A Guide to Effective Google Dorking: Techniques, Tools, and Tips for Gathering Targeted Website URLs and Exploiting Vulnerabilities

February 19, 2024 | Author: Anonymous | Category: N/A
Share Embed Donate


Short Description

Download A Guide to Effective Google Dorking: Techniques, Tools, and Tips for Gathering Targeted Website URLs and Exploi...

Description

DORK PACK BY XBOXGAMER#5550

Contents of the pack 1. Dorking 2. Basic rules of dorking 3.Parameters 4. Keywords 5. Domains 6. Search functions 7. Google dorking 8. Dork types 9 Dork types PT2 10. REGEX 11. Dork gen 12. Parsing 13. Targeting methods 14. LFI

What is the meaning of dorking? Dorking is the usage of a search engine's search syntax to collect urls that are related to your target and on exploiting these urls, you will get data. This pack will go in detail and teach you on how to do dorking, which will eventually help you to get databases Rules- (1) Dont be retarded 2) Have patience. No patience = no shit 3) You will get hits once you have learnt and understood dorking from the book. Still i cant guarantee you hits as some wont understand

Meaning of basic dorking things Dorks - Search queries(contain keywords ,search operators, etc) which are modified to gain information. to find basic and unprotected sites. Keywords- words which you use to search something in google like example if you are looking for results for lets say top best games of 2022 then you're keyword will be "top best games of 2022" Parsing- gathering urls using keywords or dorks on a Parser (tool) which gets urls from different search engines is known as parsing. SQL exploiting/dumping- attacking a specific URL to obtain the data which is contained in it. Dumping is just putting the data in a email:password or user:pass combination (combo)

Basic information on the Pack Now this Pack includes the one with support and the other without.. and isnt provided with any tools (Can help in suggesting tools if bought with support) as this is just a Pack which teaches Dorking Parser - Magic dork (12$) is a good tool having dork generator, parser, vulnerability scanner, keyword scraper and such features Mango keywords (50$) lite lifetime (100$) premium lifetime. Mango is an all in one dorking tool having all the things a dorker requires except a dumper. Also has professional subscription which offers proxyless parsing for 30$ a week. Dumper- XDG, Rusty dumper are good dumping tool Vulnerability scanner- SQL ray will be the one i recommend as it is good after its update (5$ lifetime sub) ALL in one tool- Parsify (150$ lifetime) Is the only good one in the market i believe but there could be future rivals

What are parameters? How to get good ones? PARAMETERS These are the Things which are usually found at the end of the URL, Which helps us in getting specific and more vulnerable URLs. Parameters are what interface with the database The parameters influence on getting public or private combos. For example if you have unique parameters then you will get unique URLs which directly influence on getting private databases. There are 2 ways of gettting params- handwriting. Using parameters will only get you urls which have the parameters which you inserted while making the dorks, getting good chance of Private URLs . Private URLs = private combos so yeah. Wondering how to get them? Well its simple. While making dork types instead of putting inurl:param just put inurl:&** which will help you get mass parameters. Keep reading the book to see how to filter out the bad ones

Keywords and how to get them? Keywords - These are the words which people use to browse on google. Example - if you wanted to see the new update on fortnite then you would type "Fortnite new season update changes" So using keywords is key to getting URLs. Well there arent any "private" keywords but you can get unique ones How to get them? Well first go to keyword shitter then get the keywords you want for your target. Now parse them into URLs then extract keywords using metagrabber Download link- https://anonfiles.com/XeAeedS3xf/Kostrikov_Keyword_Extractor_routesadded_exe Read the book till the end to figure out on how to filter the keywords You could also spider websites using screaming frog ( screaming frog is a tool) Handfilter the kw then parse them using a parser Then extract the urls using meta kostrikovv extractor then you will have hq kw

Domains now this mainly depends on which all domain types you want and there is not really any specific method to get domain types. these are some usa targetted domains here - .us, .ca, .co.us , .xyz and .cn Domain types dont matter much if youre not going for targetted URLs If you still have questions feel free to dm me on discord

Search functions Search functions is basically taking data which you specifically want from google. For example: inurl:param will give results with parameters in the URL so yeah that is search function Now there are a few types of search functions but i would suggest you guys to mainly use intext: and inurl: as other ones arent much useful inurl - This is useful if you’ve forgotten the exact URL of a website, but can still remember bits of it. ex: Inurl:IggGames intext-This operator searches only for sites where the given word(s) are in the text of the page. ex- Intext :Minecraft Page types - Pagetypes are just the extention of the website like php? And asp? Ecr Now in this case aswell there are 5 -6 of them but i only recommend you to use php and php? as the other ones are usually old

Google dorking I will only teach google dorking as bing will give lq results and its no use lol google is an index containing most of the websites on the internet, this means google also has many vulnerable sites which we use. Over time , google dorking has become really difficult as google bans IPs extremely fast and this means you guys will either have to buy UHQ proxies for parsing on google or buy a proxyless google parser. So what i mean is google dorking can be expensive but totally worth it Keep simple dork types as too complicated ones wont get you results and will get youre proxies raped faster than usual

Dork Types (kw) - is keyword (xw) or (KW2) is keyword 2 ex - ((kw) (xw)) = ((minecraft) (1.18)) (sf) is search function (recommend using only inurl: and intext: (pr) is parameter (pt) is page type (recommend using only php and php?) (dom) is domain ext is extension. you mightve seen ext:php. in this case php is the page type or (pt)

Dork types pt.2 Dork Types- it is how youre dorks are generated and sequenced Using simple dork types is better than using complex ones as using advanced and complex ones makes google think you are a bot which leads to faster ip bans and less URLs Making dork types - Making dork types is easy and mostly to play around with different combinations of dork types ((kw) + (xw) ext:php inurl:pr^= (kw) ext:php inurl:pr^= ((xw) + (kw)) ext:php inurl:pr^= (kw) + (xw) ext:php inurl:pr^= now this is an example the (kw) + (xw) binds the keyword one with the keyword 2 ex- (minecraft) + (1.18) putting keyword 2 before keyword gives godly results aswell (keyword) + (xw) is kw independently and xw independently

Regex "" -quotations are very usefull for searching exact phrases as it groups text together and only shows results for what is exactly in those quotes, so when using these make sure your kw are clear and will be used in a page * -this is used as a wildcard and can replace anything and everything, so if you search: Minecraft * this will show many more results than just searching Minecraft because literally any word can be after Minecraft ^ and . -these basically make sure the immediate text after it is present () -this groups data together and can be used similarly to "" but it doesn't have the precision of "" and does not search for an exact phrase + -this connects queries for example Minecraft + servers will obviously come up with URLs to do with Minecraft servers & -this does roughly the same as + but instead of connecting the queries it shows results for both sides of it, think of it as asking google for results for this AND this ~ -this basically means related/synonym so if you search ~Minecraft it should in theory give results for Minecraft related things | -this just mean OR so if you search Minecraft | Fortnite it will give results for both Minecraft or Fortnite ext: -this searches the page extension of the URL so ext:php would only give URLs with the page extension .php? (we will be targeting php? Throughout the pack because it's old asf and is only SQL vuln) Site: -this searches a specific domain or domain extensions so site:minecraft.net will only give results for minecraft.net but site:.net will only give results for URLs with the .net extension. This is usefull if you have a country target

Dork generator Using a dork generator now generate these dorks. ex- dorky dorker is free for all and is good aswell Now next step is to parse these dorks into URLs using all the above methods you will get good results so make sure to read the whole thing if you skipped it!

Parsing Parsing - To parse you will need a vpn or proxies . i would suggest proxies if you do have the budget for good ones. zenum.io proxies are I wouldnt recommend vpn parsing For google parsing i would reccomend about 10 pages and 60-100 threads for fast and good results. 1 more Tip for you to get more URLs is to always check the dorks using dork checker and use only the valid ones. Many upcoming and new parsers have this feature so dont forget to use it

Targeting methods Targetting methods 1) Hand filtering keywords or even handwriting them - Some times its best to handwrite keywords to get uhq results but then hand filtering is way ezier. Basically all you gotta do is take out useless ones which dont make sense or isnt related to your target in anyway 2) Filtering Page Parameters- Remove any parameter with _ .Remove any non english characters parameter .Remove any parameter which isnt related to your target and doesnt make sense

LFI targetting Combos which are gotten from LFI will be better than SQLI as not many people know how to get combos from LFI, but at the same time its more difficult to get lines from LFI as it is difficult to execute. Now i myself dont know how to exploit LFI and get combos but i know a tool for exploiting LFI. https://github.com/D35m0nd142/LFISuite ^ download the tool from here. The name of the tool is LFI suite

IF YOU HAVE ANY DOUBTS THEN DM ME Discord- XBOXGAMER#5550 Telegram - XB0XGAMER

View more...

Comments

Copyright ©2017 KUPDF Inc.
SUPPORT KUPDF