Today friends, we will learn about google dorks.
Dorks are common parameters that can be used to quickly locate things that should not be on the internet.
this post was submitted on 06 Jun 2024
3 points (100.0% liked)
196
18774 readers
15 users here now
Be sure to follow the rule before you head out.
Rule: You must post before you leave.
Other rules
Behavior rules:
- No bigotry (transphobia, racism, etc…)
- No genocide denial
- No support for authoritarian behaviour (incl. Tankies)
- No namecalling
- Accounts from lemmygrad.ml, threads.net, or hexbear.net are held to higher standards
- Other things seen as cleary bad
Posting rules:
- No AI generated content (DALL-E etc…)
- No advertisements
- No gore / violence
- Mutual aid posts are not allowed
NSFW: NSFW content is permitted but it must be tagged and have content warnings. Anything that doesn't adhere to this will be removed. Content warnings should be added like: [penis], [explicit description of sex]. Non-sexualized breasts of any gender are not considered inappropriate and therefore do not need to be blurred/tagged.
If you have any questions, feel free to contact us on our matrix channel or email.
Other 196's:
founded 2 years ago
MODERATORS
And if google dorks aren’t interesting enough, because google does not index enough public buckets for you, then we get to learn about gray hat warfare too :)
Allow me to introduce the often abused Computer Fraud and Misuse act: https://en.m.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act
If you’d like to lose the ability to use ANY sort of technology for decades if not indefinitely, go ahead with the greyhat stuff.
The sector of lawfully using your knowledge for good is ever expanding and pays well. I’d strongly advise using your powers for good and dodge any unnecessary risk if you enjoy doing what you do.
9/10 times, it ain’t worth the risk. Being strategic and thinking things over carefully (err on the side of least action) is going to benefit you
My apologies, allow me to elaborate - grayhatwarfare.com is a cybersecurity company that crawls and indexes publicly-available blob stores, like s3 buckets, azure storage accounts, digital ocean spaces, and google cloud object stores. They offer limited search capabilities for free, no account-wall.
They are a legitimate cybersecurity company, despite their name.
My employer is working on a sensitive data scanning service, to alert clients in case their information surfaces in these buckets (even if they do not own the bucket), leveraging the grayhatwarfare api. In short, allowing us to detect and remediate the problem, which I hope you will agree is a white-hat activity :)
I do not publicly condone breaking the law. I reserve the right to criticize the DMCA tho ;)
Good to know! Hadn’t heard of these peeps before, appreciate the clarification and new info!
This is a honeypot, stop it.
I hate amazon as much as the next guy but the way this works is documented and well-known. The people who stored it there fucked up.
Those aren't what classified markings look like. It's fake.
Has anyone read the document? It doesn't actually look legitimate.
What? You're doubting the legitimacy of the top secret J.O.R.D.A.N. bill? What next, you'll call the L.E.B.R.O.N. bill into question as well? I'm flabbergasted at your unending skepticism.
brb going to upload some fanfics as pdfs to S3 with not for public release in the title
It all basically reads like fan-fic already tbh. Or maybe like... How do I explain it... These look like documents Cosplaying as top-secret information. They are LARP-ing as top-secret documents. For an alternate timeline.
We call this search engine flooding from where I’m from 😉