UGoogle Dorks: Ukuphonononga iintlobo zabo kunye nendlela yokuzisebenzisa [Cheatsheet]
Kwihlabathi elikhulu lokukhangela kwi-intanethi, kukho iindlela eziphambili zokukhangela ulwazi oluthile oluhamba ngaphaya kokufaka amagama angundoqo kwi-injini yokukhangela. Enye yezi ndlela zokukhangela ezintsonkothileyo ziye zaduma kwindawo yokhuseleko lwekhompyuter kunye nophando lolwazi, iGoogle Dorks.
Sithetha ngoluhlu lwemiyalelo kunye nobuchule obuvumela abasebenzisi ukuba bafumane ulwazi olufihliweyo nolubucayi ngokuchanekileyo nangempumelelo.
Kweli nqaku, siza kuphonononga iindlela ezahlukeneyo abasebenzisi banokwandisa izakhono zabo zokukhangela kwi-intanethi; Fumana idatha yexabiso ngaphandle kokuxhomekeka kuphela kukhangelo oluqhelekileyo. Funda kude kube sekupheleni kwaye ube yingcali ekufumaneni ulwazi kwi-Intanethi.
Kubalulekile ukuqaphela ukuba iidoki kufuneka zisetyenziswe ngokusesikweni nangomthetho. Ukusebenzisa i-dorks ukufikelela, ukuxhaphaza, okanye ukuthobela iinkqubo ngaphandle kokugunyaziswa ngumsebenzi ongekho mthethweni kunye nokuphulwa kobumfihlo kunye nokhuseleko. I-Dorks sisixhobo esinamandla, kodwa ukusetyenziswa kwazo kufuneka kuhambelane nemigaqo yokuziphatha kunye neyomthetho..
Siza kuqala ngokukwenza kucace kuwe ukuba yintoni iDork kwiSayensi yeKhompyutha
Ayisiyonto ngaphandle komtya okhethekileyo wokukhangela osetyenziselwa ukufumana ulwazi oluthile ngeenjini zokukhangela, ezifana neGoogle. Ezi ntambo zokukhangela, ezikwabizwa ngokuba yi "Google dorks" okanye ngokulula "dorks", zivumela abasebenzisi ukuba benze uphando oluthe kratya kunye oluchanekileyo. Fumana ulwazi olufihlakeleyo okanye olunovakalelo olungenakufikeleleka ngokulula ngophendlo oluqhelekileyo.
I-Dorks yenziwe ngamagama angundoqo athile kunye nabaqhubi abangena kwi-injini yokukhangela ukucoca iziphumo zolwazi oluthile. Umzekelo, idokhi inokuyilelwa ukukhangela abalawuli abaveziweyo, amagama ayimfihlo avuzayo, iifayile ezibuthathaka, okanye iiwebhusayithi ezisesichengeni sokuhlaselwa. I-Dorks isetyenziswa ngokubanzi ziingcali zokhuseleko, abaphandi, kunye nabahlaseli bokuziphatha ukufumana kunye nokuvavanya ubuthathaka obunokubakho kwiinkqubo kunye nokusetyenziswa.
Ziziphi iintlobo zeGoogle Dorks kwaye zisetyenziswa njani?
UGoogle Dorks sisixhobo esinamandla. Le miyalelo yokukhangela ephezulu ivumela abasebenzisi ukuba benze uphendlo oluthe ngqo kwaye bafumanise ulwazi olungaqhelekanga ukufikeleleka ngendlela eqhelekileyo. Nantsi eyona ibalulekileyo:
IiDork zikaGoogle ezisisiseko
Los IiDorks ezisisiseko zikaGoogle zezona zilula kwaye zisetyenziswa ngokuqhelekileyo imiyalelo yophendlo. Ezi dorks zijolise ekufuneni amagama angundoqo athile kumaphepha ewebhu kwaye kunokuba luncedo ekufumaneni ulwazi oluthile. Eminye imizekelo yeeDorks ezisisiseko zikaGoogle zezi:
- isihloko: Ikuvumela ukuba ukhangele amagama angundoqo kwisihloko sephepha lewebhu. Umzekelo, "intitle:hackers" baya kubonisa onke amaphepha anegama elithi "hackers" kwisihloko sabo.
- inurl: Le dork ijonga amagama angundoqo kwii-URL zamaphepha ewebhu. Umzekelo, "inurl:admin" iya kubonisa onke amaphepha anegama elithi "admin" kwi-URL yawo.
- Uhlobo lwefayile: Khangela iifayile ezithile ngokusekelwe kuhlobo lwazo. Umzekelo, "uhlobo lwefayile: pdf" iya kubonisa zonke iifayile zePDF ezinxulumene negama eliphambili elikhankanyiweyo.
dorks eziphambili
I-Google Dorks ephucukileyo idlula ngaphaya kophando olusisiseko kwaye ivumele ukuphononongwa okunzulu kwewebhu. Ezi dorks ziyilelwe ukufumana ulwazi oluthe kratya okanye oluthe ngqo.. Eminye imizekelo yeeDork zikaGoogle eziphambili zezi:
- site: Le dork ikuvumela ukuba ukhangele ulwazi oluthile kwiwebhusayithi ethile. Umzekelo, "site:example.com password" iya kubuyisela onke amaphepha akwi-example.com anegama elithi "password".
- ikhava: Le dork ibonisa uguqulelo olugciniweyo lwephepha lewebhu. Kuluncedo xa ufuna ukufikelela kwiphepha elisusiweyo okanye elingekhoyo ngoku.
- ikhonkco: Le dork ibonisa amaphepha adibanisa kwi-URL ethile. Kunokuba luncedo ekufumaneni iiwebhusayithi ezinxulumeneyo okanye ukufumana i-backlinks.
IiDorks zokhuseleko lwekhompyuter
IiGoogle Dorks zikwasetyenziswa ngokubanzi kwindawo yokhuseleko lwekhompyuter ukukhangela ubuthathaka, ukuvezwa, kunye nedatha ebuthathaka. Eminye imizekelo yeeDork zikaGoogle ezisetyenziswa kukhuseleko lwekhompyuter yile:
- Inombolo yokuvula: Le doki ikhangela amaphepha e web aqulathe iifayile ezigqithisiweyo eziveziweyo okanye abalawuli abasesichengeni.
- UShodan: Isetyenziselwa ukukhangela izixhobo eziqhagamshelwe kwi-Intanethi nge-injini yokukhangela ye-Shodan. Umzekelo, "ishodan:webcam" iya kubonisa iikhamera zewebhu ezifikelelekayo.
- "Isalathisi se": Phendla izalathisi zefayile kwiiseva zewebhu, ezinokuveza iifayile ezinovakalelo okanye zabucala.
Dorks zophando lolwazi
UGoogle Dorks zizixhobo ezixabisekileyo zophando lolwazi kunye nokuqokelelwa kwedatha. Eminye imizekelo kaGoogle Dorks esetyenziswa kuphando lolwazi yile:
- "umbhalo:": Le dork ikuvumela ukuba ukhangele igama elithile okanye ibinzana ngaphakathi komxholo wephepha lewebhu. Umzekelo, "umbhalo:OpenAI" uya kubonisa onke amaphepha aqulethe igama elithi "OpenAI" kumxholo wawo.
- "Inanchor:" Khangela amagama angundoqo athile kwiikhonkco zekhasi lewebhu. Kunokuba luncedo ekufumaneni iiwebhusayithi ezinxulumene nesihloko esithile okanye igama elingundoqo.
- ezinxulumene:: Bonisa iiwebhusayithi ezinxulumene ne-URL ethile okanye isizinda. Inokukunceda ukufumanisa iiwebhusayithi ezifanayo okanye ezinxulumene nesihloko esithile.
Dorks ukukhangela ubuthathaka
IiDork zikaGoogle zikwasetyenziselwa ukukhangela ubuthathaka kwiiwebhusayithi kunye neeapps. Ezi dorks ziyilelwe ukufumana iiwebhusayithi ezinokuthi zibe sesichengeni sokuhlaselwa okanye ukuvuza kolwazi. Eminye imizekelo yeeDork zikaGoogle ezisetyenziswa kukhangelo lobuthathaka zezi:
- Isitofu seSQL: Le dork ijonga iiwebhusayithi ezinokuthi zibe sesichengeni sohlaselo lwenaliti yeSQL.
- "XSS": Oku kukhangela iiwebhusayithi ezinokuba sesichengeni kuhlaselo lwe-cross-site scripting (XSS).
- Fayile Upload: Ijonga iiwebhusayithi ezivumela ukufakwa kweefayile, ezinokuthi zibe sesichengeni ukuba aziphunyezwanga ngokuchanekileyo.
INDLELA YOMNIKELO! FUMANA uyithumela njani imiyalezo engaziwa usebenzisa iiApps eziphathwayo
Eminye Imibuzo Ebuzwa Rhoqo kunye neempendulo zabo malunga noGoogle Dorks
Njengoko sifuna ukuba ungabi namathandabuzo malunga nezi zixhobo, apha sikushiyela ezona mpendulo zilungileyo kumathandabuzo akho:
Ngaba kusemthethweni ukusebenzisa iGoogle Dorks?
Ukusetyenziswa kweGoogle Dorks ngokwayo kusemthethweni. Nangona kunjalo, kubalulekile ukuzisebenzisa ngokufanelekileyo nangokuthembekileyo. Ukusebenzisa i-dorks kwimisebenzi engekho mthethweni, njengokufikelela okungagunyaziswanga kwiinkqubo, ukwaphula ubumfihlo okanye ukwenza ubuqhophololo, akukho mthethweni kwaye akuvumelekanga.
Yeyiphi imingcipheko yokusebenzisa iGoogle Dorks?
Ukusetyenziswa ngokungafanelekanga okanye ngokungafanelekanga kukaGoogle Dorks kunokuba neziphumo ezibi, ezinjengokophula imfihlo yabanye, ukufikelela kulwazi olubuthathaka ngaphandle kwemvume, okanye ukwenza izinto ezingekho mthethweni. Kubalulekile ukuqonda imida yokuziphatha nesemthethweni xa usebenzisa ezi zixhobo.
Zeziphi iindlela ezisesikweni zokusetyenziswa kukaGoogle Dorks?
Ukusetyenziswa okusesikweni kweGoogle Dorks kubandakanya ukuchonga kunye nokulungisa ubuthathaka kwiinkqubo kunye nezicelo, ukuvavanya ukhuseleko lwewebhusayithi, kunye nokufumana ulwazi oluveziweyo ukwazisa abanini kunye nokunceda ukukhusela ubumfihlo kunye nokhuseleko.
Ndingafunda njani ukusebenzisa iGoogle Dorks ngokufanelekileyo?
Unokufunda ukusebenzisa iGoogle Dorks ngokufanelekileyo ngophando, ukufunda amaxwebhu, ukuthatha inxaxheba kuluntu lokhuseleko lwekhompyuter kunye neeforamu, kunye nokuziqhelanisa. Kukho izixhobo ezikwi-intanethi, izifundo, kunye nezifundo ezinokukunceda uphucule izakhono zakho ekusebenziseni uGoogle Dorks.
| Google Dork Type | Umzekelo kaGoogle Dork |
|---|---|
| uphendlo olusisiseko | isihloko: "igama elingundoqo" |
| inurl:"igama elingundoqo" | |
| uhlobo lwefayile: "uhlobo lwefayile" | |
| indawo: "domain.com" | |
| indawo yokugcina: "URL" | |
| ikhonkco: “URL” | |
| Ukhuseleko lwekhompyuter | umbhalo:"Impazamo yeSQL" |
| umxholo: "igama lokugqitha livuzisiwe" | |
| umxholo: "iisetingi zokhuseleko" | |
| inurl:"admin.php" | |
| isihloko: "iphaneli yokulawula" | |
| indawo: "domain.com" ext:sql | |
| Ulwazi oluyimfihlo | umxholo:"ulwazi oluyimfihlo" |
| isihloko: "ifayile yegama lokugqithisa" | |
| uhlobo lwefayile: docx "imfihlo" | |
| inurl:"ifayile.pdf" isicatshulwa:"inombolo yokhuseleko loluntu" | |
| inurl:"ugcino" ext:sql | |
| isihloko: "directory index" | |
| ukuhlola iwebhusayithi | indawo:domain.com "ngena" |
| indawo:domain.com "isalathisi se" | |
| indawo:domain.com isihloko: "ifayile yegama lokugqithisa" | |
| indawo: domain.com ext: php umbhalo: "impazamo yeSQL" | |
| indawo:domain.com inurl: "admin" | |
| indawo:domain.com uhlobo lwefayile:pdf | |
| abanye | allinurl:"igama elingundoqo" |
| allintext:"igama elingundoqo" | |
| ezinxulumene: domain.com | |
| ulwazi:domain.com | |
| chaza: "igama" | |
| incwadi yefowuni: "igama loqhagamshelwano" |
Ngaba kukho iindlela ezizezinye kwesi sixhobo kukhangelo oluphambili?
Ewe, kukho ezinye izixhobo kunye nobuchule bokwenza uphando oluphezulu, njenge-Bing dorks, i-Yandex dorks okanye i-Shodan (ukukhangela izixhobo ezixhunyiwe kwi-Intanethi). Nganye ineempawu zayo ezithile kunye neendlela zayo.
Ndingayikhusela njani iwebhusayithi yam okanye iapp ukuba ingafunyanwa nguGoogle Dorks?
Ukukhusela iwebhusayithi yakho okanye i-app yakho ekubeni ifunyanwe nguGoogle Dorks, kubalulekile ukuphumeza iindlela ezilungileyo zokhuseleko, ezinjengokuqinisekisa ukuba abalawuli ababuthathaka kunye neefayile zikhuselekile, ukugcina isoftware isexesheni, ukusebenzisa useto olulungileyo lokhuseleko, kunye nokwenza uvavanyo lokungena chonga ubuthathaka obunokwenzeka.
Ngawaphi amanyathelo okhuseleko ekufuneka ndiwathathe ukuba ndifumanisa ukuba iwebhusayithi yam isengozini ngeGoogle Dorks?
Ukuba ufumanisa ukuba iwebhusayithi yakho isesichengeni ngeGoogle Dorks, kubalulekile ukuthatha inyathelo kwangoko ukulungisa ubuthathaka. Oku kunokubandakanya ukubhaca isixokelelwano, ukulungisa iimpazamo zolungiselelo, ukunqanda ukufikelela okungagunyaziswanga, kunye nokuphucula ukhuseleko olupheleleyo lwesiza.
Ngaba zinokusetyenziswa kwezinye iinjini zokukhangela ngaphandle kukaGoogle?
Ngelixa i-Google Dorks iyimiyalelo eyilelwe ukuba isetyenziswe kwi-injini yokukhangela ye-Google, abanye babaqhubi kunye nobuchule bunokusetyenziswa kwezinye iinjini zokukhangela ngokunjalo. Nangona kunjalo, kubalulekile ukuqaphela umahluko kwi-syntax kunye neziphumo phakathi kweenjini zokukhangela.
Ndingayisebenzisa njani iGoogle Dorks ukukhangela ubuthathaka kwiiwebhusayithi?
Unokusebenzisa iGoogle Dorks ukukhangela ubuthathaka kwiiwebhusayithi ngokuchonga iipatheni ezithile kwii-URL, ukukhangela abalawuli abaveziweyo, ukukhangela iifayile ezibuthathaka, okanye ukukhangela imiyalezo yempazamo enokuveza ulwazi olubuthathaka. Kubalulekile ukwenza oko ngokuziphatha kunye nokuhlonela izinto zabucala zabanye.
Ngaba kukho uluntu lwe-intanethi okanye iiforam apho iGoogle Dorks ixoxwa kwaye kwabelwana ngayo?
Ewe, kukho uluntu olukwi-intanethi kunye neeforam apho iingcali zokhuseleko lolwazi kunye nabanomdla babelane ngolwazi, ubuchule, kwaye baxoxe ngokusetyenziswa kweGoogle Dorks. Ezi zithuba zinokuba luncedo ekufundeni, ukwabelana ngolwazi kunye nokuhamba kunye neendlela zamva nje zokusetyenziswa kweedorki.
Ezinye iiforamu kunye noluntu lwe-intanethi apho ulwazi malunga nokusetyenziswa kweGoogle Dorks kunye nokhuseleko lwekhompyuter kuxoxwe kwaye kwabelwana ngalo zezi:
- Sebenzisa i-Database Community: Uluntu olukwi-intanethi oluzinikele kukhuseleko lwekhompyuter kunye nokwabelana ngolwazi malunga nokuba semngciphekweni kunye nokuxhaphaza. (https://www.exploit-db.com/)
- I-Reddit - r/NetSec: I-subreddit enikezelwe kukhuseleko lwekhompyuter, apho iingcali kunye nabanomdla babelana ngeendaba ezinxulumene nokhuseleko, iingxoxo kunye nobuchule. (https://www.reddit.com/r/netsec/)
- Uluntu lwe-HackerOne: Uluntu lwabahlaseli bokuziphatha kunye nabaqeqeshi bezokhuseleko kwi-intanethi, apho ubuthathaka, iindlela zokukhusela zixutyushwa, kwaye iziphumo zabelwana ngazo. (https://www.hackerone.com/community)
- INethiwekhi ye-Ethical Hacker: Uluntu lwe-intanethi lwabasebenzi bokhuseleko lolwazi kunye nabahlaseli bokuziphatha, apho izibonelelo zabelwana ngazo, ubuchule buxoxwa, kunye nokusebenzisana. (https://www.ethicalhacker.net/)
- I-SecurityTrails Community Forum: Iforamu yokhuseleko kwi-intanethi apho iingcali zokhuseleko kunye nabanomdla baxoxa ngezihloko ezinxulumene nokhuseleko lwekhompyutha, kuquka nokusetyenziswa kweGoogle Dorks. (https://community.securitytrails.com/)
| Google Dork Type | Umzekelo kaGoogle Dork |
|---|---|
| uphendlo olusisiseko | isihloko: "igama elingundoqo" |
| inurl:"igama elingundoqo" | |
| uhlobo lwefayile: "uhlobo lwefayile" | |
| indawo: "domain.com" | |
| indawo yokugcina: "URL" | |
| ikhonkco: “URL” | |
| Ukhuseleko lwekhompyuter | umbhalo:"Impazamo yeSQL" |
| umxholo: "igama lokugqitha livuzisiwe" | |
| umxholo: "iisetingi zokhuseleko" | |
| inurl:"admin.php" | |
| isihloko: "iphaneli yokulawula" | |
| indawo: "domain.com" ext:sql | |
| Ulwazi oluyimfihlo | umxholo:"ulwazi oluyimfihlo" |
| isihloko: "ifayile yegama lokugqithisa" | |
| uhlobo lwefayile: docx "imfihlo" | |
| inurl:"ifayile.pdf" isicatshulwa:"inombolo yokhuseleko loluntu" | |
| inurl:"ugcino" ext:sql | |
| isihloko: "directory index" | |
| ukuhlola iwebhusayithi | indawo:domain.com "ngena" |
| indawo:domain.com "isalathisi se" | |
| indawo:domain.com isihloko: "ifayile yegama lokugqithisa" | |
| indawo: domain.com ext: php umbhalo: "impazamo yeSQL" | |
| indawo:domain.com inurl: "admin" | |
| indawo:domain.com uhlobo lwefayile:pdf | |
| abanye | allinurl:"igama elingundoqo" |
| allintext:"igama elingundoqo" | |
| ezinxulumene: domain.com | |
| ulwazi:domain.com | |
| chaza: "igama" | |
| incwadi yefowuni: "igama loqhagamshelwano" |