Home Information Gathering uDork – Advanced Google Search Techniques to Obtain Sensitive Information in Files or Directories, Find IoT Devices and More

uDork – Advanced Google Search Techniques to Obtain Sensitive Information in Files or Directories, Find IoT Devices and More

August 7, 2020 Leave a Comment
uDork List of google dork - Advanced Google Search Techniques to Obtain Sensitive Information

Google dork is the most effective way to perform information gathering on web application. Search engine can do anything to help you find juicy information, but we have to understand the technique and use accurate keyword to collect some sensitive data.

uDork – Google Hacking Tool

uDork is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files or directories, find IoT devices, detect versions of web applications, and so on.

uDork does NOT make attacks against any server, it only uses predefined dorks and/or official lists from exploit-db.com (Google Hacking Database: https://www.exploit-db.com/google-hacking-database).

Download and install:

$ git clone https://github.com/m3n0sd0n4ld/uDork
$ cd uDork
$ chmod +x uDork.sh
- Open the file "uDork.sh" and write inside this line:

uDork - Advanced Google Search Techniques to Obtain Sensitive Information in Files or Directories, Find IoT Devices and More
$ ./uDork.sh -h

Steps to obtain the cookie and configure the cookie

  1. Login to facebook.com
  2. Now we will access www.messenger.com (It is the Facebook messaging app) and click on the “Continue as…” button
  3. Once we’re in, all we have to do is get the two cookies we need to make uDork work.
Hack messenger facebook with google dork

With firefox:

  • — Right mouse button and click on “Inspect”.
  • — Click on the “Network” tab and select any line that is in the domain “www.messenger.com“.
  • — Now click on the “Cookies” tab, copy and paste the cookies “c_user” and “xs” into the “uDork.sh” file.
uDork - hack facebook using hijack cookies information

Thus: cookies=”c_user=XXXXXX; xs=XXXXXX;”

uDork - Advanced Google Search Techniques to Obtain Sensitive Information in Files or Directories, Find IoT Devices and More

With Google Chrome

  • — Right mouse button and click on “Inspect”.
  • — Click on the tab “Application”, in the left column, look for the section “Cookies”, copy and paste the cookies “c_user” and “xs” with their value to the file “uDork.sh”.
uDork - Advanced Google Search Techniques to Obtain Sensitive Information in Files or Directories, Find IoT Devices

Thus: cookies=”c_user=XXXXXX; xs=XXXXXX;”

uDork - Advanced Google Search Techniques to Obtain Sensitive Information in Files or Directories, Find IoT Devices and More

Docker version:

$ git clone https://github.com/m3n0sd0n4ld/uDork
$ cd uDork
$ docker build -t udork .
$ docker run --rm -it -e c_user=XXXXXXXXX -e xs=XXXXXXXXX udork -h

Use:

Menu

uDork Menu - Advanced Google Search Techniques to Obtain Sensitive Information in Files or Directories, Find IoT Devices

Example of searching pdf files

uDork - Dorking sensitive PDF file

Example of a search for a list of default extensions.

uDork - Find all sensitive information of web application with google dork

Example of searching routes with the word “password”

uDork - Find admin account password with google dork

Dorks listing

uDork - Advanced Google Search Techniques to Obtain Sensitive Information

Example of use Dorks Massive

uDork - All in One google dork hacking
Download uDork

You May Also Like

Mantra - Tool to Find API key and Sensitive Information Leaks in JS Files and Pages

Mantra – Tool to Find API key Leaks in JS Files & Pages

Assetfinder-Tool-to-Discover-Facing-Assets-like-subdomains-and-related-domain-for-Target-Domain

Assetfinder – Tool to Discover Facing Assets for Target Domain

httpx - Tool To Screenshot and Extract Metadata From List of domains or hosts

HTTPX – Multi-purpose HTTP Toolkit

Nuclei Hacking Tool is an open-source project that automates scanning for known vulnerabilities in web applications

Nuclei – Automated Vulnerability Scanner Tool

MetaFinder - Tool for Searching Documents in a Domain with search engine google, bing, baidu, yandex

MetaFinder – Tool for Searching Documents in a Domain

Dirsearch - Web Content Fuzzing Scanner to find juicy APIs or endpoints, sensitive data exposure, config file

Dirsearch – Web Content Discovery Scanner

Leave a Reply

Your email address will not be published. Required fields are marked *

4 × three =