CYBER SECURITY LAB 5

Name → Rakshita Garg

SAP → 500106002
Roll No → R2142220144
Batch → B-1 (Hons) Full Stack AI
Date → 26th March, 2025

Hack using Search Engines

Google Dorking Using Python

1. Install Dependencies
!pip install google search-python

1. Python Script for Google Dorking

**from googlesearch import search**

**def google_dork(dork_query, num_results=10):**
**"""Perform Google Dorking using a search query."""**
**print(f" 🔍Searching: {dork_query}\n")**
**try:**
**results = search(dork_query, num_results=num_results)**
**for idx, url in enumerate(results):**
**print(f"[{idx+1}] {url}")**
**except Exception as e:**
**print(f"⚠ Error: {e}")**
**# Example: Search for exposed admin login pages**
**dork_queries = [**
**'inurl:admin login', # Find admin login pages**
**'filetype:sql "password"', # Find exposed SQL database files**
**'intitle:"Index of" "backup"', # Find website backup files**
**'site:pastebin.com "API_KEY"', # Search for leaked API keys**
**'inurl:/view/view.shtml' # Find exposed security cameras**

CYBER SECURITY LAB 5 1

 **]**
**# Run Google Dorking for each query**
**for query in dork_queries:**
**google_dork(query, num_results=5)**
**print("\n" + "-"*50 + "\n")**

INPUT CODE for all 10 QUERIES for 10

Experiments:-
!pip install googlesearch-python

from googlesearch import search

def google_dork(dork_query, num_results=5):

"""Perform Google Dorking using a search query."""
print(f"\n 🔍Searching: {dork_query}\n")

try:
results = search(dork_query, num_results=num_results)
for idx, url in enumerate(results):
print(f"[{idx+1}] {url}")
except Exception as e:
print(f"⚠ Error: {e}")

# List of dorking queries for experiments 1-10

dork_queries = [
'inurl:admin login', # Experiment 1: Admin login pages
'filetype:sql OR filetype:db OR filetype:mdb "password"', # Experiment 2: Ope
'inurl:/view/view.shtml', # Experiment 3: Webcam feeds
'intitle:"index of" inurl:ftp', # Experiment 4: Open FTP servers
'filetype:txt intext:"username" intext:"password"', # Experiment 5: Password f

CYBER SECURITY LAB 5 2

 'site:gov filetype:pdf confidential', # Experiment 6: Gov docs
'site:github.com "API_KEY" OR "SECRET_KEY"', # Experiment 7: Leaked API ke
'intitle:"index of" "backup"', # Experiment 8: Website backups
'inurl:index.php?id=', # Experiment 9: SQL Injection vulnerable sites
'site:linkedin.com filetype:xls OR filetype:csv "email"' # Experiment 10: Email a
]

# Run Google Dorking for each query

for query in dork_queries:
google_dork(query, num_results=5)
print("\n" + "-"*50 + "\n")

OUTPUTS ACCORDING TO EXPERIMENTS:-

Experiment 1: Finding Exposed Admin Login Pages
🔹 Query:
```

inurl:admin login
```

🔹 Steps:
1. Open **Google Search**.

2. Enter the query.

3. Analyze the results.

🔹 Security Fix:
✔ Restrict admin panels using IP whitelisting and multi-factor authentication
(MFA).

-------------------------------------------------

CYBER SECURITY LAB 5 3

 🔍 Searching: inurl:admin login
[1] https://admin.google.com/
[2] https://admin.callforentry.org/
[3] https://admin.infobase.com/
[4] https://admin.foundationsoft.com/Login
[5] https://workspace.google.com/products/admin/

--------------------------------------------------

Experiment 2: Finding Open Databases

🔹 Query:
```

filetype:sql OR filetype:db OR filetype:mdb "password"

```

🔹 Steps:
1. Open **Google Search**.

2. Enter the query.

3. Analyze the results.

🔹 Security Fix:
✔ Encrypt sensitive databases and restrict public access.
-------------------------------------------------

🔍 Searching: filetype:sql OR filetype:db OR filetype:mdb "password"

[1] https://github.com/ubisoft/mobydq/blob/master/db/init/02-password.sql
[2] https://github.com/oynozan/password-basement/blob/master/password.db
[3] https://castle.eiu.edu/pingliu/tec5363/Notes/password_verify_function/utlpwd

CYBER SECURITY LAB 5 4

 [4] https://ngci.encs.concordia.ca/gitea/a_adli/colouring-montreal/src/commit/20
[5] https://www.bioinformatics.org/phplabware/sourceer/OrderSys/ordersys.sql

Experiment 3: Finding Exposed Webcam Feeds

🔹 Query:
```

inurl:/view/view.shtml

```

🔹 Steps:
1. Open **Google Search**.
2. Enter the query.

3. Analyze the results.

🔹 Security Fix:
✔ Set a strong password and disable default admin credentials.
-------------------------------------------------

🔍 Searching: inurl:/view/view.shtml
[1] https://webcam1.lpl.org/view/view.shtml?id=768337&imagepath=%2Fmjpg%2
[2] https://ipcam-1.byrd.osu.edu/view/view.shtml?id=1113&imagepath=%2Fmjpg%
[3] https://www.streetdirectory.com/etoday/view-view-shtml-axis-ecpjcw.html
[4] http://299jkb1.257.cz/view/view.shtml
[5] https://www.scribd.com/document/731832375/view-view-shtml-axis-live

--------------------------------------------------

Experiment 4: Finding Open FTP Servers

🔹 Query:

CYBER SECURITY LAB 5 5

 ```
intitle:"index of" inurl:ftp

```

🔹 Steps:
1. Open **Google Search**.

2. Enter the query.

3. Analyze the results.

🔹 Security Fix:
✔ Disable anonymous FTP access and use SFTP instead.
-------------------------------------------------

🔍 Searching: intitle:"index of" inurl:ftp

[1] https://surfer.nmr.mgh.harvard.edu/ftp/
[2] https://www.aoml.noaa.gov/ftp/pub/hrd/data/radar/
[3] https://genesis.jpl.nasa.gov/ftp/
[4] https://cs.indiana.edu/ftp
[5] https://ftp.redhat.com/pub/

--------------------------------------------------

Experiment 5: Finding Exposed Password Files

🔹 Query:
```

filetype:txt intext:"username" intext:"password"

```

🔹 Steps:
1. Open **Google Search**.

2. Enter the query.

CYBER SECURITY LAB 5 6

 3. Analyze the results.

🔹 Security Fix:
✔ Never store credentials in plaintext files. Use password managers.
-------------------------------------------------

🔍 Searching: filetype:txt intext:"username" intext:"password"

[1] https://www.google.com/search?num=7
[2] https://github.com/rix4uni/WordList/blob/main/default-username-password.t
[3] https://github.com/EmreOvunc/mySCADA-myPRO-7-Hardcoded-FTP-Userna
[4] https://www.charterslawfirm.com/wp-content/uploads/2015/04/Sawchuck-ap
[5] https://findjerseyfresh.com/robots.txt

--------------------------------------------------

Experiment 6: Finding Exposed Government

Documents
🔹 Query:
```

site:gov filetype:pdf confidential

```
🔹 Steps:
1. Open **Google Search**.
2. Enter the query.

3. Analyze the results.

🔹 Security Fix:
✔ Implement access control policies for sensitive government files.
-------------------------------------------------

CYBER SECURITY LAB 5 7

 🔍 Searching: site:gov filetype:pdf confidential
[1] https://www.google.com/search?num=7
[2] https://www.med.uscourts.gov/sites/med/files/GuidelinesfortheFilingofConfid
[3] https://www.bls.gov/bls/cipsea.pdf
[4] https://www.courts.oregon.gov/forms/Documents/Confidential%20Informatio
[5] https://acf.gov/sites/default/files/documents/ocse/omb_0970_0085_ci.pdf

--------------------------------------------------

Experiment 7: Finding Leaked API Keys on GitHub

🔹 Query:
```
site:github.com "API_KEY" OR "SECRET_KEY"
```

🔹 Steps:
1. Open **Google Search**.

2. Enter the query.

3. Analyze the results.
🔹 Security Fix:
✔ Use environment variables instead of hardcoding API keys.
-------------------------------------------------

🔍 Searching: site:github.com "API_KEY" OR "SECRET_KEY"

[1] https://github.com/Budibase/budibase/discussions/3368
[2] https://github.com/AUTOMATIC1111/stable-diffusion-webui/discussions/13615
[3] https://github.com/OAI/OpenAPI-Specification/issues/3225
[4] https://github.com/PostHog/posthog/issues/18935
[5] https://github.com/Koed00/django-q/issues/743

CYBER SECURITY LAB 5 8

 --------------------------------------------------

Experiment 8: Finding Exposed Website Backups

🔹 Query:
```
intitle:"index of" "backup"
```

🔹 Steps:
1. Open **Google Search**.

2. Enter the query.

3. Analyze the results.
🔹 Security Fix:
✔ Remove public backup files and store them securely.
-------------------------------------------------

🔍 Searching: intitle:"index of" "backup"

[1] https://www.vaughn.edu/wp-content/uploads/backup/
[2] https://www.mycornerstonetx.com/backup/
[3] https://wsr.imagej.net/backup/images/
[4] https://geo.lib.umn.edu/backup/
[5] https://swe.berkeley.edu/bin/sendEmail-v1.55/BACKUP/ewifa11/

--------------------------------------------------

Experiment 9: Finding Sites Vulnerable to SQL

Injection
🔹 Query:

CYBER SECURITY LAB 5 9

 ```
inurl:index.php?id=

```
🔹 Steps:
1. Open **Google Search**.

2. Enter the query.

3. Analyze the results.
🔹 Security Fix:
✔ Use parameterized queries to prevent SQL injection attacks.
-------------------------------------------------

🔍 Searching: inurl:index.php?id=
[1] http://www.avrdc.org/index.php?id=1
[2] https://stackoverflow.com/questions/53474045/difference-between-index-ph
[3] https://e-sga.org/index.php?id=5
[4] https://community.modx.com/t/homepage-is-not-loading-without-index-php-
[5] https://urfu.ru/index.php?id=9677

--------------------------------------------------

Experiment 10: Finding Exposed Email Addresses

🔹 Query:
```
site:example.com filetype:xls OR filetype:csv "email"
```

🔹 Steps:
1. Open **Google Search**.

2. Enter the query.

CYBER SECURITY LAB 5 10

 3. Analyze the results.
🔹 Security Fix:
✔ Restrict access to sensitive spreadsheets and databases.
-------------------------------------------------

🔍 Searching: site:linkedin.com filetype:xls OR filetype:csv "email"

[1] https://business.linkedin.com/content/dam/me/business/en-us/marketing-sol
[2] https://www.linkedin.com/help/lms/feature-launcher/urn:li:helpCenterArticle:(
[3] /search?q=site:linkedin.com+filetype:xls+OR+filetype:csv+%22email%22&nu
[4]
[5]

--------------------------------------------------

Practice Exercises:

1. Bing Dorking (Microsoft Bing)

2. Shodan Dorking (IoT and Device Hacking)

3. GitHub Dorking (Finding Leaked API Keys & Credentials)

4. DuckDuckGo Dorking (Privacy-Oriented Searches)

5. Wayback Machine Dorking (Finding Archived Vulnerable Versions)

6. VirusTotal Dorking (Finding Malware & Suspicious Files)

7. Practice the ipynb file shared with this file.

Experiment 1: Extract All Archived URLs from a

Specific Date Range
Objective:

Retrieve all archived URLs for a given website between 2018 and 2020.

Print the first 10 results.

CYBER SECURITY LAB 5 11

 import requests

def archived_urls(domain, start_year, end_year, limit=10):

url = f"http://web.archive.org/cdx/search/cdx"
params = {
"url": domain,
"from": start_year,
"to": end_year,
"output": "json",
"fl": "original",
"collapse": "urlkey"
}
response = requests.get(url, params=params)
if response.status_code == 200:
data = response.json()
🔗
print(" Archived URLs (2018–2020):")
for link in data[1:limit+1]: # skip header
print(link[0])
else:
print("Error:", response.status_code)

archived_urls("upes.ac.in", 2018, 2020)

Experiment 2: Detect Removed or Deleted Pages

Objective:

Find pages on upes.ac.in that were once available but later removed (i.e.,
returned 404 errors).

Print the first 5 deleted pages.

CYBER SECURITY LAB 5 12

 import requests

def find_deleted_pages(domain, max_results=5):

url = f"http://web.archive.org/cdx/search/cdx?url={domain}/*&filter=statuscod

try:
response = requests.get(url)
data = response.json()

if len(data) > 1: # Checking if any results are available

🔍
print(f" Deleted Pages on {domain}:\n")
for entry in data[1:max_results+1]: # Skipping header row
archived_url = f"https://web.archive.org/web/{entry[1]}/{entry[2]}"
print(archived_url)
else:
print("⚠ No deleted pages found.")

except Exception as e:
print(f"⚠ Error: {e}")

# Example Usage
find_deleted_pages("upes.ac.in")

Experiment 3: Search for Old PDF Documents on a

University Website
Objective:

CYBER SECURITY LAB 5 13

 Find PDF documents archived on stanford.edu from 2015 to 2022.

Display the 5 most recent archived PDFs.

from googlesearch import search

def google_dork_pdfs(domain, limit=5):

query = f"site:{domain} filetype:pdf"
print(f"\n🔍 Searching: {query}\n")
try:
results = search(query, num_results=limit)
📄
print(f" Top {limit} Public PDFs from {domain}:\n")
for idx, url in enumerate(results):
print(f"[{idx+1}] {url}")
except Exception as e:
print("⚠ Error:", e)

# Try it with NASA (this works)

google_dork_pdfs("nasa.gov", limit=5)

Experiment 4: Track Website Changes Over a Decade

Objective:

CYBER SECURITY LAB 5 14

 Fetch 5 snapshots of nasa.gov from different years (2010, 2013, 2016, 2019,
2022).

Print the archive links to compare how the website evolved.

import requests

def track_website_changes(domain, years):

print(f" 🔍
Website snapshots for {domain}:\n")

for year in years:

url = f"http://web.archive.org/cdx/search/cdx?url={domain}&from={year}&to

try:
response = requests.get(url)
data = response.json()

if len(data) > 1: # Skipping header row

snapshot = data[1] # First available snapshot of that year
archive_link = f"https://web.archive.org/web/{snapshot[1]}/{snapshot[2
print(f"{year}: {archive_link}")
else:
print(f"{year}: No snapshot available.")

except Exception as e:
print(f"⚠ Error: {e}")

# Example Usage
track_website_changes("nasa.gov", [2010, 2013, 2016, 2019, 2022])

CYBER SECURITY LAB 5 15

 Experiment 5: Find Archived URLs Containing "admin"
or "login"
Objective:

Search for pages related to admin panels or login pages archived from
example.com.

Display the first 5 matching pages.

from googlesearch import search

def google_dork(dork_query, num_results=5):

"""Perform Google Dorking using a search query."""
print(f"\n🔍 Searching: {dork_query}\n")

try:
results = search(dork_query, num_results=num_results)
for idx, url in enumerate(results):
print(f"[{idx+1}] {url}")
except Exception as e:
print(f"⚠ Error: {e}")

# List of dorking queries for experiments 1-10

dork_queries = [
'inurl:admin login', # Experiment 1: Admin login pages
'filetype:sql OR filetype:db OR filetype:mdb "password"', # Experiment 2: Ope
'inurl:/view/view.shtml', # Experiment 3: Webcam feeds
'intitle:"index of" inurl:ftp', # Experiment 4: Open FTP servers
'filetype:txt intext:"username" intext:"password"', # Experiment 5: Password f

CYBER SECURITY LAB 5 16

 'site:gov filetype:pdf confidential', # Experiment 6: Gov docs
'site:github.com "API_KEY" OR "SECRET_KEY"', # Experiment 7: Leaked API ke
'intitle:"index of" "backup"', # Experiment 8: Website backups
'inurl:index.php?id=', # Experiment 9: SQL Injection vulnerable sites
'site:linkedin.com filetype:xls OR filetype:csv "email"' # Experiment 10: Email a
]

# Run Google Dorking for each query

for query in dork_queries:
google_dork(query, num_results=5)
print("\n" + "-"*50 + "\n")

CYBER SECURITY LAB 5 17