____ _ _ | _ \ _____ _| |__ (_)_ __ | | | |/ _ \ \/ / '_ \| | '_ \ | |_| | (_) > <| |_) | | | | | |____/ \___/_/\_\_.__/|_|_| |_|
Title:DOXXING 2 0 GUIDE
Created:Nov 24th, 2022
Created by: SPYDIR [Rich]
Views: 11,119
Comments: 56
Username: Anonymous - (Login)
Please note that all posted information is publicly available and must follow our TOS.
+---------------------------------------------------------------+
| Table of contents |
+---------------------------------------------------------------+
| 0x01 INTRODUCTION............................. |
| 0x02 DOXXING INFORMATION..................... |
| 0x03 IP HUNTING............................... |
| 0x04 OSINT TOOLS.............................. |
| 0x05 GOOGLE DORKING........................... |
+---------------------------------------------------------------+
██████╗ ██████╗ ██╗ ██╗██╗ ██╗██╗███╗ ██╗ ██████╗ ██████╗ ██████╗
██╔══██╗██╔═══██╗╚██╗██╔╝╚██╗██╔╝██║████╗ ██║██╔════╝ ╚════██╗ ██╔═████╗
██║ ██║██║ ██║ ╚███╔╝ ╚███╔╝ ██║██╔██╗ ██║██║ ███╗ █████╔╝ ██║██╔██║
██║ ██║██║ ██║ ██╔██╗ ██╔██╗ ██║██║╚██╗██║██║ ██║ ██╔═══╝ ████╔╝██║
██████╔╝╚██████╔╝██╔╝ ██╗██╔╝ ██╗██║██║ ╚████║╚██████╔╝ ███████╗██╗╚██████╔╝
╚═════╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝╚═╝ ╚═══╝ ╚═════╝ ╚══════╝╚═╝ ╚═════╝
██████╗ ██╗ ██╗██╗██████╗ ███████╗
██╔════╝ ██║ ██║██║██╔══██╗██╔════╝
██║ ███╗██║ ██║██║██║ ██║█████╗
██║ ██║██║ ██║██║██║ ██║██╔══╝
╚██████╔╝╚██████╔╝██║██████╔╝███████╗
╚═════╝ ╚═════╝ ╚═╝╚═════╝ ╚══════╝
+---------------------------------------------------------------+
| 0x01 INTRODUCTION |
+---------------------------------------------------------------+
+---------------------------------------------------------------+
+---------------------------------------------------------------+
+-----------------------------------------------------------------------+
| What is Doxing? |
| Doxing or Doxxing is the act of publicly revealing |
| previously private person information about an individual |
| or organization, usually through the internet. Methods Employed |
| to acquire such information include searching publicly available |
| databases and social media websites, hacking, and social engineering. |
+-----------------------------------------------------------------------+
+-------------------------------------------------------------------------------------------------------------------+
| Doxing often involves hackers attempting to embarrass or shame individuals by publishing confidential information,|
| images or videos obtained from their personal accounts. |
| Initially, doxxing was used by hackers to "out" the identities of fellow bad actors/hackers. |
| However, more recently, it has been used to attack users with opposing viewpoints. |
+-------------------------------------------------------------------------------------------------------------------+
+---------------------------------------------------------------+
| 0x02 DOXXING INFORMATION |
+---------------------------------------------------------------+
In a doxing attack, hackers might publish someone's:
????Real name
????Telephone number
????Social Security number
????Home address
????Employer
????Credit card numbers
????Bank account numbers
????Personal photographs
????Social media profiles
========================================
How does doxing work
Running a WHOIS search on a domain name
Tracking Usernames
Phishing
Stalking Social Media
Checking Goverment Records
Google Dorking
Tracking IP address
Reverse Mobile phone lookup
Packet Sniffing
Data Brokers(Leaked Data)
Searching on Darkweb
Examples of Doxing
1. Celebrity Doxxing
It’s not uncommon for journalists to find out a celebrity’s personal life information and to publish such gossip on their media platforms.
However, doxxing isn’t your regular entertainment news.
Here, the hacker publishes the celebrity’s sensitive information such as their payment card info,
email address, social security number or phone numbers.
2. Faulty Doxxing
Sometimes, doxxing is done by internet vigilantes who can’t be bothered to properly research or investigate their victims to ensure they have the right person.
Instead, they wrongly link people to activities or situations that are unrelated to them. Due to such “faulty” doxing, hence the name, innocent people face:
reputation loss,
employment loss,
harassment,
physical harm, or
loss of life.
3. Revenge Doxxing
Sometimes, people use doxing as a means of taking revenge.
They publish their enemy’s some publicly identifying information online to cause them shame.
4. Swatting Doxxing
Another method of doxing is known as “swatting.”
This occurs when a person wrongly accuses someone of a crime and sends police (or a SWAT team, hence “swatting”) to the victim’s address to cause them harassment.
However, often such doxxing can prove fatal for the victim.
5. Crime Doxxing
While the swatting is done for fun, there are some people that use doxxing to execute serious crimes like murder.
They reveal their enemies’ personal information online and provoke others to harm them.
The motive can be personal revenge or showing disagreement or hatred towards any specific cause, religion, activity or race.
How you get doxxed?
???? Username Doxing
https://i.imgur.com/nd4awlK.png
????Whois and Domain More
https://i.imgur.com/bRzkOC9.png
????PHISHING
https://i.imgur.com/UmvkFfl.png
????Stalking Social Media
https://i.imgur.com/Km1g8X5.png
????Facebook Doxing
https://i.imgur.com/4GDJZGd.png
????Instagram Doxing
https://i.imgur.com/UrVUMkp.png
????Email Doxing
https://i.imgur.com/LZJuRJw.png
????Twitter Doxing
https://i.imgur.com/QOxFKIS.png
????Telegram Doxing
https://i.imgur.com/3AKMxUa.png
????Media And Dating Doxing
https://i.imgur.com/cqW4dQc.png
????LinkedIn Doxing
https://i.imgur.com/rWcLzID.png
????Indian Goverment Data Doxing
https://i.imgur.com/vg27lhm.png
????IP Locators
https://i.imgur.com/g8ixeq7.png
????Ip Hunting
https://i.imgur.com/wf83f6i.png
????Reverse Phone Lookup
https://i.imgur.com/0FZXm9f.png
????Search Engine Doxing
https://i.imgur.com/k2yTAiC.png
????Scientific Search Engine
https://i.imgur.com/jVv1Jvo.png
????Specific Search Engines
https://i.imgur.com/sqgU5Yo.png
????Vehicles Search
https://i.imgur.com/deGrDH1.png
????Archives Data
https://i.imgur.com/gGsiKQp.png
????Directories
https://i.imgur.com/9ZPxcWB.png
????Mac Address
https://i.imgur.com/KBxoTrU.png
????EXIF Data
https://i.imgur.com/raKnyDv.png
????Company Search
https://i.imgur.com/chfAsf7.png
????PNG and JPEG Exif
https://i.imgur.com/XWcNPQQ.png
????Documents Doxing
https://i.imgur.com/tQQt8Af.png
????Crypto Doxing
https://i.imgur.com/OHhNP5v.png
????File Uploader
https://i.imgur.com/apPA8EQ.png
????Reverse Image Search
https://i.imgur.com/rtrYwwI.png
????URL Analysis
https://i.imgur.com/xeRneM8.png
????Ebooks and PDFs
https://i.imgur.com/bkkryjO.png
????Fake Mails
https://i.imgur.com/oJxf4fB.png
????Maps Data
https://i.imgur.com/H6mWp9x.png
????Data Leaks
https://i.imgur.com/3BsDhol.png
????IOT Search Engines
https://i.imgur.com/ZECah82.png
How to clear your tracks?
While doing doxing don't forget to use vpn,and proxies . Some tools that will help you remove your searches
❤️???? Data Destruction Tools
DBAN https://dban.org
The free version supports HDD only.
Eraser www.heidi.ie/eraser/ Open source; supports SSD.
CCleaner www.piriform.com/ccleaner Drive wiper and Windows trace cleaner.
SDelete https://technet.microsoft.com/
en-us/sysinternals/sdelete.aspx
Erases data according to DOD 5220.22-M.
❤️???? SSD Data-Erasing Tools
Tool URL
Intel Solid State Drive Toolbox https://downloadcenter.intel.com/download/26574?v=t
Corsair SSD Toolbox www.corsair.com/en-eu/support/downloads
Samsung Magician www.samsung.com/semiconductor/minisite/ssd/download/tools.html
SanDisk SSD https://kb.sandisk.com/app/answers/detail/a_id/16678/~/secure-erase-and-sanitize
How can I protect myself from Doxing?
Adjust your social media settings:Ensure that your profiles, usernames/handles are kept private
Remove any addresses, places of work, and specific locations from your accounts
Set your posts to “friends only"
Avoid discussing personal information that could be used against you, as well as anything that can identify your address, workplace or contact information
Use a Virtual Private Network (VPN) and aIf you must use public wi-fi, turn off the public network sharing functionality on your device
Use strong passwords
Vary usernames and passwords across platforms
Hide domain registration information from WHOIS (a database of all registered domain names on the web)
Don't be afraid after getting doxed its your publicly shared information, so don't worry about it, otherwise attacker use you, don't pay money if you get doxed.
Be Safe From Cat Phishing
Join CIDHUB For More Knowledge
Is doxing is Illegal ?
Doxxing is immoral and illegal,
and if you are discovered bothering individuals and disclosing their personal information,
you could face serious legal consequences, including imprisonment.
Detecting and prosecuting these types of crimes is often challenging for law enforcement.
In India you get punishment under IT ACT 2000 for doxing or identity theft.
What is legal Way of Doxing ?
We can say that Open Source Intelligence is the legal way of Doxing.
Intelligence agencies use OSINT to track events,
equipment such as weapons systems, and people.
These are the 'targets of interest' (ToIs).
But hackers use OSINT to identify technical vulnerabilities
as well as human targets for phishing and social engineering attacks.Law Firms.
Lawyers and private investigators can ethically and legally utilize
OSINT techniques – especially information found on social media platforms –
in legal and litigation intelligence to collect evidence and research about any suspect or potential juror.
+---------------------------------------------------------------+
| 0x03 IP HUNTING |
+---------------------------------------------------------------+
IP HUNTING TRICKS 2022
TODAY WE ARE GOING TO LEARN HOW TO HUNT IP OF SCAMMERS AND FRAUDSTERS.
BEFORE STARTING LET US UNDERSTAND WHAT IS IP HUNTING.
What is IP address?
An IP address is a unique address that identifies a device on the internet or a local network.
IP stands for "Internet Protocol," which is the set of rules governing the format of data sent via the internet or local network.
In essence, IP addresses are the identifier that allows information to be sent between devices on a network:
they contain location information and make devices accessible for communication.
The internet needs a way to differentiate between different computers, routers, and websites.
IP addresses provide a way of doing so and form an essential part of how the internet works.
Types of IP addresses
There are different categories of IP addresses, and within each category, different types.
Consumer IP addresses
Every individual or business with an internet service plan will have two types of IP addresses:
their private IP addresses and their public IP address. The terms public and private relate to the network location
— that is, a private IP address is used inside a network, while a public one is used outside a network.
Private IP addresses
Every device that connects to your internet network has a private IP address.
This includes computers, smartphones, and tablets but also any Bluetooth-enabled devices like speakers,
printers, or smart TVs. With the growing internet of things, the number of private
IP addresses you have at home is probably growing. Your router needs a way to identify these items separately,
and many items need a way to recognize each other.
Therefore, your router generates private IP addresses that are unique identifiers for each device that differentiate them on the network.
Public IP addresses
A public IP address is the primary address associated with your whole network.
While each connected device has its own IP address,
they are also included within the main IP address for your network.
As described above, your public IP address is provided to your router by your ISP.
Typically, ISPs have a large pool of IP addresses that they distribute to their customers.
Your public IP address is the address that all the devices outside your internet network will use to recognize your network.
Public IP addresses
Public IP addresses come in two forms – dynamic and static.
Dynamic IP addresses
Dynamic IP addresses change automatically and regularly.
ISPs buy a large pool of IP addresses and assign them automatically to their customers.
Periodically, they re-assign them and put the older IP addresses back into the pool to be used for other customers.
The rationale for this approach is to generate cost savings for the ISP.
Automating the regular movement of IP addresses means they don’t have to carry out specific actions to re-establish a customer's IP address if they move home,
for example. There are security benefits, too, because a changing IP address makes it harder for criminals to hack into your network interface.
Static IP addresses
In contrast to dynamic IP addresses, static addresses remain consistent.
Once the network assigns an IP address, it remains the same. Most individuals and businesses do not need a static IP address,
but for businesses that plan to host their own server, it is crucial to have one.
This is because a static IP address ensures that websites and email addresses tied to it will have a consistent IP address
— vital if you want other devices to be able to find them consistently on the web.
This leads to the next point – which is the two types of website IP addresses.
There are two types of website IP addresses
For website owners who don’t host their own server, and instead rely on a web hosting package
– which is the case for most websites – there are two types of website IP addresses. These are shared and dedicated.
Shared IP addresses
Websites that rely on shared hosting plans from web hosting providers will typically be one of many websites hosted on the same server.
This tends to be the case for individual websites or SME websites, where traffic volumes are manageable,
and the sites themselves are limited in terms of the number of pages, etc. Websites hosted in this way will have shared IP addresses.
Dedicated IP addresses
Some web hosting plans have the option to purchase a dedicated IP address (or addresses).
This can make obtaining an SSL certificate easier and allows you to run your own File Transfer Protocol (FTP) server.
This makes it easier to share and transfer files with multiple people within an organization and allow anonymous FTP sharing options.
A dedicated IP address also allows you to access your website using the IP address alone rather than the domain name
— useful if you want to build and test it before registering your domain.
What is IPv4?
IPv4 is an IP version widely used to identify devices on a network using an addressing system.
It was the first version of IP deployed for production in the ARPANET in 1983.
It uses a 32-bit address scheme to store 2^32 addresses which is more than 4 billion addresses.
It is considered the primary Internet Protocol and carries 94% of Internet traffic.
What is IPv6?
IPv6 is the most recent version of the Internet Protocol.
This new IP address version is being deployed to fulfill the need for more Internet addresses.
It was aimed to resolve issues that are associated with IPv4. With 128-bit address space,
it allows 340 undecillion unique address space. IPv6 is also called IPng (Internet Protocol next generation).
Internet Engineer Taskforce initiated it in early 1994. The design and development of that suite are now called IPv6.
KEY DIFFERENCE
IPv4 is 32-Bit IP address whereas IPv6 is a 128-Bit IP address.
IPv4 is a numeric addressing method whereas IPv6 is an alphanumeric addressing method.
IPv4 binary bits are separated by a dot(.) whereas IPv6 binary bits are separated by a colon(:).
IPv4 offers 12 header fields whereas IPv6 offers 8 header fields.
IPv4 supports broadcast whereas IPv6 doesn’t support broadcast.
IPv4 has checksum fields while IPv6 doesn’t have checksum fields
When we compare IPv4 and IPv6, IPv4 supports VLSM (Variable Length Subnet Mask) whereas IPv6 doesn’t support VLSM.
IPv4 uses ARP (Address Resolution Protocol) to map to MAC address whereas IPv6 uses NDP (Neighbour Discovery Protocol) to map to MAC address.
Features of IPv4
Following are the features of IPv4:
Connectionless Protocol
Allow creating a simple virtual communication layer over diversified devices
It requires less memory, and ease of remembering addresses
Already supported protocol by millions of devices
Offers video libraries and conferences
Features of IPv6
Here are the features of IPv6:
Hierarchical addressing and routing infrastructure
Stateful and Stateless configuration
Support for quality of service (QoS)
An ideal protocol for neighboring node interaction
❤️????Hunting IP address of our Victim:
Ip Hunting depends on your social engineering skills, here is the ip Hunting custom script,
just host it on any free hosting, and make your custom webpage like index.html and host all the files given in zip,
it will not blocked by Instagram or other social media platforms. Use it only for educational purpose.
What is IP logger?
IP Logger URL Shortener allows you to track and register IP addresses, GPS locations.
IP Logger URL Shortener provides checking access to IP addresses, checking what my IP services, counters, and informants are.
Step 1. Go to https://iplogger.org.
Step 2. Select an option. Location Tracking, Image / Link, Invisible Logger
Step 3: For the purposes of this guide, we will use the URL Shortener. Enter the URL and click Get Logger Code.
Step 4: Copy the IPLogger link to collect statistics (no BB codes)
Step 5: Remember the IPLogger ID (required to access registration statistics!), You will need this later to get the registered IP addresses.
IP Logger URL Shortener - Log and Track IP addressesEnter any URL or link to any image on the internet to shorten it and track IP addresses and clicks on your short…
iplogger.org
⭕Grabify
Grabify IP Logger lets you track who clicked on your links. Find IP addresses from Facebook, Twitter, friends on other sites.
Step 1: go to https://grabify.link
Step 2. Enter the link to the web page on the Grabify website and click the “Create URL” button
Step 3: Now you will have a new tracking link, similar, for example.
https://grabify.link/GK9OK5 you can use the button below to change the link domain to another domain that is less recognizable, or you can use your own domain.
Step 4: Save the tracking code or connection link that you will need to get the IP addresses of those who clicked on your Grabify link.
Grabify IP Logger & URL ShortenerIf you're not sure on how to use this website, just take a look at this video. Enter a URL that you want Grabify to…
grabify.link
⭕Blasze
Step 1: Go to https://blasze.com
Step 2. Enter a new URL or tracking code and click Submit.
Step 3. Copy the tracking link.
Step 4. Copy the access code that you will need later to get the registered IP addresses.
Step 5: Enter the access code at https://blasze.com to receive registered IP addresses.
https://blasze.com
Whatstheirip
Step 1: Go to the page http://whatstheirip.com
Step 2. Enter your email address and click the “Get Link” button.
Step 3: Copy one of the URLs provided by http://whatstheirip.com.
Step 4: As soon as your friend clicks on one of the URLs, you will receive an email with the IP address.
whatstheirip.com2019 Copyright. All Rights Reserved. The Sponsored Listings displayed above are served automatically by a third party…
whatstheirip.com
⭕How to Find IP Address Instagram⭕
You would be amazed if you knew what you could find out about people when you find their IP address. With some simple skills, you can learn how to find other people’s IP address on Instagram.
When you know their IP, you’re just a step away from being able to find out their location, name and other personal information.
And when you know all this information about someone, you can block someone’s access to your chat room, your content, your website, etc.
Finding out someone’s IP is much easier than it seems at first. In fact, there are several websites, such as IP Logger and Grabify IP Logger, that can help you do this quickly and easily.
Here are the steps that you need to follow if you want to know how to get IP address from Instagram account.
Go to the profile of the person whose IP you want to know.
Click on the three dots next to their username.
Copy their profile URL.
Go to Grabify IP Logger, IP Logger or similar websites.
Paste the link into the bar and click on ‘Create URL’. When the results page opens, you will see a new link generated.
Optional: If the new link is too long, make sure you shorten it with Google URL Shortener.
Chat with the person for some time and send them (the shortened) link. It would be wise to tell them that you want them to see a great picture or read a wonderful story on this link.
When they click on it, refresh the page in the logger website you used and you will get the person’s IP address at the bottom of the page.
If you use Facebook or Instagram to chat with the person, you might need to switch on the ‘Hide Bots’ option in order to get their genuine IP.
If all you needed to know was the person’s IP address, you’re good to go. However, if you want to know more details about the person, you will need to take a few more steps.
Go to IP Tracker or other similar websites.
Click on the IP Tracker option.
Paste the IP that you got from one of the IP logger sites and trace it.
Voila! What you got is the name, location, area code, ISP and other detailed information about the person.
With these thirteen simple steps, you know how to get IP address from Instagram account. At first, it might seem like spying on people.
But sometimes, that is the only option you have if someone is harassing you on Instagram.
It is obvious that there is no way to really prevent someone from discovering your IP. However, there is a way to mask your real IP.
If you want your own server to remain invisible to people on the web, the best thing you can do is get residential IPs.
With residential proxies, you will get a stable, secure and fast connection, as well as be untouchable for anyone who tries to identify your IP.
When you use residential proxies, nobody will know how to find IP address from Instagram profile you are using. Instead, they will only be able to detect the residential IP and its location.
Nonetheless, this doesn’t mean you should use proxies for malicious activities on Instagram or any other website.
Proxies are there to offer you anonymity when you want to hide your true geolocation or in similar situations
ip hunting
???? How To Trace Location Of A Person By Chatting on WhatsApp, Facebook, Instagram, Snapchat ????
⚜ There are some different methods that you can use according to your convenience as a complex is a method,
better will be the result. So read out all the methods discussed below and use any of them to check out the location of any person by chatting on social sites.
✔️ Tracing IP Address Of Person On Facebook Chat Using Command Prompt
☠ By using the command prompt, you can actually trace out the IP address of a person whom with you are chatting on facebook. Just
???? Follow the steps below to proceed.
1⃣ First of all, start chatting with your friend whose IP address you want to get and make sure that all other apps and background process must be stopped. Now press Win+R of your keyboard.
2⃣ Now type cmd and hit enter.
3⃣ Now at the command prompt that appears type netstat -an and hit enter.
4⃣ Now note down the IP address of a person.
5⃣ Now you need to scan that IP address to know the actual location of the person that you can check out from http://www.ip-adress.com/ip_tracer/
⭕⭕NETSTAT CHEAT SHEET ⭕⭕
????How To Find Open Ports Of Computer System????
????To find open ports on a computer, you can use netstat command line.
????To display all open ports, open DOS command, type netstat and press Enter.
????To list all listening ports, use netstat -an |find /i “listening” command.
????To see what ports your computer actually communicates with, use netstat -an |find /i “established”
????To find specified open port, use find switch. For example, to find if the port 3389 is open or not, do netstat -an |find /i “3389”.
✨ You can use PULIST from the Windows Resource Kit to find which process is using a specified port. For example, pulist |find /i “4125” may display
Process PID User
mad.exe 4125 Chicagotech/blin
⭕Important commands cmd⭕
1. ping
This command will let you know if your host is currently available.
This means that when the ping command is executed,
the host will send you a reply if it is connected.To use this command,
just enter the phrase ping with the IP or domain of the site or client. for example:
ping 8.8.8.8ping www.google.com
The response received from the host indicates its status.
The shorter the time in front of the time and the error-free response received,
the higher the connection speed and the more stable the situation.And
2. nslookup
This command has various uses. One of them is finding IP from DNS.
Suppose you know the address of a site but are unaware of its IP.
You can use this command to find out the IP of any site. for example:
nslookup www.google.com
Another application of nslookup in finding IP is a specific server mail.
For example, to find the IP address of Yahoo servers, these commands must be entered in order:
nslookup set type = mx yahoo.com
And
3. tracert
With this command, you can get good information about the path that a packet takes in the network to reach its destination.
This command (trickster) is very useful for routing packets sent to the destination. Example:
tracert 8.8.8.8tracert www.google.com
4. arp
This command displays the arp table for you. In this table, IPs and their MAC equivalent addresses are stored.
If there is an illegal activity on your network and, for example, a network card has been replaced without your permission,
you can easily find out through this table:
arp -a
And
5. route
This command gives you complete information about the list of network cards, routing tables, and portals for each:
route print
6. ipconfig
This command provides useful information about your IP and Gateway, the DNS in use, and the like:
ipconfig
Or
ipconfig / all
And
Also, if you use dynamic IP and want to change your IP, you can do this with the following commands:
ipconfig / release ipconfig / renew
7. netstat
This command displays the status of your connections:
netstat
Displays all ports that are in the listening mode and connects with the DNS name:
netstat -a
Display all open and IP connections:
netstat -n
Combining the above two modes:
netstat -an
The following command also displays all folders shared on the destination computer:
net view x.x.x.x.
Or
net view computername
Instead of x.x.x.x and computername, you must enter the IP address or computer name.
8. netuser
This command changes the Windows account password without knowing the previous password:
net user Tarfandestan *
Enter Windows username instead of Tarfandestan and enter the new password after pressing Enter.
And
9. Other commands
There are other commands that can help you.
Connect to the destination device with Administrator access:
net use \ ipaddressipc $ “” / user: administrator
Enter the IP address instead of the ipaddress.
After connecting to the destination, use this command if you want to browse the entire C drive:
net use K: \ computernameC $
Enter the computer name instead of the computername.
This command creates a virtual drive.
Note that this command works when the destination computer has not set the Adminastrator password.
And finally the Help command to receive guidance:
command / help
Or
command /?
⭕Get sim details and state of a number ⭕
https://www.findandtrace.com/trace-mobile-number-location
https://play.google.com/store/apps/details?id=com.truecaller
https://mobilenumbertracker.com/
⭕Ip tracer tool⭕
How to install IP-Tracer ?
apt update
apt install git -y
git clone https://github.com/rajkumardusad/IP-Tracer.git
cd IP-Tracer
chmod +x install
sh install or ./install
How to use IP-Tracer
trace -m to track your own ip address.
trace -t target-ip to track other's ip address for example ip-tracer -t 127.0.0.1
trace for more information.
OR
ip-tracer -m to track your own ip address.
ip-tracer -t target-ip to track other's ip address for example ip-tracer -t 127.0.0.1
⭕Check blacklisted ip here⭕
With this Free API you can detect and block, fraudulent IPs that connect to your website from a Hosting, Proxy or VPN.
Stop losing money and time in worrying about users who connect to your website or application fraudulently.
https://www.iphunter.info/
⭕Free IP Stressers⭕
https://www.stressthem.to/booter
https://www.freeboot.to/booter/stress.php
https://www.ipstresser.com/
https://freeddosbooter.com/
https://boot4free.co/
https://freeipstress.com/
https://freestresser.me/
https://topbooter.net/home
https://stressing.ninja/
https://instant-stresser.to/
https://muxbooter.com/
Change IP Address In Less Than 30 Seconds on windows
Click on “Start” in the bottom left hand corner of screen
Click on “Run”
Type in “command” and hit ok
You should now be at an MSDOS prompt screen.
Type “ipconfig /release” just like that, and hit “enter”
Type “exit” and leave the prompt
Right-click on “Network Places” or “My Network Places” on your desktop.
Click on “properties”
You should now be on a screen with something titled “Local Area Connection”, or something close to that, and,
if you have a network hooked up, all of your other networks.
Right click on “Local Area Connection” and click “properties”
Double-click on the “Internet Protocol (TCP/IP)” from the list under the “General” tab
Click on “Use the following IP address” under the “General” tab
Create an IP address
Press “Tab” and it should automatically fill in the “Subnet Mask” section with default numbers.
Hit the “Ok” button here
Hit the “Ok” button again
You should now be back to the “Local Area Connection” screen.
Right-click back on “Local Area Connection” and go to properties again.
Go back to the “TCP/IP” settings
This time, select “Obtain an IP address automatically”
Hit “Ok”
Hit “Ok” again
You now have a new IP address
⭕What a hacker can do with an ip address?⭕
Hackers have been known to use stolen IP addresses to download illegal content like pirated material,
child pornography, or content that threatens national security. Hacked IP addresses can also be used for DDoS attacks (“distributed denial-of-service”),
which basically shut down your access to the Internet.
How to Protect Your IP Address?
If you can hide your IP address, you can protect your device, online identity, and data. There are two ways to go about it:
Using a VPN is a safer option where your device acts like it’s on the same network locally as the VPN.
Thus, you can safely access the network even from another country or browse geo-blocked sites. Example: NordVPN, Surfshark, Proton VPN, etc.
Using a proxy server provides an intermediary web server through which your traffic gets routed.
It masks your original IP address and shows the proxy server’s IP address. Example: Bright Data, Smartproxy, etc.
+---------------------------------------------------------------+
| 0x04 OSINT TOOLS |
+---------------------------------------------------------------+
1. OSINT FRAMEWORK
While OSINT FRAMEWORK isn't a tool to be run on your servers,
it's a very useful way to get valuable information by querying free search engines,
resources, and tools publicly available on the Internet.
They are focused on bringing the best links to valuable sources of OSINT data.
While this web application was originally created focused on IT security,
with the time it has evolved and today you can get other kinds of information from other industries as well.
Most of the websites it uses to query the information are free, but some may require paying a low fee.
OSINT Framework
2. CheckUserNames
CheckUserNames is an online OSINT tool that can help you to find usernames across over 170 social networks.
This is especially useful if you are running an investigation to determine the usage of the same username on different social networks.
It can be also used to check for brand company names, not only individuals.
3. HaveIbeenPwned
HaveIbeenPwned can help you to check if your account has been compromised in the past.
This site was developed by Troy Hunt, one of the most respected IT security professionals of this market,
and it's been serving accurate reports since years.
If you suspect your account has been compromised,
or want to verify for 3rd party compromises on external accounts,
this is the perfect tool. It can track down web compromise from many sources like Gmail, Hotmail,
Yahoo accounts, as well as LastFM, Kickstarter, Wordpress.com, Linkedin and many other popular websites.
Once you introduce your email address,
the results will be displayed, showing something like:
HaveIbeenPwned
4. BeenVerified
BeenVerified is another similar tool that is used when you need to search people on public internet records.
It can be pretty useful to get more valuable information about any person in the world when you are conducting an
IT security investigation and a target is an unknown person.
After done, the results page will be displayed with all the people that match the person's name,
along with their details, geographic location, phone number, etc.
Once found, you can build your own reports.
The amazing thing about BeenVerified it's that it also includes information about criminal records and official government information as well.
BeenVerified background reports may include information from multiple databases,
bankruptcy records, career history, social media profiles and even online photos.
5. Censys
Censys is a wonderful search engine used to get the latest and most accurate information about any device connected to the internet,
it can be servers or domain names.
You will be able to find full geographic and technical details about 80 and 443 ports running on any server,
as well as HTTP/S body content & GET response of the target website, Chrome TLS Handshake, full SSL Certificate Chain information, and WHOIS information.
6. BuiltWith
BuiltWith is a cool way to detect which technologies are used at any website on the internet.
It includes full detailed information about CMS used like Wordpress,
Joomla, Drupal, etc, as well as full depth Javascript and CSS libraries like jquery,
bootstrap/foundation, external fonts, web server type (Nginx, Apache, IIS, etc),
SSL provider as well as web hosting provider used.
BuiltWith also lets you find which are the most popular technologies running right now,
or which ones are becoming trending.
Without any doubt, it is a very good open source intelligence tool to gather all the possible technical details about any website.
7. Google Dorks
While investigating people or companies, a lot of IT security newbies forget the importance of using traditional search engines for recon and intel gathering.
In this case, GOOGLE DORKS can be your best friend. They have been there since 2002 and can help you a lot in your intel reconnaissance.
Google Dorks are simply ways to query Google against certain information that may be useful for your security investigation.
Search engines index a lot of information about almost anything on the internet, including individual, companies, and their data.
Some popular operators used to perform Google Dorking:
Filetype: you can use this dork to find any kind of filetypes.
Ext: can help you to find files with specific extensions (eg. .txt, .log, etc).
Intext: can perform queries helps to search for specific text inside any page.
Intitle: it will search for any specific words inside the page title.
Inurl: will look out for mentioned words inside the URL of any website.
Log files aren't supposed to be indexed by search engines, however, they do, and you can get valuable information from these Google Dorks, as you see below:
Google Dorks
Now let's focus on other more practical tools used by the most respected InfoSec professionals:
8. Maltego
Is an amazing tool to track down footprints of any target you need to match. This piece of software has been developed by Paterva,
and it's part of the Kali Linux distribution.
Using Maltego will allow you to launch reconnaissance testes against specific targets.
One of the best things this software includes is what they call 'transforms'.
Transforms are available for free in some cases, and on others, you will find commercial versions only.
They will help you to run a different kind of tests and data integration with external applications.
In order to use Maltego you need to open a free account on their website, after that,
you can launch a new machine or run transforms on the target from an existing one.
Once you have chosen your transforms, Maltego app will start running all the transforms from Maltego servers.
Finally, Maltego will show you the results for the specified target, like IP,
domains, AS numbers, and much more.
9. Recon-Ng
Recon-ng comes already built in the Kali Linux distribution and is another great tool used to perform quickly and thoroughly reconnaissance on remote targets.
This web reconnaissance framework was written in Python and includes many modules,
convenience functions and interactive help to guide you on how to use it properly.
The simple command-based interface allows you to run common operations like interacting with a database,
run web requests, manage API keys or standardizing output content.
Fetching information about any target is pretty easy and can be done within seconds after installing.
It includes interesting modules like google_site_web and bing_domain_web that can be used to find valuable information about the target domains.
While some recon-ng modules are pretty passive as they never hit the target network, others can launch interesting stuff right against the remote host.
Recon-Ng
10. theHarvester
theHarvester is another great alternative to fetch valuable information about any subdomain names,
virtual hosts, open ports and email address of any company/website.
This is especially useful when you are in the first steps of a penetration test against your own local network,
or against 3rd party authorized networks. Same as previous tools, theHarvester is included inside Kali Linux distro.
theHarvester uses many resources to fetch the data like PGP key servers, Bing, Baidu, Yahoo and Google search engine,
and also social networks like Linkedin, Twitter and Google Plus.
It can also be used to launch active penetration test like DNS brute force based on dictionary attack,
rDNS lookups and DNS TLD expansion using dictionary brute force enumeration.
11. Shodan
Shodan is a network security monitor and search engine focused on the deep web & the internet of things.
It was created by John Matherly in 2009 to keep track of publicly accessible computers inside any network.
It is often called the 'search engine for hackers',
as it lets you find and explore a different kind of devices connected to a network like servers, routers, webcams, and more.
Shodan is pretty much like Google, but instead of showing you fancy images and rich content / informative websites,
it will show you things that are more related to the interest of IT security researchers like
SSH, FTP, SNMP, Telnet, RTSP, IMAP and HTTP server banners and public information.
Results will be shown ordered by country, operating system, network, and ports.
Shodan users are not only able to reach servers, webcams, and routers.
It can be used to scan almost anything that is connected to the internet,
including but not limited to traffic lights systems, home heating systems,
water park control panels, water plants, nuclear power plants, and much more.
12. Jigsaw
Jigsaw is used to gather information about any company employees.
This tool works perfectly for companies like Google, Linkedin, or Microsoft,
where we can just pick up one of their domain names (like google.com),
and then gather all their employee's emails on the different company departments.
The only drawback is that these queries are launched against Jigsaw database located at jigsaw.com,
so, we depend entirely on what information they allow us to explore inside their database.
You will be able to find information about big companies, but if you are exploring a not so famous startup then you may be out of luck.
13. SpiderFoot
SpiderFoot is one of the best reconnaissance tools out there if you want to automate OSINT and have fast results for reconnaissance,
threat intelligence, and perimeter monitoring.
This recon tool can help you to launch queries over 100 public data sources to gather intelligence on generic names,
domain names, email addresses, and IP addresses.
Using Spiderfoot is pretty much easy, just specify the target,
choose which modules you want to run, and Spiderfoot will do the hard job for you collecting all the intel data from the modules.
14. Creepy
Creepy is a geo-location OSINT tool for infosec professionals.
It offers the ability to get full geolocation data from any individuals by querying social networking platforms like Twitter, Flickr, Facebook, etc.
If anyone uploads an image to any of these social networks with geolocation feature activated,
then you will be able to see a full active mal where this person has been.
You will be able to filter based on exact locations, or even by date.
After that, you can export the results in CSV or KML format.
Creepy
15. Nmap
Nmap is one of the most popular and widely used security auditing tools, its name means "Network Mapper".
Is a free and open source utility utilized for security auditing and network exploration across local and remote hosts.
Some of the main features include:
Host detection: Nmap has the ability to identify hosts inside any network that have certain ports open, or that can send a response to ICMP and TCP packets.
IP and DNS information detection: including device type, Mac addresses and even reverse DNS names.
Port detection: Nmap can detect any port open on the target network, and let you know the possible running services on it.
OS detection: get full OS version detection and hardware specifications of any host connected.
Version detection: Nmap is also able to get application name and version number.
16. WebShag
WebShag is a great server auditing tool used to scan HTTP and HTTPS protocols. Same as other tools,
it's part of Kali Linux and can help you a lot in your IT security research & penetration testing.
You will be able to launch a simple scan, or use advanced methods like through a proxy, or over HTTP authentication.
Written in Python, it can be one of your best allies while auditing systems.
Main features include:
PORT scan
URL scanning
File fuzzing
Website crawling
In order to avoid getting blocked by remote server security systems,
it uses an intelligent IDS evasion system by launching random requests per HTTP proxy server,
so you can keep auditing the server without being banned.
17. OpenVAS
OpenVAS (Open Vulnerability Assessment System) is a security framework that includes particular services and tools for infosec professionals.
This is an open source vulnerability scanner & security manager that was built after the famous Nessus switched from open source to private source.
Then, the original developers of the Nessus vulnerability scanner decided to fork the original project and create OpenVAS.
While it is a little bit more difficult to setup than the old Nessus,
it's quite effective while working with it to analyze the security of remote hosts.
The main tool included in OpenVAS is OpenVAS Scanner,
a highly efficient agent that executes all the network vulnerability tests over the target machine.
On the other hand, another main component is called OpenVAS Manager,
which is basically vulnerability management solution that allows you to store scanned data into an SQLite database,
so then you can search, filter and order the scan results in a fancy and easy way.
18. Fierce
Fierce is an IP and DNS recon tool written in PERL, famous for helping IT sec professionals to find target IPs associated with domain names.
It was written originally by RSnake along with other members of the old http://ha.ckers.org/.
It's used mostly targetting local and remote corporate networks.
Once you have defined your target network,
it will launch several scans against the selected domains and then it will try to find misconfigured networks
and vulnerable points that can later leak private and valuable data.
The results will be ready within a few minutes, a little bit more than when you perform any other scan with similar tools like Nessus,
Nikto, Unicornscan, etc.
Fierce
19. Unicornscan
Unicornscan is one of the top intel gathering tools for security research.
It has also a built-in correlation engine that aims to be efficient, flexible and scalable at the same time.
Main features include:
Full TCP/IP device/network scan.
Asynchronous stateless TCP scanning (including all TCP Flags variations).
Asynchronous TCP banner detection.
UDP Protocol scanning.
A/P OS identification.
Application and component detection.
Support for SQL Relational Output
20. Foca
FOCA (Fingerprinting Organizations with Collected Archives) is a tool written by ElevenPaths that can be used to scan,
analyze, extract and classify information from remote web servers and their hidden information.
Foca has the ability to analyze and collect valuable data from MS Office suite, OpenOffice, PDF,
as well as Adobe InDesign and SVG and GIF files. This security tool also works actively with Google,
Bing and DuckDuckGo search engines to collect additional data from those files. Once you have the full file list,
it starts extracting information to attempt to identify more valuable data from the files.
21. ZoomEye
In the cybersecurity world, we researchers are used to popular IoT search engines such as Shodan or Censys.
For a while, however, a powerful new IoT search engine has been rapidly gaining followers. We're talking about ZoomEye.
ZoomEye is a Chinese IoT OSINT search engine that allows users to grab public data from exposed devices and web services.
In order to build its database it uses Wmap and Xmap, and then runs extensive fingerprinting against all the information found,
ultimately presenting it to users in a filtered and curated way for easy visualization.
What information can you find with ZoomEye?
IPs interacting with networks and hosts
Open ports on remote servers
Total number of hosted websites
Total number of devices found
Interactive map of users hitting different devices
Vulnerabilities report
And much more. The public version offers access to a lot of data—but if you want to see what it can really do,
we suggest you sign up for a free account. That way you'll get to test the real power of this OSINT tool.
22. Spyse
Spyse is another OSINT search engine that lets anyone grab critical information about any website in the world.
Quite simply, Spyse is an infosec crawler that gets useful information for red and blue teams during the reconnaissance process.
Its database is one of the biggest around. Spyse users can access a diverse range of data including:
IP addresses (3.6B IPv4 hosts)
DNS records (2.2B)
Domain names (1.2 B)
ASN (68K)
Vulnerabilities (141K)
Associated domains
SSL/TLS data (29M)
If you're looking for a centralized website that will help you get the most important OSINT on any target,
then Spyse seems to be one of the top choices, according to many modern infosec teams.
23. IVRE
This infosec tool is frequently overlooked, but it has great potential in boosting your infosec discovery and analysis processes.
IVRE is an open source tool that's built on a base of popular projects like Nmap, Masscan, ZDNS, and ZGrab2.
Its framework uses these popular tools to gather network intelligence on any host, then uses a MongoDB database to store the data.
Its web-based interface makes it easy for both beginning and advanced infosec users to perform the following actions:
Passive reconnaissance by flow analysis (from Zeek, Argus or nfdump)
Active reconnaissance by using Zmap and Nmap
Fingerprinting analysis
Import data from other 3rd party infosec apps, such as Masscan/Nmap
IVRE can be installed by fetching the source from their official Github repo, or from 3rd-party repositories such as Kali Linux repo.
24. Metagoofil
Metagoofil is another great intel-reconnaissance tool that aims to help infosec researchers,
IT managers, and red teams to extract metadata from different types of files, such as:
doc
docx
pdf
xls
xlsx
ppt
pptx
How does it work? This app performs a deep search on search engines like Google, focusing on these types of files.
Once it detects such a file, it will download it to your local storage, then proceed to extract all of its valuable data.
Once the extraction is complete, you'll see a full report with usernames, software banners, app versions, hostnames and more,
a valuable resource for your recon phase.
Metagoofil also includes a number of options to help you filter the types of files to search for, refine the results and tweak the output,
among many other useful features.
25. Exiftool
While a lot of OSINT tools focus on data found on public files such as PDF, .DOC, HTML, .SQL, etc.,
there are other tools that are specifically designed to extract critical Open Source Intelligence data from image, video and audio files.
Exiftool reads, writes and extracts metadata from the following types of files:
EXIF
IPTC
GPS
XMP
JFIF
And many others
It also supports native files from a wide range of cameras, such as: Canon, Casio, FujiFilm, Kodak,
Sony, and many others. It's also conveniently available on multiple platforms including Linux, Windows and MacOS.
+---------------------------------------------------------------+
| 0x05 GOOGLE DORKING |
+---------------------------------------------------------------+
Google Dorks List 2021 – Google Hacking Database (Download)
Below is the file which has all the new Google Dorks that you can use for your Google hacking techniques.
2021/2022 Google Dorks List Download
https://www.mediafire.com/file/6ic59brlupvsz7i/Google-Dorks-List-New-2020.txt/file
????How to use Google Dorks for Credit Cards Details????
Step 1: Find Vulnerable Sites Using Google Dorks
We will use Google Dorks for getting credit card details by simply filtering the Search results containing the saved credit cards details.
Type the below code into your Google Search Bar:-
inurl:”.php?cat=”+intext:”Paypal”
Wondering what this weird thing is?
This is a basic Google dork code to get info about Paypal credit card.
Simply “inurl:” will filter the Google search results with websites having ” .php?cat “.
Whereas the intext will filter the search results containing the text”Paypal“.
After searching for the above Google Dork you will get a ton of websites containing various details about the Paypal payments.
The above Google dork is not only the single and most relevant Google Dork, there are a lot of others.
inurl:”.php?id=” intext:”Chekout”
inurl:”.php?id=” intext:”/Buy now/”
inurl:”.php?id=” intext:”/Payment Successful/”
inurl:”.php?id=” intext:”/Delivery address/”
inurl:”.php?id=” intext:”/Payment method/”
inurl:”.php?id=” intext:”/store/”
inurl:”.php?id=” intext:”/Delivery time/”
inurl:”.php?id=” intext:”/add to kart/”
inurl:”.php?id=” intext:”/Proceed to payment/”
inurl:”.php?id=” intext:”/Keep shoping/”
Also check out: List of 1000+Fresh Google Dorks
When entering these Google Dorks for credit card details you can get a warning from Google like below:
Don’t worry, fill the Captcha and you are good to go again.
Step 2: Use SQL In
jection to Login after getting the Google Dorks for credit card detail:
Google dorks for credit card
SQL is the common hacking technique used in cracking the logging insecurities.
Injecting a SQL code can bypass the username and password verification by sending a specific code instead of the real username and password.
Suppose you have got a list of websites using Google dorks which you are gonna use to get credit card details of people.
Go to the login page of a particular website and instead of entering the Email Id and password fill both fields with
” or “”=”
After entering the above code press the login button.
If your luck is with you have chances of getting logged in into someone’s account.
Either read my sql article given in telegram channel @its_me_kali_moments
NOTE: Above topic is only for educational purpose and we don’t appreciate any kind of illegal activities using Google Dorks.
What are search operators?
Google Operators are strings used to narrow the search results downwards.
When using search operators and adding the keywords these operators compel search engines to show the specific result.
Now can i make my own dork ?
Yes, you can you just need to be little bit create with this. example if you want to get shopping sites in india then dork is
inurl:”cart.php” intext:shopping” site:in
lets break it :
inurl => in url of website
intext: => in text of website pages or posts
site => search of in domains only.
And get all working google dorks
here ==>@its_me_kali
Some of the popular examples for finding websites that are vulnerable to SQL injection, XSS, API keys etc. are
Dork for SQL Injection - inurl: .php?id=
2. Dork for XSS - inurl:”.php?searchstring=”
3. Dork for API keys - intitle:”index of” api_key OR “api key” OR apiKey
Above are the most common examples of finding some common vulnerabilities on the websites, but this aren’t the limited one.
Still there are many websites that are passing sensitive information using GET method,
to make it secure you can use the blocking rules. Commonly,
the blocking rules could be setup easily by write some “Disallow” rules at robots.txt file.
Blocking Rules
While hunting on a private program I found a request where they were using GET parameter which contained email,
some key, ID, my country name etc. So I tried finding email’s of other users on the same site and I got some yahoo email ID’s
Dork Used for yahoo : site:target.com inurl:’@yahoo.co’ (which will give me .com and .co.in) emails of yahoo
Yahoo
I got an excel sheet containing yahoo emails and phone numbers of the users of that site.
Now I wanted to find some more emails so I enumerated further and got emails of outlook.live and gmail.com
2. Dork Used for outlook : site:target.com inurl:’@live.com’
Outlook
3. Dork Used for gmail : site:target.com inurl:’@gmail.com’
Gmail
Some more useful dorks :
site:<Website> inurl:<GET Parameter>
Example :
i) site:target.com inurl:api_key
ii) site:target.com inurl:email
iii) site:target.com inurl:amount
2. intitle:”index of” “/etc/mysql/”
3. site:”target.com” database.yml
4. inurl:group_concat(username, filetype:php intext:admin
5. inurl:/wwwboard/passwd.txt
6. filetype:reg reg HKEY_CLASSES_ROOT -git
7. inurl:/database* ext:sql intext:index of -site:target.com
This are some of the not so common but useful Google Dorks to find sensitive information of the website.
You can also modify this dorks and you can also use more dorks with this dorks.
NOTE : You can prevent a page from appearing in Google Search by including a “noindex” meta tag in the page's HTML code,
or by returning a 'noindex' header in the HTTP request.
???? HOW TO SEARCH ANY THREAD ON ANONFILES USING GOOGLE DORKS????
????SIMPLE : site:"anonfile.com" "<search term>"
???? EXAMPLE : site:"anonfile.com" "<combos>"
site:"anonfile.com" "<giftcards>"
Google Dorks https://play.google.com/store/apps/details?id=com.rushic24.root.mydork2
????????SOME OTHER GOOGLE DORKS ????????
intext:"add you search test here" intitle:"index.of" +(wmv|mpg|avi|mp4|mkv|mov) -inurl:(jsp|pl|php|html|aspx|htm|cf|shtml)
????Images :
intext:"add you search test here" intitle:"index.of./" (bmp|gif|jpg|png|psd|tif|tiff) -inurl:(jsp|pl|php|html|aspx|htm|cf|shtml)
????Music :
intext:"add you search test here" intitle:"index.of./" (ac3|flac|m4a|mp3|ogg|wav|wma) -inurl:(jsp|pl|php|html|aspx|htm|cf|shtml)
????Books :
intitle:"add you search test here" (pdf|epub|mob) "name or title" -inurl:(jsp|pl|php|html|aspx|htm|cf|shtml)
???? Popular Google Dork operators
Google’s search engine has its own built-in query language. The following list of queries can be run to find a list of files,
find information about your competition, track people, get information about SEO backlinks, build email lists, and of course, discover web vulnerabilities.
Let’s look at the most popular Google Dorks and what they do.
cache: this dork will show you the cached version of any website, e.g. cache: itsmekali.com
allintext: searches for specific text contained on any web page, e.g. allintext: hacking tools
allintitle: exactly the same as allintext, but will show pages that contain titles with X characters, e.g. allintitle:"Security Companies"
allinurl: it can be used to fetch results whose URL contains all the specified characters, e.g: allinurl client area
filetype: used to search for any kind of file extensions, for example, if you want to search for jpg files you can use: filetype: jpg
inurl: this is exactly the same as allinurl, but it is only useful for one single keyword, e.g. inurl: admin
intitle: used to search for various keywords inside the title, for example, intitle:security tools will search for titles beginning with “security”
but “tools” can be somewhere else in the page.
inanchor: this is useful when you need to search for an exact anchor text used on any links, e.g. inanchor:"cyber security"
intext: useful to locate pages that contain certain characters or strings inside their text, e.g. intext:"safe internet"
link: will show the list of web pages that have links to the specified URL, e.g. link: microsoft.com
site: will show you the full list of all indexed URLs for the specified domain and subdomain, e.g. site:securitytrails.com
*: wildcard used to search pages that contain “anything” before your word, e.g. how to * a website, will return “how to…” design/create/hack, etc… “a website”.
|: this is a logical operator, e.g. "security" "tips" will show all the sites which contain “security” or “tips,” or both words.
+: used to concatenate words, useful to detect pages that use more than one specific key, e.g. it itsme+ kali
–: minus operator is used to avoiding showing results that contain certain words, e.g. its_me_kali will show pages that use “its_me_kali” in their text, but not those that have the word “Kali”
Google Dork examples
Let’s take a look at some practical examples. You’ll be surprised how easy is to extract private information from any source just by using Google hacking techniques.
????Log files????
Log files are the perfect example of how sensitive information can be found within any website.
Error logs, access logs and other types of application logs are often discovered inside the public HTTP space of websites.
This can help attackers find the PHP version you’re running, as well as the critical system path of your CMS or frameworks.
For this kind of dork we can combine two Google operators, allintext and filetype, for example:
allintext:username filetype:log
This will show a lot of results that include username inside all *.log files.
In the results we discovered one particular website showing an SQL error log from a database server that included critical information:
MyBB SQL Error
SQL Error: 1062 - Duplicate entry 'XXX' for key 'username'
Query:
INSERT
INTO XXX (`username`,`password`,`salt`,`loginkey`,`email`,`postnum`,`avatar`,`avatartype`,
`usergroup`,`additionalgroups`,`displaygroup`,`usertitle`,`regdate`,`lastactive`,`lastvisit`,
`website`,`icq`,`aim`,`yahoo`,`msn`,`birthday`,`signature`,`allownotices`,`hideemail`,
`subscriptionmethod`,`receivepms`,`receivefrombuddy`,`pmnotice`,`pmnotify`,`showsigs`,
`showavatars`,`showquickreply`,`showredirect`,`tpp`,`ppp`,`invisible`,`style`,`timezone`,
`dstcorrection`,`threadmode`,`daysprune`,`dateformat`,`timeformat`,`regip`,`longregip`,
`language`,`showcodebuttons`,`away`,`awaydate`,`returndate`,`awayreason`,`notepad`,`referrer`,
`referrals`,`buddylist`,`ignorelist`,`pmfolders`,`warningpoints`,`moderateposts`,`moderationtime`,
`suspendposting`,`suspensiontime`,`coppauser`,`classicpostbit`,`usernotes`)
VALUES ('XXX','XXX','XXX','XXX','XXX','0','','','5','','0','','1389074395','1389074395','1389074395',
'','0','','','','','','1','1','0','1','0','1','1','1','1','1','1','0','0','0','0','5.5','2','linear',
'0','','','XXX','-655077638','','1','0','0','0','','','0','0','','','','0','0','0','0','0','0','0','')
This example exposed the current database name, user login, password and email values to the Internet. We’ve replaced the original values with “XXX”.
Vulnerable web servers
The following Google Dork can be used to detect vulnerable or hacked servers that allow appending “/proc/self/cwd/” directly to the URL of your website.
inurl:/proc/self/cwd
As you can see in the following screenshot, vulnerable server results will appear, along with their exposed directories that can be surfed from your own browser.
Vulnerable web servers
Open FTP servers
Google does not only index HTTP-based servers, it also indexes open FTP servers.
With the following dork, you’ll be able to explore public FTP servers, which can often reveal interesting things.
intitle:"index of" inurl:ftp
In this example, we found an important government server with their FTP space open. Chances are that this was on purpose — but it could also be a security issue.
Important government server with open FTP
ENV files
.env files are the ones used by popular web development frameworks to declare general variables and configurations for local and online dev environments.
One of the recommended practices is to move these .env files to somewhere that isn’t publicly accessible. However,
as you will see, there are a lot of devs who don’t care about this and insert their .env file in the main public website directory.
As this is a critical dork we will not show you how do it; instead, we will only show you the critical results:
ENV files
You’ll notice that unencrypted usernames, passwords and IPs are directly exposed in the search results.
You don’t even need to click the links to get the database login details.
SSH private keys
SSH private keys are used to decrypt information that is exchanged in the SSH protocol.
As a general security rule, private keys must always remain on the system being used to access the remote SSH server, and shouldn’t be shared with anyone.
With the following dork, you’ll be able to find SSH private keys that were indexed by uncle Google.
intitle:index.of id_rsa -id_rsa.pub
Let’s move on to another interesting SSH Dork.
If this isn’t your lucky day, and you’re using a Windows operating system with PUTTY SSH client,
remember that this program always logs the usernames of your SSH connections.
In this case, we can use a simple dork to fetch SSH usernames from PUTTY logs:
filetype:log username putty
Here’s the expected output:
SSH usernames
Email lists
It’s pretty easy to find email lists using Google Dorks. In the following example,
we are going to fetch excel files which may contain a lot of email addresses.
filetype:xls inurl:"email.xls"
Email lists
We filtered to check out only the .edu domain names and found a popular university with around 1800 emails from students and teachers.
site:.edu filetype:xls inurl:"email.xls"
Remember that the real power of Google Dorks comes from the unlimited combinations you can use.
Spammers know this trick too, and use it on a daily basis to build and grow their spamming email lists.
Live cameras
Have you ever wondered if your private live camera could be watched not only by you but also by anyone on the Internet?
The following Google hacking techniques can help you fetch live camera web pages that are not restricted by IP.
Here’s the dork to fetch various IP based cameras:
inurl:top.htm inurl:currenttime
To find WebcamXP-based transmissions:
intitle:"webcamXP 5"
And another one for general live cameras:
inurl:"lvappl.htm"
There are a lot of live camera dorks that can let you watch any part of the world, live.
You can find education, government, and even military cameras without IP restrictions.
If you get creative you can even do some white hat penetration testing on these cameras;
you’ll be surprised at how you’re able to take control of the full admin panel remotely, and even re-configure the cameras as you like.
Live cameras
MP3, Movie, and PDF files
Nowadays almost no one downloads music after Spotify and Apple Music appeared on the market. However,
if you’re one of those classic individuals who still download legal music, you can use this dork to find mp3 files:
intitle: index of mp3
The same applies to legal free media files or PDF documents you may need:
intitle: index of pdf intext: .mp4
Weather
Google hacking techniques can be used to fetch any kind of information,
and that includes many different types of electronic devices connected to the Internet.
In this case, we ran a dork that lets you fetch Weather Wing device transmissions.
If you’re involved in meteorology stuff or merely curious, check this out:
intitle:"Weather Wing WS-2"
The output will show you several devices connected around the world,
which share weather details such as wind direction, temperature, humidity and more.
weather-wing-device-transmissions
Preventing Google Dorks
There are a lot of ways to avoid falling into the hands of a Google Dork.
These measures are suggested to prevent your sensitive information from being indexed by search engines.
Protect private areas with a user and password authentication and also by using IP-based restrictions.
Encrypt your sensitive information (user, passwords, credit cards, emails, addresses, IP addresses, phone numbers, etc).
Run regular vulnerability scans against your site, these usually already use popular
Google Dorks queries and can be pretty effective in detecting the most common ones.
Run regular dork queries against your own website to see if you can find any important information before the bad guys do.
You can find a great list of popular dorks at the Exploit DB Dorks database.
If you find sensitive content exposed, request its removal by using Google Search Console.
Block sensitive content by using a robots.txt file located in your root-level website directory.
Using robots.txt configurations to prevent Google Dorking
One of the best ways to prevent Google dorks is by using a robots.txt file. Let’s see some practical examples.
The following configuration will deny all crawling from any directory within your website,
which is pretty useful for private access websites that don’t rely on publicly-indexable Internet content.
User-agent: *
Disallow: /
You can also block specific directories to be excepted from web crawling.
If you have an /admin area and you need to protect it, just place this code inside:
User-agent: *
Disallow: /admin/
This will also protect all the subdirectories inside.
Restrict access to specific files:
User-agent: *
Disallow: /privatearea/file.htm
Restrict access to dynamic URLs that contain ‘?’ symbol
User-agent: *
Disallow: /*?
To restrict access to specific file extensions you can use:
User-agent: *
Disallow: /*.php$/
In this case, all access to .php files will be denied.
Advanced Google Dorking Commands
intitle:"index of" inurl:ftp.
filetype:txt inurl:"email.txt"
Live cameras We can use Google to find open cameras that are not access restricted by IP address. The following Google dorks retrieve live cameras web pages.
inurl:"view.shtml" "Network Camera"
"Camera Live Image" inurl:"guestimage.html"
filetype:log intext:password after:2021 intext:@gmail.com | @yahoo.com | @hotmail.com
1 month ago
1 month ago
1 month ago
1 month ago
1 month ago
2 months ago
2 months ago
2 months ago
2 months ago
2 months ago