4 Google Searches to Run on Your Own Company

Recommended Google hacking points from Nish Bhalla, founder of the consultancy Security Compass

inurl:csoonline.com -www

What you're looking for: registered domains

At most companies, the primary public domain starts with www, as in www.csoonline.com. This search lets you look at URLs Google has crawled that contain your com­pany's domain name but not the letters www. It can identify other domains that your company has made public, such as www2.csoonline.com or email.csoonline.com.

Its purpose is twofold. You might not want all those domains crawled by search engines. If not, you have some work to do in reconfiguring those systems. If you do want the domains made public, be sure to include them in the rest of the searches you do.

"http://*:*@www.csoonline.com"

What you're looking for: passwords

The protocol for a user name and password is "username:password". For example, if my user name were "csowriter" and my password were "cat," it would appear (if published) as "csowriter:cat". Using the "*:*" string (the asterisk is a wild card) allows you to look for any data that fits this format that has been posted either inadvertently on your own website or maliciously elsewhere on the Web. Be warned, however, that this search reveals a lot of false positives.

While you're at it, another way to look for passwords is by searching your site for the text "index.of.password". This searches for a directory named "password," which may contain some interesting files. Here, no hits is a good thing.

intitle:"Apache Tomcat" "error report" site:csoonline.com

What you're looking for: technologies used

If your company inadvertently exposes the types of technologies it uses, hackers can exploit that information. Suppose you use Apache Web servers. A misconfigured Apache Web server commonly produces a page with "Apache Tomcat" in the title and "error report" in the text. If you search the Web, you'll find numerous websites that have inadvertently revealed they are running on Apache Web servers. Adding the "site:csoonline.com" string at the end limits the search to one domain.

Once a hacker knows your company is running an Apache Web server, he can run targeted searches. For instance, Apache also produces error messages that begin with "access denied for user" and "using password," which may reveal user names and passwords. So you can search for those strings too.

Mind you, this is just an example. Figure out what common error messages are generated by the Web servers and application servers that your company uses, and then run site searches for those.

intitle:Remote.Desktop.Web.Connection site:csoonline.com

What you're looking for: log-in portals

Remote Desktop is a piece of software used by IT admins to gain remote access to computers—either to do maintenance on remote laptops, or to log on to office computers from home to fix a problem. But these portals can also provide a useful back door, because they give the hacker a place to try to enter user names and passwords.

Again, modify the search to fit your company's technology. For instance, "VNC Desktop inurl:5800 site:csoonline.com" will help you find log-ins for Virtual Desktop Computer, another popular type of remote access software.

–Sarah D. Scalet

Copyright © 2006 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)