Googling SecurityFocus

Google hacking is a well-known phenomenon.It consists of using Google’s advanced operators to search forsensitive files or other security issues in content that Google hasindexed. Various techniques and examples have been developed to findsuch things as password files, web-cam management interfaces, etc.Ultimately, Google hacking has revealed data management issues thatcause sensitive information to be exposed to the public. This is stillan ongoing issue for many organizations.

Of course, Google’s advanced operators were initially intended formore benevolent purposes. I like to think of this as another form ofGoogle hacking. Searching Google without fine-tuning your search termsis like drinking from the fire hose. Many people never bother to learnthe advanced search operators that really let you nail down results.Therefore, I thought I would throw together some examples of how I usethe advanced operators every day to query SecurityFocus.

Explanations of the operators used in these queries can be found here.

1. Searching the exploit archive for exploits that are written in C:

site:securityfocus.com inurl:/vulnerabilities/exploits ext:c

2. Searching the exploit archive for exploits that are written in C or Perl:

site:securityfocus.com inurl:vulnerabilities/exploits ext:c OR ext:pl

3. Searching the news archive for references to the Metasploit framework:

site:securityfocus.com inurl:news metasploit

4. Searching for BIDs that were discovered by Michal Zalewski:

site:securityfocus.com inurl:bid "michal zalewski"

5. Searching for BIDs that were discovered by Michal Zalewski, but did not affect Mozilla:

site:securityfocus.com inurl:bid "michal zalewski" –mozilla

6. Searching for Mozilla BIDs:

site:securityfocus.com inurl:bid mozilla

or

site:securityfocus.com inurl:bid intitle:mozilla

7. Searching the Bugtraq message archive for Gentoo advisories:

site:securityfocus.com inurl:archive/1 inurl:threaded "glsa-"

8. Searching BIDs that reference Microsoft bulletins from 2005 or 2006:

site:securityfocus.com inurl:bid inurl:references "ms05-" OR "ms06-"

Once you understand how the advanced search operators work, thepower of your searches is limited only by your own creativity and yourunderstanding of the content you’re searching. A good guide to usingadvanced Google searching can be found here.