverage Drupal 827/1000 997/1000 Hit rank 7.87 M 3.27 M Coverage Magento 871/1000 852/1000 Hit rank 0.39 M 0.68 M Coverage OpenCart 891/1000 998/1000 Hit rank 0.59 M 1.42 M Coverage WORD-BASED DORKS:
26 Common Words Ground Truth WordPress 938/1000 967/1000 Hit rank 47.1 M 83.6 M Coverage Joomla! 878/1000 887/1000 Hit rank 7.24 M 3.73 M Coverage Drupal 827/1000 997/1000 Hit rank 7.87 M 3.27 M Coverage Magento 871/1000 852/1000 Hit rank 0.39 M 0.68 M Coverage OpenCart 891/1000 998/1000 Hit rank 0.59 M 1.42 M Coverage WORD-BASED DORKS:
29 Idea: add invisible characters to break words and prevent them to be indexed. WORD-BASED DORKS: DEFENSES Powered by WordPress Power⁣ed b⁣y Wor⁣dPress
30 DORKS DEFENSES URL Patterns File Extensions Content-Based Banners remove banners Misconfigurations improve system configuration Error messages proper error handling Common words
31 CONCLUSION 1) Dork classification 2) URL Pattern Dork Defense 3) New type of Dork using common words 4) Defense against common word dorks

Recommended

Information Gathering With Google
Information Gathering With GoogleInformation Gathering With Google
Information Gathering With GoogleZero Science Lab
 
Advanced Information Gathering AKA Google Hacking
Advanced Information Gathering AKA Google HackingAdvanced Information Gathering AKA Google Hacking
Advanced Information Gathering AKA Google HackingGareth Davies
 
Information gathering
Information gatheringInformation gathering
Information gatheringMaulik Kotak
 
A fresh new look into Information Gathering - OWASP Spain
A fresh new look into Information Gathering - OWASP SpainA fresh new look into Information Gathering - OWASP Spain
A fresh new look into Information Gathering - OWASP SpainChristian Martorella
 
Open Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionOpen Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionChris Gates
 
Google Hacking by Ali Jahangiri
Google Hacking by Ali JahangiriGoogle Hacking by Ali Jahangiri
Google Hacking by Ali JahangiriDevetol
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guideSudhanshu Chauhan
 
Kiran karnad rtc2014 ghdb-final
Kiran karnad rtc2014 ghdb-finalKiran karnad rtc2014 ghdb-final
Kiran karnad rtc2014 ghdb-finalRomania Testing
 

Recommended

Information Gathering With Google
Information Gathering With GoogleInformation Gathering With Google
Information Gathering With GoogleZero Science Lab
 
Advanced Information Gathering AKA Google Hacking
Advanced Information Gathering AKA Google HackingAdvanced Information Gathering AKA Google Hacking
Advanced Information Gathering AKA Google HackingGareth Davies
 
Information gathering
Information gatheringInformation gathering
Information gatheringMaulik Kotak
 
A fresh new look into Information Gathering - OWASP Spain
A fresh new look into Information Gathering - OWASP SpainA fresh new look into Information Gathering - OWASP Spain
A fresh new look into Information Gathering - OWASP SpainChristian Martorella
 
Open Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionOpen Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionChris Gates
 
Google Hacking by Ali Jahangiri
Google Hacking by Ali JahangiriGoogle Hacking by Ali Jahangiri
Google Hacking by Ali JahangiriDevetol
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guideSudhanshu Chauhan
 
Kiran karnad rtc2014 ghdb-final
Kiran karnad rtc2014 ghdb-finalKiran karnad rtc2014 ghdb-final
Kiran karnad rtc2014 ghdb-finalRomania Testing
 
Footprinting
FootprintingFootprinting
Footprintingprashant3535
 
Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)Maximiliano Soler
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
Advanced phishing for red team assessments
Advanced phishing for red team assessmentsAdvanced phishing for red team assessments
Advanced phishing for red team assessmentsJEBARAJM
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Sudhanshu Chauhan
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINTChristian Martorella
 
OSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligenceOSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligencePhilippe Lin
 
Iy2515891593
Iy2515891593Iy2515891593
Iy2515891593IJERA Editor
 
OWASP Top 10 - Day 1 - A1 injection attacks
OWASP Top 10 - Day 1 - A1 injection attacksOWASP Top 10 - Day 1 - A1 injection attacks
OWASP Top 10 - Day 1 - A1 injection attacksMohamed Talaat
 
Information Security and Forensics
Information Security and ForensicsInformation Security and Forensics
Information Security and ForensicsTharindu Weerasinghe
 
Maltego
MaltegoMaltego
Maltegopenetration Tester
 
Starwest 2008
Starwest 2008Starwest 2008
Starwest 2008Caleb Sima
 
OSINT using Twitter & Python
OSINT using Twitter & PythonOSINT using Twitter & Python
OSINT using Twitter & Python37point2
 
Hacking A Web Site And Secure Web Server Techniques Used
Hacking A Web Site And Secure Web Server Techniques UsedHacking A Web Site And Secure Web Server Techniques Used
Hacking A Web Site And Secure Web Server Techniques UsedSiddharth Bhattacharya
 
3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmed3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmedRashid Khatmey
 
What you need to know about OSINT
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINTJerod Brennen
 
Password Cracking using dictionary attacks
Password Cracking using dictionary attacksPassword Cracking using dictionary attacks
Password Cracking using dictionary attackslord
 
Tactical Information Gathering
Tactical Information GatheringTactical Information Gathering
Tactical Information GatheringChristian Martorella
 
GNUCITIZEN Pdp Owasp Day September 2007
GNUCITIZEN Pdp Owasp Day September 2007GNUCITIZEN Pdp Owasp Day September 2007
GNUCITIZEN Pdp Owasp Day September 2007guest20ab09
 
2 . web app s canners
2 . web app s canners2 . web app s canners
2 . web app s cannersRashid Khatmey
 
Traçabilité
TraçabilitéTraçabilité
TraçabilitéPatrick Robert
 
Cehv8 - Module 06: Trojans and Backdoors
Cehv8 - Module 06: Trojans and BackdoorsCehv8 - Module 06: Trojans and Backdoors
Cehv8 - Module 06: Trojans and BackdoorsVuz Dở Hơi
 

More Related Content

What's hot

Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)Maximiliano Soler
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
Advanced phishing for red team assessments
Advanced phishing for red team assessmentsAdvanced phishing for red team assessments
Advanced phishing for red team assessmentsJEBARAJM
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Sudhanshu Chauhan
 
OSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligenceOSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligencePhilippe Lin
 
OWASP Top 10 - Day 1 - A1 injection attacks
OWASP Top 10 - Day 1 - A1 injection attacksOWASP Top 10 - Day 1 - A1 injection attacks
OWASP Top 10 - Day 1 - A1 injection attacksMohamed Talaat
 
Information Security and Forensics
Information Security and ForensicsInformation Security and Forensics
Information Security and ForensicsTharindu Weerasinghe
 
OSINT using Twitter & Python
OSINT using Twitter & PythonOSINT using Twitter & Python
OSINT using Twitter & Python37point2
 
Hacking A Web Site And Secure Web Server Techniques Used
Hacking A Web Site And Secure Web Server Techniques UsedHacking A Web Site And Secure Web Server Techniques Used
Hacking A Web Site And Secure Web Server Techniques UsedSiddharth Bhattacharya
 
3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmed3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmedRashid Khatmey
 
What you need to know about OSINT
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINTJerod Brennen
 
Password Cracking using dictionary attacks
Password Cracking using dictionary attacksPassword Cracking using dictionary attacks
Password Cracking using dictionary attackslord
 
GNUCITIZEN Pdp Owasp Day September 2007
GNUCITIZEN Pdp Owasp Day September 2007GNUCITIZEN Pdp Owasp Day September 2007
GNUCITIZEN Pdp Owasp Day September 2007guest20ab09
 

What's hot (20)

Footprinting
FootprintingFootprinting
Footprinting
 
Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
 
Advanced phishing for red team assessments
Advanced phishing for red team assessmentsAdvanced phishing for red team assessments
Advanced phishing for red team assessments
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINT
 
OSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligenceOSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source Intelligence
 
Iy2515891593
Iy2515891593Iy2515891593
Iy2515891593
 
OWASP Top 10 - Day 1 - A1 injection attacks
OWASP Top 10 - Day 1 - A1 injection attacksOWASP Top 10 - Day 1 - A1 injection attacks
OWASP Top 10 - Day 1 - A1 injection attacks
 
Information Security and Forensics
Information Security and ForensicsInformation Security and Forensics
Information Security and Forensics
 
Maltego
MaltegoMaltego
Maltego
 
Starwest 2008
Starwest 2008Starwest 2008
Starwest 2008
 
OSINT using Twitter & Python
OSINT using Twitter & PythonOSINT using Twitter & Python
OSINT using Twitter & Python
 
Hacking A Web Site And Secure Web Server Techniques Used
Hacking A Web Site And Secure Web Server Techniques UsedHacking A Web Site And Secure Web Server Techniques Used
Hacking A Web Site And Secure Web Server Techniques Used
 
3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmed3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmed
 
What you need to know about OSINT
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINT
 
Password Cracking using dictionary attacks
Password Cracking using dictionary attacksPassword Cracking using dictionary attacks
Password Cracking using dictionary attacks
 
Tactical Information Gathering
Tactical Information GatheringTactical Information Gathering
Tactical Information Gathering
 
GNUCITIZEN Pdp Owasp Day September 2007
GNUCITIZEN Pdp Owasp Day September 2007GNUCITIZEN Pdp Owasp Day September 2007
GNUCITIZEN Pdp Owasp Day September 2007
 
2 . web app s canners
2 . web app s canners2 . web app s canners
2 . web app s canners
 

Viewers also liked

Cehv8 - Module 06: Trojans and Backdoors
Cehv8 - Module 06: Trojans and BackdoorsCehv8 - Module 06: Trojans and Backdoors
Cehv8 - Module 06: Trojans and BackdoorsVuz Dở Hơi
 
cellular concept.. including trunking, cells etc
cellular concept.. including trunking, cells etccellular concept.. including trunking, cells etc
cellular concept.. including trunking, cells etcsaam123
 
Cehv8 - Module 05: System Hacking
Cehv8 - Module 05: System HackingCehv8 - Module 05: System Hacking
Cehv8 - Module 05: System HackingVuz Dở Hơi
 
Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hackingleminhvuong
 
CS 354 Ray Casting & Tracing
CS 354 Ray Casting & TracingCS 354 Ray Casting & Tracing
CS 354 Ray Casting & TracingMark Kilgard
 
Alphorm.com Formation WebDev 22 avancé
Alphorm.com Formation WebDev 22 avancéAlphorm.com Formation WebDev 22 avancé
Alphorm.com Formation WebDev 22 avancéAlphorm
 
Ubiquiti product
Ubiquiti productUbiquiti product
Ubiquiti productBudi Net
 
Nanosatellites: état de l’art, éléments de conception et simulations
Nanosatellites: état de l’art, éléments de conception et simulationsNanosatellites: état de l’art, éléments de conception et simulations
Nanosatellites: état de l’art, éléments de conception et simulationsVicheka Phor
 
Gestion technique-de-tracabilité-version finale
Gestion technique-de-tracabilité-version finaleGestion technique-de-tracabilité-version finale
Gestion technique-de-tracabilité-version finalechermiti_imen
 
Compréhension et utilisation des décibels par F1RZF
Compréhension et utilisation des décibels par F1RZFCompréhension et utilisation des décibels par F1RZF
Compréhension et utilisation des décibels par F1RZFLionel Repellin
 
Introduction aux Technologies de la Tracabilite
Introduction aux Technologies de la TracabiliteIntroduction aux Technologies de la Tracabilite
Introduction aux Technologies de la TracabilitePierre Metivier
 
LES OUTILS D’UN LOGISTICIEN
LES OUTILS D’UN LOGISTICIENLES OUTILS D’UN LOGISTICIEN
LES OUTILS D’UN LOGISTICIENENSAM Casablanca
 
The What If Technique presented by Motivate Design
The What If Technique presented by Motivate DesignThe What If Technique presented by Motivate Design
The What If Technique presented by Motivate DesignMotivate Design
 

Viewers also liked (16)

Traçabilité
TraçabilitéTraçabilité
Traçabilité
 
Cehv8 - Module 06: Trojans and Backdoors
Cehv8 - Module 06: Trojans and BackdoorsCehv8 - Module 06: Trojans and Backdoors
Cehv8 - Module 06: Trojans and Backdoors
 
cellular concept.. including trunking, cells etc
cellular concept.. including trunking, cells etccellular concept.. including trunking, cells etc
cellular concept.. including trunking, cells etc
 
Cehv8 - Module 05: System Hacking
Cehv8 - Module 05: System HackingCehv8 - Module 05: System Hacking
Cehv8 - Module 05: System Hacking
 
Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hacking
 
CS 354 Ray Casting & Tracing
CS 354 Ray Casting & TracingCS 354 Ray Casting & Tracing
CS 354 Ray Casting & Tracing
 
Mobile Radio Propagations
Mobile Radio PropagationsMobile Radio Propagations
Mobile Radio Propagations
 
Alphorm.com Formation WebDev 22 avancé
Alphorm.com Formation WebDev 22 avancéAlphorm.com Formation WebDev 22 avancé
Alphorm.com Formation WebDev 22 avancé
 
Ubiquiti product
Ubiquiti productUbiquiti product
Ubiquiti product
 
Nanosatellites: état de l’art, éléments de conception et simulations
Nanosatellites: état de l’art, éléments de conception et simulationsNanosatellites: état de l’art, éléments de conception et simulations
Nanosatellites: état de l’art, éléments de conception et simulations
 
Gestion technique-de-tracabilité-version finale
Gestion technique-de-tracabilité-version finaleGestion technique-de-tracabilité-version finale
Gestion technique-de-tracabilité-version finale
 
Compréhension et utilisation des décibels par F1RZF
Compréhension et utilisation des décibels par F1RZFCompréhension et utilisation des décibels par F1RZF
Compréhension et utilisation des décibels par F1RZF
 
Introduction aux Technologies de la Tracabilite
Introduction aux Technologies de la TracabiliteIntroduction aux Technologies de la Tracabilite
Introduction aux Technologies de la Tracabilite
 
Traçabilité
TraçabilitéTraçabilité
Traçabilité
 
LES OUTILS D’UN LOGISTICIEN
LES OUTILS D’UN LOGISTICIENLES OUTILS D’UN LOGISTICIEN
LES OUTILS D’UN LOGISTICIEN
 
The What If Technique presented by Motivate Design
The What If Technique presented by Motivate DesignThe What If Technique presented by Motivate Design
The What If Technique presented by Motivate Design
 

Similar to Google Dorks: Analysis, Creation, and new Defenses

theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdftheVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdfGabriel Mathenge
 
Accra MongoDB User Group
Accra MongoDB User GroupAccra MongoDB User Group
Accra MongoDB User GroupMongoDB
 
Production Performance Testing in the Cloud
Production Performance Testing in the CloudProduction Performance Testing in the Cloud
Production Performance Testing in the CloudTechWell
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?Graham Charters
 
@dtmsecurity Mitre ATT&CKcon - Playing Devil's Advocate to Security Initiativ...
@dtmsecurity Mitre ATT&CKcon - Playing Devil's Advocate to Security Initiativ...@dtmsecurity Mitre ATT&CKcon - Playing Devil's Advocate to Security Initiativ...
@dtmsecurity Mitre ATT&CKcon - Playing Devil's Advocate to Security Initiativ...DTM Security
 
Highway to heaven - Microservices Meetup Dublin
Highway to heaven - Microservices Meetup DublinHighway to heaven - Microservices Meetup Dublin
Highway to heaven - Microservices Meetup DublinChristian Deger
 
Technology radar-may-2013
Technology radar-may-2013Technology radar-may-2013
Technology radar-may-2013Carol Bruno
 
Tour de France Azure PaaS 5/7 Accélérer avec le DevOps
Tour de France Azure PaaS 5/7 Accélérer avec le DevOpsTour de France Azure PaaS 5/7 Accélérer avec le DevOps
Tour de France Azure PaaS 5/7 Accélérer avec le DevOpsAlex Danvy
 
Finding balance of DDD while your application grows
Finding balance of DDD while your application growsFinding balance of DDD while your application grows
Finding balance of DDD while your application growsCarolina Karklis
 
Straight Talk on Machine Learning -- What the Marketing Department Doesn’t Wa...
Straight Talk on Machine Learning -- What the Marketing Department Doesn’t Wa...Straight Talk on Machine Learning -- What the Marketing Department Doesn’t Wa...
Straight Talk on Machine Learning -- What the Marketing Department Doesn’t Wa...Sven Krasser
 
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...MITRE - ATT&CKcon
 
Why drupal should power your next web project
Why drupal should power your next web projectWhy drupal should power your next web project
Why drupal should power your next web projectSyed Hassan Raza
 
Loosely Coupled Complexity - Unleash the power of your Domain Model with Comm...
Loosely Coupled Complexity - Unleash the power of your Domain Model with Comm...Loosely Coupled Complexity - Unleash the power of your Domain Model with Comm...
Loosely Coupled Complexity - Unleash the power of your Domain Model with Comm...Alberto Brandolini
 
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】Hacks in Taiwan (HITCON)
 
Improve your Tech Quotient
Improve your Tech QuotientImprove your Tech Quotient
Improve your Tech QuotientTarence DSouza
 
Using Compass to Diagnose Performance Problems
Using Compass to Diagnose Performance Problems Using Compass to Diagnose Performance Problems
Using Compass to Diagnose Performance Problems MongoDB
 
Using Compass to Diagnose Performance Problems in Your Cluster
Using Compass to Diagnose Performance Problems in Your ClusterUsing Compass to Diagnose Performance Problems in Your Cluster
Using Compass to Diagnose Performance Problems in Your ClusterMongoDB
 

Similar to Google Dorks: Analysis, Creation, and new Defenses (20)

theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdftheVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
 
Accra MongoDB User Group
Accra MongoDB User GroupAccra MongoDB User Group
Accra MongoDB User Group
 
Production Performance Testing in the Cloud
Production Performance Testing in the CloudProduction Performance Testing in the Cloud
Production Performance Testing in the Cloud
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?
 
@dtmsecurity Mitre ATT&CKcon - Playing Devil's Advocate to Security Initiativ...
@dtmsecurity Mitre ATT&CKcon - Playing Devil's Advocate to Security Initiativ...@dtmsecurity Mitre ATT&CKcon - Playing Devil's Advocate to Security Initiativ...
@dtmsecurity Mitre ATT&CKcon - Playing Devil's Advocate to Security Initiativ...
 
Rudder 3.0 and beyond
Rudder 3.0 and beyondRudder 3.0 and beyond
Rudder 3.0 and beyond
 
Highway to heaven - Microservices Meetup Dublin
Highway to heaven - Microservices Meetup DublinHighway to heaven - Microservices Meetup Dublin
Highway to heaven - Microservices Meetup Dublin
 
Technology radar-may-2013
Technology radar-may-2013Technology radar-may-2013
Technology radar-may-2013
 
Tour de France Azure PaaS 5/7 Accélérer avec le DevOps
Tour de France Azure PaaS 5/7 Accélérer avec le DevOpsTour de France Azure PaaS 5/7 Accélérer avec le DevOps
Tour de France Azure PaaS 5/7 Accélérer avec le DevOps
 
The Future of Cloud Innovation, featuring Adrian Cockcroft
The Future of Cloud Innovation, featuring Adrian CockcroftThe Future of Cloud Innovation, featuring Adrian Cockcroft
The Future of Cloud Innovation, featuring Adrian Cockcroft
 
Finding balance of DDD while your application grows
Finding balance of DDD while your application growsFinding balance of DDD while your application grows
Finding balance of DDD while your application grows
 
Straight Talk on Machine Learning -- What the Marketing Department Doesn’t Wa...
Straight Talk on Machine Learning -- What the Marketing Department Doesn’t Wa...Straight Talk on Machine Learning -- What the Marketing Department Doesn’t Wa...
Straight Talk on Machine Learning -- What the Marketing Department Doesn’t Wa...
 
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
 
Why drupal should power your next web project
Why drupal should power your next web projectWhy drupal should power your next web project
Why drupal should power your next web project
 
Loosely Coupled Complexity - Unleash the power of your Domain Model with Comm...
Loosely Coupled Complexity - Unleash the power of your Domain Model with Comm...Loosely Coupled Complexity - Unleash the power of your Domain Model with Comm...
Loosely Coupled Complexity - Unleash the power of your Domain Model with Comm...
 
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
 
MongoDB on Azure
MongoDB on AzureMongoDB on Azure
MongoDB on Azure
 
Improve your Tech Quotient
Improve your Tech QuotientImprove your Tech Quotient
Improve your Tech Quotient
 
Using Compass to Diagnose Performance Problems
Using Compass to Diagnose Performance Problems Using Compass to Diagnose Performance Problems
Using Compass to Diagnose Performance Problems
 
Using Compass to Diagnose Performance Problems in Your Cluster
Using Compass to Diagnose Performance Problems in Your ClusterUsing Compass to Diagnose Performance Problems in Your Cluster
Using Compass to Diagnose Performance Problems in Your Cluster
 

More from Flavio Toffalini

SGXMonitor Presentation - ACSAC 2022
SGXMonitor Presentation - ACSAC 2022SGXMonitor Presentation - ACSAC 2022
SGXMonitor Presentation - ACSAC 2022Flavio Toffalini
 
Static Analysis of Context Leaks in Android Applications
Static Analysis of Context Leaks in Android ApplicationsStatic Analysis of Context Leaks in Android Applications
Static Analysis of Context Leaks in Android ApplicationsFlavio Toffalini
 

More from Flavio Toffalini (6)

SGXMonitor Presentation - ACSAC 2022
SGXMonitor Presentation - ACSAC 2022SGXMonitor Presentation - ACSAC 2022
SGXMonitor Presentation - ACSAC 2022
 
SnakeGX (full version)
SnakeGX (full version) SnakeGX (full version)
SnakeGX (full version)
 
SnakeGX (short version)
SnakeGX (short version)SnakeGX (short version)
SnakeGX (short version)
 
ScaRR
ScaRRScaRR
ScaRR
 
Careful Packing
Careful PackingCareful Packing
Careful Packing
 
Static Analysis of Context Leaks in Android Applications
Static Analysis of Context Leaks in Android ApplicationsStatic Analysis of Context Leaks in Android Applications
Static Analysis of Context Leaks in Android Applications
 

Recently uploaded

Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Deliverybabeytanya
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
Denver Web Design brochure for public viewing
Denver Web Design brochure for public viewingDenver Web Design brochure for public viewing
Denver Web Design brochure for public viewingbigorange77
 
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663Call Girls Mumbai
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaimessage0108
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Russian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service ThaneRussian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service ThaneCall girls in Ahmedabad High profile
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 

Recently uploaded (20)

Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
Denver Web Design brochure for public viewing
Denver Web Design brochure for public viewingDenver Web Design brochure for public viewing
Denver Web Design brochure for public viewing
 
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of india
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Russian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service ThaneRussian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 

Google Dorks: Analysis, Creation, and new Defenses

  • 1. Google Dorks: Analysis, Creation, and new Defenses Flavio Toffalini, University of Verona, IT, flavio.toffalini@gmail.com Maurizio Abbà, LastLine, UK, mabba@lastline.com Damiano Carra, University of Verona, IT, damiano.carra@univr.it Davide Balzarotti, Eurecom, FR, davide.balzarotti@eurecom.fr
  • 3. 3 MOTIVATION ● Attackers use Dorks to quickly locate targets ● After a new vulnerability is disclosed, one Google query is sufficient to identify a large amount of vulnerable installations ● No time for sysadmins to apply patches !!
  • 4. 4 MOTIVATION ● Attackers use Dorks to quickly locate targets ● After a new vulnerability is disclosed, one Google query is sufficient to identify a large amount of vulnerable installations ● No time for sysadmins to apply patches !! ● If we could prevent dorks, attackers would need to resort to Internet scanning … which is several orders of magnitude slower
  • 5. 5 GOALS ● Current practices ● Understand which information is used by existing dorks ● Design simple solutions to defeat those dorks ● Future threats ● Test if attackers could move towards new styles of dorks ● Design simple solutions to prevent it
  • 7. 7 TAXONOMY ● The Exploit-DB database contains over 5143 dorks ● Automated/manual analysis URL Patterns (44%) File Extensions (6%) Content-Based (74%)
  • 8. 8 ● The Exploit-DB database contains over 5143 dorks ● Automated/manual analysis URL Patterns (44%) File Extensions (6%) Content-Based Banners (54%) Misconfigurations (8%) Error messages (1%) Common words (11%) TAXONOMY
  • 9. 10 DORKS EVOLUTION BY CATEGORY URL Patterns Banner Common words Misconfiguration
  • 10. 11 KNOWN DEFENSES URL Patterns File Extensions Content-Based Banners remove banners Misconfigurations improve system configuration Error messages proper error handling Common words
  • 11. 12 CONTRIBUTION URL Patterns ?? File Extensions Content-Based Banners remove banners Misconfigurations improve system configuration Error messages proper error handling Common words ??
  • 12. 13 ● Force search engines to index “randomized” URLs ● Let the users navigate and share using cleartext URLs http://www.web-site.com/wp-content/dimva.html http://www.web-site.com/HD12DAF35TR/dimva.html URL-DORKS
  • 13. 14 ● XOR (part of) URLs with random seed kept in the server a = resource a O(a) = obfuscated resource a ● Redirect 301 to inform search engine that the page is moved ● Canonical URL Tag to delete plain URLs in the results ● Intercept and replace SiteMap URL-DORKS
  • 14. 15 OBFUSCATION PROTOCOL - CRAWLERS Crawler URL Obfuscator Web Site a a resp. of a Redir. 301 to O(a) O(a) resp. of a + canonical tag
  • 15. 16 OBFUSCATION PROTOCOL - BROWSER Browser URL Obfuscator Web Site O(a) a resp. of a resp. of a b resp. of b resp. of b b
  • 16. 17 URL Patterns File Extensions Content-Based Banners remove banners Misconfigurations improve system configuration Error messages proper error handling Common words ??
  • 17. 18 WORD-BASED DORKS ● Goal ● Using words left by CMSs to create a Google Dork ● Greedy search algorithm to maximizes ● Hit-rank: percentage of web site made by a target technology ● Coverage: number of entries extracted by the Dork
  • 19. 20 “Category” + “Submit” + “....” Vanilla installation WORD-BASED DORKS: CREATION Categories SubmitRegister Contact Buy Recent Users List Registration Compute hit rank & coverage
  • 20. 22 WORD-BASED DORKS: CREATION ● Gradient Ascent algorithm ● How to add a new word? ● At each step, we add the word that provides the highest hit rank between the ones that have a coverage above the median of all candidate words (more details in the paper)
  • 21. 24 Common Words Ground Truth WordPress 938/1000 967/1000 Hit rank 47.1 M 83.6 M Coverage Joomla! 878/1000 887/1000 Hit rank 7.24 M 3.73 M Coverage Drupal 827/1000 997/1000 Hit rank 7.87 M 3.27 M Coverage Magento 871/1000 852/1000 Hit rank 0.39 M 0.68 M Coverage OpenCart 891/1000 998/1000 Hit rank 0.59 M 1.42 M Coverage WORD-BASED DORKS:
  • 22. 25 Common Words Ground Truth WordPress 938/1000 967/1000 Hit rank 47.1 M 83.6 M Coverage Joomla! 878/1000 887/1000 Hit rank 7.24 M 3.73 M Coverage Drupal 827/1000 997/1000 Hit rank 7.87 M 3.27 M Coverage Magento 871/1000 852/1000 Hit rank 0.39 M 0.68 M Coverage OpenCart 891/1000 998/1000 Hit rank 0.59 M 1.42 M Coverage WORD-BASED DORKS:
  • 23. 26 Common Words Ground Truth WordPress 938/1000 967/1000 Hit rank 47.1 M 83.6 M Coverage Joomla! 878/1000 887/1000 Hit rank 7.24 M 3.73 M Coverage Drupal 827/1000 997/1000 Hit rank 7.87 M 3.27 M Coverage Magento 871/1000 852/1000 Hit rank 0.39 M 0.68 M Coverage OpenCart 891/1000 998/1000 Hit rank 0.59 M 1.42 M Coverage WORD-BASED DORKS:
  • 24. 29 Idea: add invisible characters to break words and prevent them to be indexed. WORD-BASED DORKS: DEFENSES Powered by WordPress Power⁣ed b⁣y Wor⁣dPress
  • 25. 30 DORKS DEFENSES URL Patterns File Extensions Content-Based Banners remove banners Misconfigurations improve system configuration Error messages proper error handling Common words
  • 26. 31 CONCLUSION 1) Dork classification 2) URL Pattern Dork Defense 3) New type of Dork using common words 4) Defense against common word dorks