google-dorks

The google-dorks tool is designed for reconnaissance within automated security workflows, enabling users to search for specific entities in publicly available documents via Google search queries. Its primary function is to uncover sensitive information that may be inadvertently exposed online.

Ideal Use Cases & Fit

This tool excels in situations where security teams need to perform targeted searches for data leaks, like credentials or confidential documents, associated with specific keywords. It is ideally employed during the initial reconnaissance phase of a security assessment, particularly for web applications or platforms that might host user-uploaded content. The tool is not suitable for real-time monitoring or exhaustive data scraping tasks.

Value in Workflows

Integrating google-dorks into security workflows enhances the reconnaissance stage by automating the search for sensitive data leaks across various platforms. By providing quick insights into exposed documents, it enables security teams to assess potential risks and prioritize remediation efforts early in the engagement, thereby streamlining the overall security assessment process.

Input Data

The tool requires input data in a specific format to function effectively:

• Format: Newline-separated Google dorks.
• Function: Specify the target for the search.
• Required Fields:
  • An example input could be:

    site:example.com
    intitle:example1

Configuration

• keyword: Specifies the search keyword to be used in the dork queries, replacing the placeholder $KEYWORD. This parameter is mandatory.
• max_results: Sets the maximum number of results to return per dork query, with a default value of 100. This parameter is optional.
• proxy: Defines the proxy to use for making requests, which is required for the tool to function properly. The default is set to PROXY_FULL.