Google Dorking
• leads to credentials, source code snippets,
contact info, vulnerabilities, files, etc.
• lots of dork sources
– GHDB
– Anonymous SQLi Google dorks
– Goo-git dorks
– custom dorks (appsec specific)
• also, BHDB
– http://www.bishopfox.com/download/876/
• [recon-ng] > search ghdb
– recon/domains-vulnerabilities/ghdb
OSINT for AppSec: Recon-ng and Beyond - Tim Tomes 2015 ! 31!
#DEMO