+---------------------------------------------------------------+

| Table of contents |
+---------------------------------------------------------------+
| 0x01 INTRODUCTION............................. |
| 0x02 DOXXING INFORMATION..................... |
| 0x03 IP HUNTING............................... |
| 0x04 OSINT TOOLS.............................. |
| 0x05 GOOGLE DORKING........................... |
+---------------------------------------------------------------+
██████╗ ██████╗ ██╗ ██╗██╗ ██╗██╗███╗ ██╗ ██████╗ ██████╗ ██████╗
██╔══██╗██╔═══██╗╚██╗██╔╝╚██╗██╔╝██║████╗ ██║██╔════╝ ╚════██╗ ██╔═████╗
██║ ██║██║ ██║ ╚███╔╝ ╚███╔╝ ██║██╔██╗ ██║██║ ███╗ █████╔╝ ██║██╔██║
██║ ██║██║ ██║ ██╔██╗ ██╔██╗ ██║██║╚██╗██║██║ ██║ ██╔═══╝ ████╔╝██║
██████╔╝╚██████╔╝██╔╝ ██╗██╔╝ ██╗██║██║ ╚████║╚██████╔╝ ███████╗██╗╚██████╔╝
╚═════╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝╚═╝ ╚═══╝ ╚═════╝ ╚══════╝╚═╝ ╚═════╝
██████╗ ██╗ ██╗██╗██████╗ ███████╗
██╔════╝ ██║ ██║██║██╔══██╗██╔════╝
██║ ███╗██║ ██║██║██║ ██║█████╗
██║ ██║██║ ██║██║██║ ██║██╔══╝
╚██████╔╝╚██████╔╝██║██████╔╝███████╗
╚═════╝ ╚═════╝ ╚═╝╚═════╝ ╚══════╝

+---------------------------------------------------------------+
| 0x01 INTRODUCTION |
+---------------------------------------------------------------+
+---------------------------------------------------------------+
+---------------------------------------------------------------+
+-----------------------------------------------------------------------+
| What is Doxing? |
| Doxing or Doxxing is the act of publicly revealing |
| previously private person information about an individual |
| or organization, usually through the internet. Methods Employed |
| to acquire such information include searching publicly available |
| databases and social media websites, hacking, and social engineering. |
+-----------------------------------------------------------------------+
+----------------------------------------------------------------------------------
---------------------------------+
| Doxing often involves hackers attempting to embarrass or shame individuals by
publishing confidential information,|
| images or videos obtained from their personal accounts.
|
| Initially, doxxing was used by hackers to "out" the identities of fellow bad
actors/hackers. |
| However, more recently, it has been used to attack users with opposing
viewpoints. |
+----------------------------------------------------------------------------------
---------------------------------+

+---------------------------------------------------------------+
| 0x02 DOXXING INFORMATION |
+---------------------------------------------------------------+
In a doxing attack, hackers might publish someone's:

????Real name

????Telephone number
????Social Security number

????Home address

????Employer

????Credit card numbers

????Bank account numbers

????Personal photographs

????Social media profiles

========================================
How does doxing work
Running a WHOIS search on a domain name
Tracking Usernames
Phishing
Stalking Social Media
Checking Goverment Records
Google Dorking
Tracking IP address
Reverse Mobile phone lookup
Packet Sniffing
Data Brokers(Leaked Data)
Searching on Darkweb
Examples of Doxing

1. Celebrity Doxxing
It’s not uncommon for journalists to find out a celebrity’s personal life
information and to publish such gossip on their media platforms.
However, doxxing isn’t your regular entertainment news.
Here, the hacker publishes the celebrity’s sensitive information such as their
payment card info,
email address, social security number or phone numbers.

2. Faulty Doxxing
Sometimes, doxxing is done by internet vigilantes who can’t be bothered to properly
research or investigate their victims to ensure they have the right person.
Instead, they wrongly link people to activities or situations that are unrelated to
them. Due to such “faulty” doxing, hence the name, innocent people face:
reputation loss,
employment loss,
harassment,
physical harm, or
loss of life.

3. Revenge Doxxing
Sometimes, people use doxing as a means of taking revenge.
They publish their enemy’s some publicly identifying information online to cause
them shame.

4. Swatting Doxxing
Another method of doxing is known as “swatting.”
This occurs when a person wrongly accuses someone of a crime and sends police (or a
SWAT team, hence “swatting”) to the victim’s address to cause them harassment.
However, often such doxxing can prove fatal for the victim.

5. Crime Doxxing
While the swatting is done for fun, there are some people that use doxxing to
execute serious crimes like murder.
They reveal their enemies’ personal information online and provoke others to harm
them.
The motive can be personal revenge or showing disagreement or hatred towards any
specific cause, religion, activity or race.

How you get doxxed?

???? Username Doxing

https://i.imgur.com/nd4awlK.png

????Whois and Domain More

https://i.imgur.com/bRzkOC9.png

????PHISHING
https://i.imgur.com/UmvkFfl.png

????Stalking Social Media

https://i.imgur.com/Km1g8X5.png

????Facebook Doxing
https://i.imgur.com/4GDJZGd.png

????Instagram Doxing
https://i.imgur.com/UrVUMkp.png

????Email Doxing
https://i.imgur.com/LZJuRJw.png

????Twitter Doxing
https://i.imgur.com/QOxFKIS.png

????Telegram Doxing
https://i.imgur.com/3AKMxUa.png

????Media And Dating Doxing

https://i.imgur.com/cqW4dQc.png

????LinkedIn Doxing
https://i.imgur.com/rWcLzID.png

????Indian Goverment Data Doxing

https://i.imgur.com/vg27lhm.png

????IP Locators
https://i.imgur.com/g8ixeq7.png

????Ip Hunting
https://i.imgur.com/wf83f6i.png

????Reverse Phone Lookup

https://i.imgur.com/0FZXm9f.png

????Search Engine Doxing

https://i.imgur.com/k2yTAiC.png

????Scientific Search Engine

https://i.imgur.com/jVv1Jvo.png

????Specific Search Engines

https://i.imgur.com/sqgU5Yo.png

????Vehicles Search
https://i.imgur.com/deGrDH1.png

????Archives Data
https://i.imgur.com/gGsiKQp.png

????Directories
https://i.imgur.com/9ZPxcWB.png

????Mac Address
https://i.imgur.com/KBxoTrU.png

????EXIF Data
https://i.imgur.com/raKnyDv.png

????Company Search
https://i.imgur.com/chfAsf7.png

????PNG and JPEG Exif

https://i.imgur.com/XWcNPQQ.png

????Documents Doxing
https://i.imgur.com/tQQt8Af.png

????Crypto Doxing
https://i.imgur.com/OHhNP5v.png

????File Uploader
https://i.imgur.com/apPA8EQ.png

????Reverse Image Search

https://i.imgur.com/rtrYwwI.png

????URL Analysis
https://i.imgur.com/xeRneM8.png

????Ebooks and PDFs

https://i.imgur.com/bkkryjO.png

????Fake Mails
https://i.imgur.com/oJxf4fB.png

????Maps Data
https://i.imgur.com/H6mWp9x.png

????Data Leaks
https://i.imgur.com/3BsDhol.png

????IOT Search Engines

https://i.imgur.com/ZECah82.png

How to clear your tracks?

While doing doxing don't forget to use vpn,and proxies . Some tools that will help
you remove your searches

❤️‍???? Data Destruction Tools

DBAN https://dban.org

The free version supports HDD only.

Eraser www.heidi.ie/eraser/ Open source; supports SSD.

CCleaner www.piriform.com/ccleaner Drive wiper and Windows trace cleaner.

SDelete https://technet.microsoft.com/

en-us/sysinternals/sdelete.aspx

Erases data according to DOD 5220.22-M.

❤️‍???? SSD Data-Erasing Tools

Tool URL

Intel Solid State Drive Toolbox https://downloadcenter.intel.com/download/26574?v=t

Corsair SSD Toolbox www.corsair.com/en-eu/support/downloads

Samsung Magician www.samsung.com/semiconductor/minisite/ssd/download/tools.html

SanDisk SSD https://kb.sandisk.com/app/answers/detail/a_id/16678/~/secure-erase-

and-sanitize

How can I protect myself from Doxing?

Adjust your social media settings:Ensure that your profiles, usernames/handles are
kept private
Remove any addresses, places of work, and specific locations from your accounts
Set your posts to “friends only"
Avoid discussing personal information that could be used against you, as well as
anything that can identify your address, workplace or contact information
Use a Virtual Private Network (VPN) and aIf you must use public wi-fi, turn off the
public network sharing functionality on your device
Use strong passwords
Vary usernames and passwords across platforms
Hide domain registration information from WHOIS (a database of all registered
domain names on the web)
Don't be afraid after getting doxed its your publicly shared information, so don't
worry about it, otherwise attacker use you, don't pay money if you get doxed.
Be Safe From Cat Phishing
Join CIDHUB For More Knowledge

Is doxing is Illegal ?
Doxxing is immoral and illegal,
and if you are discovered bothering individuals and disclosing their personal
information,
you could face serious legal consequences, including imprisonment.
Detecting and prosecuting these types of crimes is often challenging for law
enforcement.
In India you get punishment under IT ACT 2000 for doxing or identity theft.

What is legal Way of Doxing ?

We can say that Open Source Intelligence is the legal way of Doxing.

Intelligence agencies use OSINT to track events,

equipment such as weapons systems, and people.
These are the 'targets of interest' (ToIs).
But hackers use OSINT to identify technical vulnerabilities
as well as human targets for phishing and social engineering attacks.Law Firms.
Lawyers and private investigators can ethically and legally utilize
OSINT techniques – especially information found on social media platforms –
in legal and litigation intelligence to collect evidence and research about any
suspect or potential juror.

+---------------------------------------------------------------+
| 0x03 IP HUNTING |
+---------------------------------------------------------------+
IP HUNTING TRICKS 2022

TODAY WE ARE GOING TO LEARN HOW TO HUNT IP OF SCAMMERS AND FRAUDSTERS.

BEFORE STARTING LET US UNDERSTAND WHAT IS IP HUNTING.

What is IP address?
An IP address is a unique address that identifies a device on the internet or a
local network.
IP stands for "Internet Protocol," which is the set of rules governing the format
of data sent via the internet or local network.

In essence, IP addresses are the identifier that allows information to be sent

between devices on a network:
they contain location information and make devices accessible for communication.
The internet needs a way to differentiate between different computers, routers, and
websites.
IP addresses provide a way of doing so and form an essential part of how the
internet works.

Types of IP addresses
There are different categories of IP addresses, and within each category, different
types.

Consumer IP addresses
Every individual or business with an internet service plan will have two types of
IP addresses:
their private IP addresses and their public IP address. The terms public and
private relate to the network location
— that is, a private IP address is used inside a network, while a public one is
used outside a network.
Private IP addresses
Every device that connects to your internet network has a private IP address.
This includes computers, smartphones, and tablets but also any Bluetooth-enabled
devices like speakers,
printers, or smart TVs. With the growing internet of things, the number of private
IP addresses you have at home is probably growing. Your router needs a way to
identify these items separately,
and many items need a way to recognize each other.
Therefore, your router generates private IP addresses that are unique identifiers
for each device that differentiate them on the network.

Public IP addresses
A public IP address is the primary address associated with your whole network.
While each connected device has its own IP address,
they are also included within the main IP address for your network.
As described above, your public IP address is provided to your router by your ISP.
Typically, ISPs have a large pool of IP addresses that they distribute to their
customers.
Your public IP address is the address that all the devices outside your internet
network will use to recognize your network.

Public IP addresses
Public IP addresses come in two forms – dynamic and static.

Dynamic IP addresses
Dynamic IP addresses change automatically and regularly.
ISPs buy a large pool of IP addresses and assign them automatically to their
customers.
Periodically, they re-assign them and put the older IP addresses back into the pool
to be used for other customers.
The rationale for this approach is to generate cost savings for the ISP.
Automating the regular movement of IP addresses means they don’t have to carry out
specific actions to re-establish a customer's IP address if they move home,
for example. There are security benefits, too, because a changing IP address makes
it harder for criminals to hack into your network interface.

Static IP addresses
In contrast to dynamic IP addresses, static addresses remain consistent.
Once the network assigns an IP address, it remains the same. Most individuals and
businesses do not need a static IP address,
but for businesses that plan to host their own server, it is crucial to have one.
This is because a static IP address ensures that websites and email addresses tied
to it will have a consistent IP address
— vital if you want other devices to be able to find them consistently on the web.

This leads to the next point – which is the two types of website IP addresses.

There are two types of website IP addresses

For website owners who don’t host their own server, and instead rely on a web
hosting package
– which is the case for most websites – there are two types of website IP
addresses. These are shared and dedicated.

Shared IP addresses
Websites that rely on shared hosting plans from web hosting providers will
typically be one of many websites hosted on the same server.
This tends to be the case for individual websites or SME websites, where traffic
volumes are manageable,
and the sites themselves are limited in terms of the number of pages, etc. Websites
hosted in this way will have shared IP addresses.

Dedicated IP addresses
Some web hosting plans have the option to purchase a dedicated IP address (or
addresses).
This can make obtaining an SSL certificate easier and allows you to run your own
File Transfer Protocol (FTP) server.
This makes it easier to share and transfer files with multiple people within an
organization and allow anonymous FTP sharing options.
A dedicated IP address also allows you to access your website using the IP address
alone rather than the domain name
— useful if you want to build and test it before registering your domain.

What is IPv4?
IPv4 is an IP version widely used to identify devices on a network using an
addressing system.
It was the first version of IP deployed for production in the ARPANET in 1983.
It uses a 32-bit address scheme to store 2^32 addresses which is more than 4
billion addresses.
It is considered the primary Internet Protocol and carries 94% of Internet traffic.

What is IPv6?
IPv6 is the most recent version of the Internet Protocol.
This new IP address version is being deployed to fulfill the need for more Internet
addresses.
It was aimed to resolve issues that are associated with IPv4. With 128-bit address
space,
it allows 340 undecillion unique address space. IPv6 is also called IPng (Internet
Protocol next generation).

Internet Engineer Taskforce initiated it in early 1994. The design and development
of that suite are now called IPv6.

KEY DIFFERENCE
IPv4 is 32-Bit IP address whereas IPv6 is a 128-Bit IP address.
IPv4 is a numeric addressing method whereas IPv6 is an alphanumeric addressing
method.
IPv4 binary bits are separated by a dot(.) whereas IPv6 binary bits are separated
by a colon(:).
IPv4 offers 12 header fields whereas IPv6 offers 8 header fields.
IPv4 supports broadcast whereas IPv6 doesn’t support broadcast.
IPv4 has checksum fields while IPv6 doesn’t have checksum fields
When we compare IPv4 and IPv6, IPv4 supports VLSM (Variable Length Subnet Mask)
whereas IPv6 doesn’t support VLSM.
IPv4 uses ARP (Address Resolution Protocol) to map to MAC address whereas IPv6 uses
NDP (Neighbour Discovery Protocol) to map to MAC address.
Features of IPv4
Following are the features of IPv4:

Connectionless Protocol
Allow creating a simple virtual communication layer over diversified devices
It requires less memory, and ease of remembering addresses
Already supported protocol by millions of devices
Offers video libraries and conferences
Features of IPv6
Here are the features of IPv6:
Hierarchical addressing and routing infrastructure
Stateful and Stateless configuration
Support for quality of service (QoS)
An ideal protocol for neighboring node interaction

❤️‍????Hunting IP address of our Victim:

Ip Hunting depends on your social engineering skills, here is the ip Hunting custom
script,
just host it on any free hosting, and make your custom webpage like index.html and
host all the files given in zip,
it will not blocked by Instagram or other social media platforms. Use it only for
educational purpose.

What is IP logger?
IP Logger URL Shortener allows you to track and register IP addresses, GPS
locations.

IP Logger URL Shortener provides checking access to IP addresses, checking what my

IP services, counters, and informants are.

Step 1. Go to https://iplogger.org.

Step 2. Select an option. Location Tracking, Image / Link, Invisible Logger

Step 3: For the purposes of this guide, we will use the URL Shortener. Enter the
URL and click Get Logger Code.

Step 4: Copy the IPLogger link to collect statistics (no BB codes)

Step 5: Remember the IPLogger ID (required to access registration statistics!), You

will need this later to get the registered IP addresses.

IP Logger URL Shortener - Log and Track IP addressesEnter any URL or link to any
image on the internet to shorten it and track IP addresses and clicks on your
short…

iplogger.org

⭕Grabify
Grabify IP Logger lets you track who clicked on your links. Find IP addresses from
Facebook, Twitter, friends on other sites.

Step 1: go to https://grabify.link

Step 2. Enter the link to the web page on the Grabify website and click the “Create
URL” button

Step 3: Now you will have a new tracking link, similar, for example.
https://grabify.link/GK9OK5 you can use the button below to change the link domain
to another domain that is less recognizable, or you can use your own domain.

Step 4: Save the tracking code or connection link that you will need to get the IP
addresses of those who clicked on your Grabify link.

Grabify IP Logger & URL ShortenerIf you're not sure on how to use this website,
just take a look at this video. Enter a URL that you want Grabify to…

grabify.link

⭕Blasze
Step 1: Go to https://blasze.com

Step 2. Enter a new URL or tracking code and click Submit.

Step 3. Copy the tracking link.

Step 4. Copy the access code that you will need later to get the registered IP
addresses.

Step 5: Enter the access code at https://blasze.com to receive registered IP

addresses.

https://blasze.com

Whatstheirip

Step 1: Go to the page http://whatstheirip.com

Step 2. Enter your email address and click the “Get Link” button.

Step 3: Copy one of the URLs provided by http://whatstheirip.com.

Step 4: As soon as your friend clicks on one of the URLs, you will receive an email
with the IP address.

whatstheirip.com2019 Copyright. All Rights Reserved. The Sponsored Listings

displayed above are served automatically by a third party…

whatstheirip.com

⭕How to Find IP Address Instagram⭕

You would be amazed if you knew what you could find out about people when you find
their IP address. With some simple skills, you can learn how to find other people’s
IP address on Instagram.

When you know their IP, you’re just a step away from being able to find out their
location, name and other personal information.

And when you know all this information about someone, you can block someone’s
access to your chat room, your content, your website, etc.

Finding out someone’s IP is much easier than it seems at first. In fact, there are
several websites, such as IP Logger and Grabify IP Logger, that can help you do
this quickly and easily.

Here are the steps that you need to follow if you want to know how to get IP
address from Instagram account.

Go to the profile of the person whose IP you want to know.

Click on the three dots next to their username.
Copy their profile URL.
Go to Grabify IP Logger, IP Logger or similar websites.
Paste the link into the bar and click on ‘Create URL’. When the results page opens,
you will see a new link generated.
Optional: If the new link is too long, make sure you shorten it with Google URL
Shortener.
Chat with the person for some time and send them (the shortened) link. It would be
wise to tell them that you want them to see a great picture or read a wonderful
story on this link.
When they click on it, refresh the page in the logger website you used and you will
get the person’s IP address at the bottom of the page.
If you use Facebook or Instagram to chat with the person, you might need to switch
on the ‘Hide Bots’ option in order to get their genuine IP.
If all you needed to know was the person’s IP address, you’re good to go. However,
if you want to know more details about the person, you will need to take a few more
steps.

Go to IP Tracker or other similar websites.

Click on the IP Tracker option.
Paste the IP that you got from one of the IP logger sites and trace it.
Voila! What you got is the name, location, area code, ISP and other detailed
information about the person.
With these thirteen simple steps, you know how to get IP address from Instagram
account. At first, it might seem like spying on people.
But sometimes, that is the only option you have if someone is harassing you on
Instagram.

It is obvious that there is no way to really prevent someone from discovering your
IP. However, there is a way to mask your real IP.

If you want your own server to remain invisible to people on the web, the best
thing you can do is get residential IPs.
With residential proxies, you will get a stable, secure and fast connection, as
well as be untouchable for anyone who tries to identify your IP.

When you use residential proxies, nobody will know how to find IP address from
Instagram profile you are using. Instead, they will only be able to detect the
residential IP and its location.

Nonetheless, this doesn’t mean you should use proxies for malicious activities on
Instagram or any other website.
Proxies are there to offer you anonymity when you want to hide your true
geolocation or in similar situations

ip hunting

???? How To Trace Location Of A Person By Chatting on WhatsApp, Facebook,

Instagram, Snapchat ????

⚜ There are some different methods that you can use according to your convenience
as a complex is a method,
better will be the result. So read out all the methods discussed below and use any
of them to check out the location of any person by chatting on social sites.
✔️ Tracing IP Address Of Person On Facebook Chat Using Command Prompt

☠ By using the command prompt, you can actually trace out the IP address of a
person whom with you are chatting on facebook. Just

???? Follow the steps below to proceed.

1⃣ First of all, start chatting with your friend whose IP address you want to get
and make sure that all other apps and background process must be stopped. Now press
Win+R of your keyboard.

2⃣ Now type cmd and hit enter.

3⃣ Now at the command prompt that appears type netstat -an and hit enter.

4⃣ Now note down the IP address of a person.

5⃣ Now you need to scan that IP address to know the actual location of the person
that you can check out from http://www.ip-adress.com/ip_tracer/

⭕⭕NETSTAT CHEAT SHEET ⭕⭕

????How To Find Open Ports Of Computer System????

????To find open ports on a computer, you can use netstat command line.

????To display all open ports, open DOS command, type netstat and press Enter.

????To list all listening ports, use netstat -an |find /i “listening” command.

????To see what ports your computer actually communicates with, use netstat -an |
find /i “established”
 ????To find specified open port, use find switch. For example, to find if the port
3389 is open or not, do netstat -an |find /i “3389”.

✨ You can use PULIST from the Windows Resource Kit to find which process is using a
specified port. For example, pulist |find /i “4125” may display

Process PID User

mad.exe 4125 Chicagotech/blin

⭕Important commands cmd⭕

1. ping

This command will let you know if your host is currently available.
This means that when the ping command is executed,
the host will send you a reply if it is connected.To use this command,
just enter the phrase ping with the IP or domain of the site or client. for
example:

ping 8.8.8.8ping www.google.com

The response received from the host indicates its status.

The shorter the time in front of the time and the error-free response received,
the higher the connection speed and the more stable the situation.And

2. nslookup

This command has various uses. One of them is finding IP from DNS.
Suppose you know the address of a site but are unaware of its IP.
You can use this command to find out the IP of any site. for example:

nslookup www.google.com

Another application of nslookup in finding IP is a specific server mail.

For example, to find the IP address of Yahoo servers, these commands must be
entered in order:

nslookup set type = mx yahoo.com

And

3. tracert

With this command, you can get good information about the path that a packet takes
in the network to reach its destination.
This command (trickster) is very useful for routing packets sent to the
destination. Example:

tracert 8.8.8.8tracert www.google.com

4. arp

This command displays the arp table for you. In this table, IPs and their MAC
equivalent addresses are stored.
If there is an illegal activity on your network and, for example, a network card
has been replaced without your permission,
you can easily find out through this table:

arp -a

And

5. route

This command gives you complete information about the list of network cards,
routing tables, and portals for each:

route print

6. ipconfig

This command provides useful information about your IP and Gateway, the DNS in use,
and the like:

ipconfig

Or

ipconfig / all

And

Also, if you use dynamic IP and want to change your IP, you can do this with the
following commands:

ipconfig / release ipconfig / renew

7. netstat

This command displays the status of your connections:

netstat

Displays all ports that are in the listening mode and connects with the DNS name:

netstat -a

Display all open and IP connections:

netstat -n

Combining the above two modes:

netstat -an

The following command also displays all folders shared on the destination computer:

net view x.x.x.x.

Or
net view computername

Instead of x.x.x.x and computername, you must enter the IP address or computer
name.

8. netuser

This command changes the Windows account password without knowing the previous
password:

net user Tarfandestan *

Enter Windows username instead of Tarfandestan and enter the new password after
pressing Enter.

And

9. Other commands

There are other commands that can help you.

Connect to the destination device with Administrator access:

net use \ ipaddressipc $ “” / user: administrator

Enter the IP address instead of the ipaddress.

After connecting to the destination, use this command if you want to browse the
entire C drive:

net use K: \ computernameC $

Enter the computer name instead of the computername.

This command creates a virtual drive.
Note that this command works when the destination computer has not set the
Adminastrator password.

And finally the Help command to receive guidance:

command / help

Or

command /?

⭕Get sim details and state of a number ⭕

https://www.findandtrace.com/trace-mobile-number-location

https://play.google.com/store/apps/details?id=com.truecaller

https://mobilenumbertracker.com/

⭕Ip tracer tool⭕

How to install IP-Tracer ?

apt update
apt install git -y
git clone https://github.com/rajkumardusad/IP-Tracer.git
cd IP-Tracer
chmod +x install
sh install or ./install

How to use IP-Tracer

trace -m to track your own ip address.
trace -t target-ip to track other's ip address for example ip-tracer -t 127.0.0.1
trace for more information.
OR

ip-tracer -m to track your own ip address.

ip-tracer -t target-ip to track other's ip address for example ip-tracer -t
127.0.0.1
⭕Check blacklisted ip here⭕

With this Free API you can detect and block, fraudulent IPs that connect to your
website from a Hosting, Proxy or VPN.
Stop losing money and time in worrying about users who connect to your website or
application fraudulently.

https://www.iphunter.info/

⭕Free IP Stressers⭕
https://www.stressthem.to/booter

https://www.freeboot.to/booter/stress.php

https://www.ipstresser.com/

https://freeddosbooter.com/

https://boot4free.co/

https://freeipstress.com/

https://freestresser.me/

https://topbooter.net/home

https://stressing.ninja/

https://instant-stresser.to/

https://muxbooter.com/

Change IP Address In Less Than 30 Seconds on windows

Click on “Start” in the bottom left hand corner of screen

Click on “Run”

Type in “command” and hit ok

You should now be at an MSDOS prompt screen.

Type “ipconfig /release” just like that, and hit “enter”

Type “exit” and leave the prompt

Right-click on “Network Places” or “My Network Places” on your desktop.

Click on “properties”

You should now be on a screen with something titled “Local Area Connection”, or
something close to that, and,

if you have a network hooked up, all of your other networks.

Right click on “Local Area Connection” and click “properties”

Double-click on the “Internet Protocol (TCP/IP)” from the list under the “General”
tab

Click on “Use the following IP address” under the “General” tab

Create an IP address

Press “Tab” and it should automatically fill in the “Subnet Mask” section with
default numbers.

Hit the “Ok” button here

Hit the “Ok” button again

You should now be back to the “Local Area Connection” screen.

Right-click back on “Local Area Connection” and go to properties again.

Go back to the “TCP/IP” settings

This time, select “Obtain an IP address automatically”

Hit “Ok”

Hit “Ok” again

You now have a new IP address

⭕What a hacker can do with an ip address?⭕

Hackers have been known to use stolen IP addresses to download illegal content like
pirated material,
child pornography, or content that threatens national security. Hacked IP addresses
can also be used for DDoS attacks (“distributed denial-of-service”),
which basically shut down your access to the Internet.

How to Protect Your IP Address?

If you can hide your IP address, you can protect your device, online identity, and
data. There are two ways to go about it:

Using a VPN is a safer option where your device acts like it’s on the same network
locally as the VPN.
Thus, you can safely access the network even from another country or browse geo-
blocked sites. Example: NordVPN, Surfshark, Proton VPN, etc.

Using a proxy server provides an intermediary web server through which your traffic
gets routed.
It masks your original IP address and shows the proxy server’s IP address. Example:
Bright Data, Smartproxy, etc.

+---------------------------------------------------------------+
| 0x04 OSINT TOOLS |
+---------------------------------------------------------------+

1. OSINT FRAMEWORK
While OSINT FRAMEWORK isn't a tool to be run on your servers,
it's a very useful way to get valuable information by querying free search engines,
resources, and tools publicly available on the Internet.
They are focused on bringing the best links to valuable sources of OSINT data.

While this web application was originally created focused on IT security,

with the time it has evolved and today you can get other kinds of information from
other industries as well.
Most of the websites it uses to query the information are free, but some may
require paying a low fee.

OSINT Framework

2. CheckUserNames
CheckUserNames is an online OSINT tool that can help you to find usernames across
over 170 social networks.
This is especially useful if you are running an investigation to determine the
usage of the same username on different social networks.

It can be also used to check for brand company names, not only individuals.

3. HaveIbeenPwned
HaveIbeenPwned can help you to check if your account has been compromised in the
past.
This site was developed by Troy Hunt, one of the most respected IT security
professionals of this market,
and it's been serving accurate reports since years.

If you suspect your account has been compromised,

or want to verify for 3rd party compromises on external accounts,
this is the perfect tool. It can track down web compromise from many sources like
Gmail, Hotmail,
Yahoo accounts, as well as LastFM, Kickstarter, Wordpress.com, Linkedin and many
other popular websites.

Once you introduce your email address,

the results will be displayed, showing something like:

HaveIbeenPwned
4. BeenVerified
BeenVerified is another similar tool that is used when you need to search people on
public internet records.
It can be pretty useful to get more valuable information about any person in the
world when you are conducting an
IT security investigation and a target is an unknown person.

After done, the results page will be displayed with all the people that match the
person's name,
along with their details, geographic location, phone number, etc.
Once found, you can build your own reports.

The amazing thing about BeenVerified it's that it also includes information about
criminal records and official government information as well.

BeenVerified background reports may include information from multiple databases,

bankruptcy records, career history, social media profiles and even online photos.
5. Censys
Censys is a wonderful search engine used to get the latest and most accurate
information about any device connected to the internet,
it can be servers or domain names.

You will be able to find full geographic and technical details about 80 and 443
ports running on any server,
as well as HTTP/S body content & GET response of the target website, Chrome TLS
Handshake, full SSL Certificate Chain information, and WHOIS information.

6. BuiltWith
BuiltWith is a cool way to detect which technologies are used at any website on the
internet.

It includes full detailed information about CMS used like Wordpress,

Joomla, Drupal, etc, as well as full depth Javascript and CSS libraries like
jquery,
bootstrap/foundation, external fonts, web server type (Nginx, Apache, IIS, etc),
SSL provider as well as web hosting provider used.

BuiltWith also lets you find which are the most popular technologies running right
now,
or which ones are becoming trending.

Without any doubt, it is a very good open source intelligence tool to gather all
the possible technical details about any website.

7. Google Dorks
While investigating people or companies, a lot of IT security newbies forget the
importance of using traditional search engines for recon and intel gathering.

In this case, GOOGLE DORKS can be your best friend. They have been there since
2002 and can help you a lot in your intel reconnaissance.

Google Dorks are simply ways to query Google against certain information that may
be useful for your security investigation.

Search engines index a lot of information about almost anything on the internet,
including individual, companies, and their data.

Some popular operators used to perform Google Dorking:

Filetype: you can use this dork to find any kind of filetypes.
Ext: can help you to find files with specific extensions (eg. .txt, .log, etc).
Intext: can perform queries helps to search for specific text inside any page.
Intitle: it will search for any specific words inside the page title.
Inurl: will look out for mentioned words inside the URL of any website.
Log files aren't supposed to be indexed by search engines, however, they do, and
you can get valuable information from these Google Dorks, as you see below:

Google Dorks
Now let's focus on other more practical tools used by the most respected InfoSec
professionals:

8. Maltego
Is an amazing tool to track down footprints of any target you need to match. This
piece of software has been developed by Paterva,
and it's part of the Kali Linux distribution.

Using Maltego will allow you to launch reconnaissance testes against specific
targets.

One of the best things this software includes is what they call 'transforms'.
Transforms are available for free in some cases, and on others, you will find
commercial versions only.
They will help you to run a different kind of tests and data integration with
external applications.

In order to use Maltego you need to open a free account on their website, after
that,
you can launch a new machine or run transforms on the target from an existing one.
Once you have chosen your transforms, Maltego app will start running all the
transforms from Maltego servers.

Finally, Maltego will show you the results for the specified target, like IP,
domains, AS numbers, and much more.

9. Recon-Ng
Recon-ng comes already built in the Kali Linux distribution and is another great
tool used to perform quickly and thoroughly reconnaissance on remote targets.

This web reconnaissance framework was written in Python and includes many modules,
convenience functions and interactive help to guide you on how to use it properly.

The simple command-based interface allows you to run common operations like
interacting with a database,
run web requests, manage API keys or standardizing output content.

Fetching information about any target is pretty easy and can be done within seconds
after installing.
It includes interesting modules like google_site_web and bing_domain_web that can
be used to find valuable information about the target domains.

While some recon-ng modules are pretty passive as they never hit the target
network, others can launch interesting stuff right against the remote host.

Recon-Ng
10. theHarvester
theHarvester is another great alternative to fetch valuable information about any
subdomain names,
virtual hosts, open ports and email address of any company/website.

This is especially useful when you are in the first steps of a penetration test
against your own local network,
or against 3rd party authorized networks. Same as previous tools, theHarvester is
included inside Kali Linux distro.
theHarvester uses many resources to fetch the data like PGP key servers, Bing,
Baidu, Yahoo and Google search engine,
and also social networks like Linkedin, Twitter and Google Plus.

It can also be used to launch active penetration test like DNS brute force based on
dictionary attack,
rDNS lookups and DNS TLD expansion using dictionary brute force enumeration.

11. Shodan
Shodan is a network security monitor and search engine focused on the deep web &
the internet of things.
It was created by John Matherly in 2009 to keep track of publicly accessible
computers inside any network.

It is often called the 'search engine for hackers',

as it lets you find and explore a different kind of devices connected to a network
like servers, routers, webcams, and more.

Shodan is pretty much like Google, but instead of showing you fancy images and rich
content / informative websites,
it will show you things that are more related to the interest of IT security
researchers like
SSH, FTP, SNMP, Telnet, RTSP, IMAP and HTTP server banners and public information.
Results will be shown ordered by country, operating system, network, and ports.

Shodan users are not only able to reach servers, webcams, and routers.
It can be used to scan almost anything that is connected to the internet,
including but not limited to traffic lights systems, home heating systems,
water park control panels, water plants, nuclear power plants, and much more.

12. Jigsaw
Jigsaw is used to gather information about any company employees.
This tool works perfectly for companies like Google, Linkedin, or Microsoft,
where we can just pick up one of their domain names (like google.com),
and then gather all their employee's emails on the different company departments.

The only drawback is that these queries are launched against Jigsaw database
located at jigsaw.com,
so, we depend entirely on what information they allow us to explore inside their
database.
You will be able to find information about big companies, but if you are exploring
a not so famous startup then you may be out of luck.

13. SpiderFoot
SpiderFoot is one of the best reconnaissance tools out there if you want to
automate OSINT and have fast results for reconnaissance,
threat intelligence, and perimeter monitoring.
This recon tool can help you to launch queries over 100 public data sources to
gather intelligence on generic names,
domain names, email addresses, and IP addresses.

Using Spiderfoot is pretty much easy, just specify the target,

choose which modules you want to run, and Spiderfoot will do the hard job for you
collecting all the intel data from the modules.

14. Creepy
Creepy is a geo-location OSINT tool for infosec professionals.
It offers the ability to get full geolocation data from any individuals by querying
social networking platforms like Twitter, Flickr, Facebook, etc.

If anyone uploads an image to any of these social networks with geolocation feature
activated,
then you will be able to see a full active mal where this person has been.

You will be able to filter based on exact locations, or even by date.

After that, you can export the results in CSV or KML format.

Creepy
15. Nmap
Nmap is one of the most popular and widely used security auditing tools, its name
means "Network Mapper".
Is a free and open source utility utilized for security auditing and network
exploration across local and remote hosts.

Some of the main features include:

Host detection: Nmap has the ability to identify hosts inside any network that have
certain ports open, or that can send a response to ICMP and TCP packets.
IP and DNS information detection: including device type, Mac addresses and even
reverse DNS names.
Port detection: Nmap can detect any port open on the target network, and let you
know the possible running services on it.
OS detection: get full OS version detection and hardware specifications of any host
connected.
Version detection: Nmap is also able to get application name and version number.
16. WebShag
WebShag is a great server auditing tool used to scan HTTP and HTTPS protocols. Same
as other tools,
it's part of Kali Linux and can help you a lot in your IT security research &
penetration testing.

You will be able to launch a simple scan, or use advanced methods like through a
proxy, or over HTTP authentication.

Written in Python, it can be one of your best allies while auditing systems.

Main features include:

PORT scan
URL scanning
File fuzzing
Website crawling
In order to avoid getting blocked by remote server security systems,
it uses an intelligent IDS evasion system by launching random requests per HTTP
proxy server,
so you can keep auditing the server without being banned.
17. OpenVAS
OpenVAS (Open Vulnerability Assessment System) is a security framework that
includes particular services and tools for infosec professionals.

This is an open source vulnerability scanner & security manager that was built
after the famous Nessus switched from open source to private source.
Then, the original developers of the Nessus vulnerability scanner decided to fork
the original project and create OpenVAS.

While it is a little bit more difficult to setup than the old Nessus,
it's quite effective while working with it to analyze the security of remote hosts.

The main tool included in OpenVAS is OpenVAS Scanner,

a highly efficient agent that executes all the network vulnerability tests over the
target machine.

On the other hand, another main component is called OpenVAS Manager,

which is basically vulnerability management solution that allows you to store
scanned data into an SQLite database,
so then you can search, filter and order the scan results in a fancy and easy way.

18. Fierce
Fierce is an IP and DNS recon tool written in PERL, famous for helping IT sec
professionals to find target IPs associated with domain names.

It was written originally by RSnake along with other members of the old
http://ha.ckers.org/.
It's used mostly targetting local and remote corporate networks.

Once you have defined your target network,

it will launch several scans against the selected domains and then it will try to
find misconfigured networks
and vulnerable points that can later leak private and valuable data.

The results will be ready within a few minutes, a little bit more than when you
perform any other scan with similar tools like Nessus,
Nikto, Unicornscan, etc.

Fierce
19. Unicornscan
Unicornscan is one of the top intel gathering tools for security research.
It has also a built-in correlation engine that aims to be efficient, flexible and
scalable at the same time.

Main features include:

Full TCP/IP device/network scan.

Asynchronous stateless TCP scanning (including all TCP Flags variations).
Asynchronous TCP banner detection.
UDP Protocol scanning.
A/P OS identification.
Application and component detection.
Support for SQL Relational Output
20. Foca
FOCA (Fingerprinting Organizations with Collected Archives) is a tool written by
ElevenPaths that can be used to scan,
analyze, extract and classify information from remote web servers and their hidden
information.

Foca has the ability to analyze and collect valuable data from MS Office suite,
OpenOffice, PDF,
as well as Adobe InDesign and SVG and GIF files. This security tool also works
actively with Google,
Bing and DuckDuckGo search engines to collect additional data from those files.
Once you have the full file list,
it starts extracting information to attempt to identify more valuable data from the
files.

21. ZoomEye
In the cybersecurity world, we researchers are used to popular IoT search engines
such as Shodan or Censys.
For a while, however, a powerful new IoT search engine has been rapidly gaining
followers. We're talking about ZoomEye.

ZoomEye is a Chinese IoT OSINT search engine that allows users to grab public data
from exposed devices and web services.
In order to build its database it uses Wmap and Xmap, and then runs extensive
fingerprinting against all the information found,
ultimately presenting it to users in a filtered and curated way for easy
visualization.

What information can you find with ZoomEye?

IPs interacting with networks and hosts

Open ports on remote servers
Total number of hosted websites
Total number of devices found
Interactive map of users hitting different devices
Vulnerabilities report
And much more. The public version offers access to a lot of data—but if you want to
see what it can really do,
we suggest you sign up for a free account. That way you'll get to test the real
power of this OSINT tool.

22. Spyse
Spyse is another OSINT search engine that lets anyone grab critical information
about any website in the world.
Quite simply, Spyse is an infosec crawler that gets useful information for red and
blue teams during the reconnaissance process.

Its database is one of the biggest around. Spyse users can access a diverse range
of data including:

IP addresses (3.6B IPv4 hosts)

DNS records (2.2B)
Domain names (1.2 B)
ASN (68K)
Vulnerabilities (141K)
Associated domains
SSL/TLS data (29M)
If you're looking for a centralized website that will help you get the most
important OSINT on any target,
then Spyse seems to be one of the top choices, according to many modern infosec
teams.

23. IVRE
This infosec tool is frequently overlooked, but it has great potential in boosting
your infosec discovery and analysis processes.
IVRE is an open source tool that's built on a base of popular projects like Nmap,
Masscan, ZDNS, and ZGrab2.

Its framework uses these popular tools to gather network intelligence on any host,
then uses a MongoDB database to store the data.

Its web-based interface makes it easy for both beginning and advanced infosec users
to perform the following actions:

Passive reconnaissance by flow analysis (from Zeek, Argus or nfdump)

Active reconnaissance by using Zmap and Nmap
Fingerprinting analysis
Import data from other 3rd party infosec apps, such as Masscan/Nmap
IVRE can be installed by fetching the source from their official Github repo, or
from 3rd-party repositories such as Kali Linux repo.

24. Metagoofil
Metagoofil is another great intel-reconnaissance tool that aims to help infosec
researchers,
IT managers, and red teams to extract metadata from different types of files, such
as:

doc
docx
pdf
xls
xlsx
ppt
pptx
How does it work? This app performs a deep search on search engines like Google,
focusing on these types of files.
Once it detects such a file, it will download it to your local storage, then
proceed to extract all of its valuable data.

Once the extraction is complete, you'll see a full report with usernames, software
banners, app versions, hostnames and more,
a valuable resource for your recon phase.

Metagoofil also includes a number of options to help you filter the types of files
to search for, refine the results and tweak the output,
among many other useful features.
25. Exiftool
While a lot of OSINT tools focus on data found on public files such as PDF, .DOC,
HTML, .SQL, etc.,
there are other tools that are specifically designed to extract critical Open
Source Intelligence data from image, video and audio files.

Exiftool reads, writes and extracts metadata from the following types of files:

EXIF
IPTC
GPS
XMP
JFIF
And many others
It also supports native files from a wide range of cameras, such as: Canon, Casio,
FujiFilm, Kodak,
Sony, and many others. It's also conveniently available on multiple platforms
including Linux, Windows and MacOS.

+---------------------------------------------------------------+
| 0x05 GOOGLE DORKING |
+---------------------------------------------------------------+

Google Dorks List 2021 – Google Hacking Database (Download)

Below is the file which has all the new Google Dorks that you can use for your
Google hacking techniques.

2021/2022 Google Dorks List Download

https://www.mediafire.com/file/6ic59brlupvsz7i/Google-Dorks-List-New-2020.txt/file

????How to use Google Dorks for Credit Cards Details????

Step 1: Find Vulnerable Sites Using Google Dorks
We will use Google Dorks for getting credit card details by simply filtering the
Search results containing the saved credit cards details.

Type the below code into your Google Search Bar:-

inurl:”.php?cat=”+intext:”Paypal”

Wondering what this weird thing is?

This is a basic Google dork code to get info about Paypal credit card.

Simply “inurl:” will filter the Google search results with websites having ” .php?
cat “.

Whereas the intext will filter the search results containing the text”Paypal“.

After searching for the above Google Dork you will get a ton of websites containing
various details about the Paypal payments.

The above Google dork is not only the single and most relevant Google Dork, there
are a lot of others.

inurl:”.php?id=” intext:”Chekout”
inurl:”.php?id=” intext:”/Buy now/”

inurl:”.php?id=” intext:”/Payment Successful/”

inurl:”.php?id=” intext:”/Delivery address/”

inurl:”.php?id=” intext:”/Payment method/”

inurl:”.php?id=” intext:”/store/”

inurl:”.php?id=” intext:”/Delivery time/”

inurl:”.php?id=” intext:”/add to kart/”

inurl:”.php?id=” intext:”/Proceed to payment/”

inurl:”.php?id=” intext:”/Keep shoping/”

Also check out: List of 1000+Fresh Google Dorks

When entering these Google Dorks for credit card details you can get a warning from
Google like below:

Don’t worry, fill the Captcha and you are good to go again.

Step 2: Use SQL In

jection to Login after getting the Google Dorks for credit card detail:

Google dorks for credit card

SQL is the common hacking technique used in cracking the logging insecurities.

Injecting a SQL code can bypass the username and password verification by sending a
specific code instead of the real username and password.

Suppose you have got a list of websites using Google dorks which you are gonna use
to get credit card details of people.

Go to the login page of a particular website and instead of entering the Email Id
and password fill both fields with

” or “”=”
After entering the above code press the login button.
If your luck is with you have chances of getting logged in into someone’s account.
Either read my sql article given in telegram channel @its_me_kali_moments

NOTE: Above topic is only for educational purpose and we don’t appreciate any kind
of illegal activities using Google Dorks.

What are search operators?

Google Operators are strings used to narrow the search results downwards.
When using search operators and adding the keywords these operators compel search
engines to show the specific result.

Now can i make my own dork ?

Yes, you can you just need to be little bit create with this. example if you want
to get shopping sites in india then dork is

inurl:”cart.php” intext:shopping” site:in

lets break it :

inurl => in url of website

intext: => in text of website pages or posts

site => search of in domains only.

And get all working google dorks

here ==>@its_me_kali

Some of the popular examples for finding websites that are vulnerable to SQL
injection, XSS, API keys etc. are

Dork for SQL Injection - inurl: .php?id=

2. Dork for XSS - inurl:”.php?searchstring=”

3. Dork for API keys - intitle:”index of” api_key OR “api key” OR apiKey

Above are the most common examples of finding some common vulnerabilities on the
websites, but this aren’t the limited one.

Still there are many websites that are passing sensitive information using GET
method,
to make it secure you can use the blocking rules. Commonly,
the blocking rules could be setup easily by write some “Disallow” rules at
robots.txt file.

Blocking Rules
While hunting on a private program I found a request where they were using GET
parameter which contained email,
some key, ID, my country name etc. So I tried finding email’s of other users on the
same site and I got some yahoo email ID’s

Dork Used for yahoo : site:target.com inurl:’@yahoo.co’ (which will give me .com
and .co.in) emails of yahoo

Yahoo
I got an excel sheet containing yahoo emails and phone numbers of the users of that
site.
Now I wanted to find some more emails so I enumerated further and got emails of
outlook.live and gmail.com

2. Dork Used for outlook : site:target.com inurl:’@live.com’

Outlook
3. Dork Used for gmail : site:target.com inurl:’@gmail.com’

Gmail
Some more useful dorks :

site:<Website> inurl:<GET Parameter>

Example :

i) site:target.com inurl:api_key

ii) site:target.com inurl:email

iii) site:target.com inurl:amount

2. intitle:”index of” “/etc/mysql/”

3. site:”target.com” database.yml

4. inurl:group_concat(username, filetype:php intext:admin

5. inurl:/wwwboard/passwd.txt

6. filetype:reg reg HKEY_CLASSES_ROOT -git

7. inurl:/database* ext:sql intext:index of -site:target.com

This are some of the not so common but useful Google Dorks to find sensitive
information of the website.
You can also modify this dorks and you can also use more dorks with this dorks.

NOTE : You can prevent a page from appearing in Google Search by including a
“noindex” meta tag in the page's HTML code,
or by returning a 'noindex' header in the HTTP request.

???? HOW TO SEARCH ANY THREAD ON ANONFILES USING GOOGLE DORKS????

????SIMPLE : site:"anonfile.com" "<search term>"

???? EXAMPLE : site:"anonfile.com" "<combos>"

site:"anonfile.com" "<giftcards>"

Google Dorks https://play.google.com/store/apps/details?

id=com.rushic24.root.mydork2

????????SOME OTHER GOOGLE DORKS ????????

intext:"add you search test here" intitle:"index.of" +(wmv|mpg|avi|mp4|mkv|mov) -
inurl:(jsp|pl|php|html|aspx|htm|cf|shtml)

????Images :

intext:"add you search test here" intitle:"index.of./" (bmp|gif|jpg|png|psd|tif|

tiff) -inurl:(jsp|pl|php|html|aspx|htm|cf|shtml)

????Music :

intext:"add you search test here" intitle:"index.of./" (ac3|flac|m4a|mp3|ogg|wav|

wma) -inurl:(jsp|pl|php|html|aspx|htm|cf|shtml)

????Books :

intitle:"add you search test here" (pdf|epub|mob) "name or title" -inurl:(jsp|pl|

php|html|aspx|htm|cf|shtml)

???? Popular Google Dork operators

Google’s search engine has its own built-in query language. The following list of
queries can be run to find a list of files,
find information about your competition, track people, get information about SEO
backlinks, build email lists, and of course, discover web vulnerabilities.

Let’s look at the most popular Google Dorks and what they do.

cache: this dork will show you the cached version of any website, e.g. cache:
itsmekali.com
allintext: searches for specific text contained on any web page, e.g. allintext:
hacking tools
allintitle: exactly the same as allintext, but will show pages that contain titles
with X characters, e.g. allintitle:"Security Companies"
allinurl: it can be used to fetch results whose URL contains all the specified
characters, e.g: allinurl client area
filetype: used to search for any kind of file extensions, for example, if you want
to search for jpg files you can use: filetype: jpg
inurl: this is exactly the same as allinurl, but it is only useful for one single
keyword, e.g. inurl: admin
intitle: used to search for various keywords inside the title, for example,
intitle:security tools will search for titles beginning with “security”
but “tools” can be somewhere else in the page.
inanchor: this is useful when you need to search for an exact anchor text used on
any links, e.g. inanchor:"cyber security"
intext: useful to locate pages that contain certain characters or strings inside
their text, e.g. intext:"safe internet"
link: will show the list of web pages that have links to the specified URL, e.g.
link: microsoft.com
site: will show you the full list of all indexed URLs for the specified domain and
subdomain, e.g. site:securitytrails.com
*: wildcard used to search pages that contain “anything” before your word, e.g. how
to * a website, will return “how to…” design/create/hack, etc… “a website”.
|: this is a logical operator, e.g. "security" "tips" will show all the sites which
contain “security” or “tips,” or both words.
+: used to concatenate words, useful to detect pages that use more than one
specific key, e.g. it itsme+ kali
–: minus operator is used to avoiding showing results that contain certain words,
e.g. its_me_kali will show pages that use “its_me_kali” in their text, but not
those that have the word “Kali”
Google Dork examples
Let’s take a look at some practical examples. You’ll be surprised how easy is to
extract private information from any source just by using Google hacking
techniques.

????Log files????
Log files are the perfect example of how sensitive information can be found within
any website.
Error logs, access logs and other types of application logs are often discovered
inside the public HTTP space of websites.
This can help attackers find the PHP version you’re running, as well as the
critical system path of your CMS or frameworks.

For this kind of dork we can combine two Google operators, allintext and filetype,
for example:

allintext:username filetype:log

This will show a lot of results that include username inside all *.log files.

In the results we discovered one particular website showing an SQL error log from a
database server that included critical information:

MyBB SQL Error

SQL Error: 1062 - Duplicate entry 'XXX' for key 'username'
Query:
INSERT
INTO XXX
(`username`,`password`,`salt`,`loginkey`,`email`,`postnum`,`avatar`,`avatartype`,
`usergroup`,`additionalgroups`,`displaygroup`,`usertitle`,`regdate`,`lastactive`,`l
astvisit`,
`website`,`icq`,`aim`,`yahoo`,`msn`,`birthday`,`signature`,`allownotices`,`hideemai
l`,
`subscriptionmethod`,`receivepms`,`receivefrombuddy`,`pmnotice`,`pmnotify`,`showsig
s`,
`showavatars`,`showquickreply`,`showredirect`,`tpp`,`ppp`,`invisible`,`style`,`time
zone`,
`dstcorrection`,`threadmode`,`daysprune`,`dateformat`,`timeformat`,`regip`,`longreg
ip`,
`language`,`showcodebuttons`,`away`,`awaydate`,`returndate`,`awayreason`,`notepad`,
`referrer`,
`referrals`,`buddylist`,`ignorelist`,`pmfolders`,`warningpoints`,`moderateposts`,`m
oderationtime`,
`suspendposting`,`suspensiontime`,`coppauser`,`classicpostbit`,`usernotes`)
VALUES
('XXX','XXX','XXX','XXX','XXX','0','','','5','','0','','1389074395','1389074395','1
389074395',
'','0','','','','','','1','1','0','1','0','1','1','1','1','1','1','0','0','0','0','
5.5','2','linear',
'0','','','XXX','-
655077638','','1','0','0','0','','','0','0','','','','0','0','0','0','0','0','0',''
)
This example exposed the current database name, user login, password and email
values to the Internet. We’ve replaced the original values with “XXX”.

Vulnerable web servers

The following Google Dork can be used to detect vulnerable or hacked servers that
allow appending “/proc/self/cwd/” directly to the URL of your website.

inurl:/proc/self/cwd

As you can see in the following screenshot, vulnerable server results will appear,
along with their exposed directories that can be surfed from your own browser.

Vulnerable web servers

Open FTP servers
Google does not only index HTTP-based servers, it also indexes open FTP servers.

With the following dork, you’ll be able to explore public FTP servers, which can
often reveal interesting things.

intitle:"index of" inurl:ftp

In this example, we found an important government server with their FTP space open.
Chances are that this was on purpose — but it could also be a security issue.

Important government server with open FTP

ENV files
.env files are the ones used by popular web development frameworks to declare
general variables and configurations for local and online dev environments.

One of the recommended practices is to move these .env files to somewhere that
isn’t publicly accessible. However,
as you will see, there are a lot of devs who don’t care about this and insert their
.env file in the main public website directory.

As this is a critical dork we will not show you how do it; instead, we will only
show you the critical results:

ENV files
You’ll notice that unencrypted usernames, passwords and IPs are directly exposed in
the search results.
You don’t even need to click the links to get the database login details.

SSH private keys

SSH private keys are used to decrypt information that is exchanged in the SSH
protocol.
As a general security rule, private keys must always remain on the system being
used to access the remote SSH server, and shouldn’t be shared with anyone.

With the following dork, you’ll be able to find SSH private keys that were indexed
by uncle Google.

intitle:index.of id_rsa -id_rsa.pub

Let’s move on to another interesting SSH Dork.

If this isn’t your lucky day, and you’re using a Windows operating system with
PUTTY SSH client,
remember that this program always logs the usernames of your SSH connections.

In this case, we can use a simple dork to fetch SSH usernames from PUTTY logs:

filetype:log username putty

Here’s the expected output:

SSH usernames
Email lists
It’s pretty easy to find email lists using Google Dorks. In the following example,
we are going to fetch excel files which may contain a lot of email addresses.

filetype:xls inurl:"email.xls"

Email lists
We filtered to check out only the .edu domain names and found a popular university
with around 1800 emails from students and teachers.

site:.edu filetype:xls inurl:"email.xls"

Remember that the real power of Google Dorks comes from the unlimited combinations
you can use.
Spammers know this trick too, and use it on a daily basis to build and grow their
spamming email lists.

Live cameras
Have you ever wondered if your private live camera could be watched not only by you
but also by anyone on the Internet?

The following Google hacking techniques can help you fetch live camera web pages
that are not restricted by IP.

Here’s the dork to fetch various IP based cameras:

inurl:top.htm inurl:currenttime

To find WebcamXP-based transmissions:

intitle:"webcamXP 5"

And another one for general live cameras:

inurl:"lvappl.htm"

There are a lot of live camera dorks that can let you watch any part of the world,
live.
You can find education, government, and even military cameras without IP
restrictions.

If you get creative you can even do some white hat penetration testing on these
cameras;
you’ll be surprised at how you’re able to take control of the full admin panel
remotely, and even re-configure the cameras as you like.

Live cameras
MP3, Movie, and PDF files
Nowadays almost no one downloads music after Spotify and Apple Music appeared on
the market. However,
if you’re one of those classic individuals who still download legal music, you can
use this dork to find mp3 files:

intitle: index of mp3

The same applies to legal free media files or PDF documents you may need:

intitle: index of pdf intext: .mp4

Weather
Google hacking techniques can be used to fetch any kind of information,
and that includes many different types of electronic devices connected to the
Internet.

In this case, we ran a dork that lets you fetch Weather Wing device transmissions.
If you’re involved in meteorology stuff or merely curious, check this out:

intitle:"Weather Wing WS-2"

The output will show you several devices connected around the world,
which share weather details such as wind direction, temperature, humidity and more.

weather-wing-device-transmissions
Preventing Google Dorks
There are a lot of ways to avoid falling into the hands of a Google Dork.

These measures are suggested to prevent your sensitive information from being
indexed by search engines.

Protect private areas with a user and password authentication and also by using IP-
based restrictions.
Encrypt your sensitive information (user, passwords, credit cards, emails,
addresses, IP addresses, phone numbers, etc).
Run regular vulnerability scans against your site, these usually already use
popular
Google Dorks queries and can be pretty effective in detecting the most common ones.
Run regular dork queries against your own website to see if you can find any
important information before the bad guys do.
You can find a great list of popular dorks at the Exploit DB Dorks database.
If you find sensitive content exposed, request its removal by using Google Search
Console.
Block sensitive content by using a robots.txt file located in your root-level
website directory.
Using robots.txt configurations to prevent Google Dorking
One of the best ways to prevent Google dorks is by using a robots.txt file. Let’s
see some practical examples.

The following configuration will deny all crawling from any directory within your
website,
which is pretty useful for private access websites that don’t rely on publicly-
indexable Internet content.

User-agent: *
Disallow: /
You can also block specific directories to be excepted from web crawling.
If you have an /admin area and you need to protect it, just place this code inside:

User-agent: *
Disallow: /admin/
This will also protect all the subdirectories inside.

Restrict access to specific files:

User-agent: *
Disallow: /privatearea/file.htm
Restrict access to dynamic URLs that contain ‘?’ symbol

User-agent: *
Disallow: /*?
To restrict access to specific file extensions you can use:

User-agent: *
Disallow: /*.php$/
In this case, all access to .php files will be denied.

Advanced Google Dorking Commands

intitle:"index of" inurl:ftp.

filetype:txt inurl:"email.txt"
Live cameras We can use Google to find open cameras that are not access restricted
by IP address. The following Google dorks retrieve live cameras web pages.
inurl:"view.shtml" "Network Camera"
"Camera Live Image" inurl:"guestimage.html"
filetype:log intext:password after:2021 intext:@gmail.com | @yahoo.com |
@hotmail.com

- - - > SITES

World records:

https://phonebookoftheworld.com/

USA People Search

http://10digits.us

http://www.whitepages.com

http://www.411.com

http://www.zabasearch.com

http://www.intelius.com

http://www.yellowpages.com

http://publicrecords.directory/

http://www.411locate.com

http://www.addresses.com

http://www.spokeo.com

http://www.anywho.com

http://www.peoplefinders.com

http://www.skipease.com

https://www.vetfriends.com/

http://radaris.com

http://www.superpages.com

http://www.advancedbackgroundchecks.com/

https://nuwber.com/

Europe People Search:

https://www.angloinfo.com/how-to/belgium...irectories

https://europetelephones.com/white_pages

http://1414.be/index.php

https://phonebookoftheworld.com/

https://www.whitepages.be/

http://www.1307.be/

https://www.infobel.com/fr/belgium/

https://www.goldenpages.be/
https://osintframework.com/

https://hunter.io/

UK People Search

https://www.gov.uk/electoral-register/overview

http://www.searchelectoralroll.co.uk/Ele...Search.asp

http://www.192.com

http://webmii.com

http://www.kgbpeople.com

http://www.yasni.com

http://www.peekyou.com/united_kingdom

https://t2a.co/products/people/see_who_l...an_address

http://britishphonebook.com/

Canada People Search

http://www.canada411.ca

http://www.freeality.com/whitepages_ca.htm

https://www.canadapost.ca/cpo/mc/persona...de/fpc.jsf

http://world.192.com/north-america/canada

Phone Search

http://www.spydialer.com/

http://www.phonevalidator.com

http://www.fonefinder.net

http://canada.numbers.tel

http://www.infobel.com/en/world

http://www.spokeo.com/reverse-phone-lookup
https://www.phone.instantcheckmate.com/

http://www.freecellphonedirectorylookup.com

http://www.numberway.com/

Username Search

https://www.google.com/advanced_search

https://pipl.com

http://checkusernames.com

http://knowem.com

Picture Search

http://www.tineye.com

https://images.google.com/

http://exifdata.com/

http://geoimgr.com/

Email Search

http://com.lullar.com

http://www.emailfinder.com

http://www.spokeo.com/email-search

http://ctrlq.org/google/images/

http://emailchange.com/

MISC Search
http://www.criminalsearches.com

http://www.advancedbackgroundchecks.com

http://www.usatrace.com

http://www.criminalsearches.com

http://www.abika.com

http://publicrecords.onlinesearches.com

http://www.jailbase.com/en/sources/fl-lcso

http://www.gps-coordinates.net/

http://www.speedguide.net/ip/

http://db-ip.com/

http://www.ipgeek.org/

http://www.onewildworld.co.uk/number.php

https://www.facebook.com/family/LASTNAME...ght=100%25

https://www.cable.co.uk/tools/broadband-speed-test/

Useful sites to get/use IPs

https://www.iplocation.net/

http://whatismyipaddress.com/geolocation-accuracy

http://www.proxyornot.com

http://www.infosniper.net

https://www.whois.net

http://www.ip-tracker.org

http://skypegrab.net

http://mostwantedhf.info

http://iphostinfo.com/cloudflare/

http://orcahub.com/index.php?act=link-ip-snatcher --- Use that with URL link

shortener

Social Network Searches

http://www.facebook.com/directory/people/

http://topsy.com/

http://monitter.com/

http://socialmention.com/

http://knowem.com/

http://twoogel.com/

http://www.yacktrack.com

http://www.samepoint.com/

http://www.whostalkin.com/

Passwords

https://haveibeenpwned.com/

https://www.hacked-db.com/

https://www.leakedsource.com

http://www.hashkiller.co.uk/md5-decrypter.aspx

https://hacked-emails.com

https://breachalarm.com/

https://lastpass.com/adobe/

And Most Important of all: https://google.com

Misc. Search Sites:

https://www.peoplesmart.com/

http://www.spokeo.com

http://www.pipl.com

http://www.peekyou.com/

http://www.ipeople.com

http://www.yasni.com

http://www.skipease.com
http://www.peekyou.com

http://www.soople.com

http://Abika.com

http://freeality.com

http://radaris.com

http://www.isearch.com/

http://www.keotag.com/

http://yahoo.intelius.com/

http://www.findermind.com/free-people-search-engines/

http://www.192.com/ (UK)

http://www.phoneebook.co.uk/ (UK)

http://britishphonebook.com (UK)

http://www.searchelectoralroll.co.uk/ (UK)

http://exifdata.com/ (viewing information behind a picture)

http://verify-email.org/

http://118.dk (Denmark)

http://www.411.com

http://10digits.us

https://www.dobsearch.com

http://www.birthdatabase.com

http://www.rootsuk.com (UK)

WhitePages Search:

http://www.whitepages.com

http://www.zabasearch.com/

Archives Search:
http://aad.archives.gov/aad/series-list.jsp?cat=GS29

http://www.archive.org/web/web.php

Social Network Searches:

http://www.facebook.com/directory/people/

http://topsy.com/

http://monitter.com/ (Monitor twitter convos)

http://www.twitteraccountsdetails.com

http://socialmention.com/

http://knowem.com/

http://twoogel.com/

http://www.yacktrack.com

http://www.samepoint.com/

http://www.whostalkin.com/

Passwords!:

https://skidbase.io/ (Buy private/public DB entrys $0.50 per DB entry)

https://haveibeenpwned.com/

https://www.hacked-db.com/

http://www.hashkiller.co.uk/md5-decrypter.aspx

Phone Information & Lookups:

http://www.freecellphonedirectorylookup.com

http://www.numberway.com

http://www.fonefinder.net

http://www.infobel.com

https://www.number-data.org

http://this-phone-number.com
Public & Criminal Records Search:

http://publicrecords.onlinesearches.com

http://www.jailbase.com/

IP Address:

http://whatstheirip.com

http://www.ip-tracker.org (IP lookup)

http://resolver.in/resolve (skype2IP + IP2skype)

http://resolvethem.com/ (another resolver)

https://www.hanzresolver.com/ (a third resolver)

http://ipaddress.com/ (IP lookup)

Website:

http://who.is

*Please note some sites may be country specific

Once DOX is finished

-----------------------------------------------------------------------------------
-----------

You can never go wrong with anonymous police tips :^)

Free booters:

http://www.netbreak.ec

https://www.vbooter.org

Free boxes:
https://store.usps.com/store/browse/subc...g-supplies

Christian spam:

http://www.christianityfreebies.com/index.cfm (spam need email)

Free bible/Koran:

http://www.freebibles.net/New%20Bible%20...20Form.htm (free bible)

http://www.islamtomorrow.com/freequran.asp

http://learnaboutislam.org/

http://www.allahsquran.com/free/

http://www.whyislam.org/services/order-literature/

Misc free stuff:

http://www.samplebuddy.com/

http://samples.biofreeze.com/

Ordering food:

https://order.pizzahut.com/home

http://www.dominos.com/

http://www.papajohns.com/

http://www.chick-fil-a.com/

https://www.grubhub.com/

http://eat24hours.com/

Missionary appointment:

http://www.mormon.org.uk/missionaries

Calls:

http://www.prankdial.com/

http://www.hoaxcall.com/
http://www.spoofcard.com/

https://call2friends.com/

Android/IOS app Heywire

Wake up call:

https://wakerupper.com/

http://www.wakeupdialer.com/

Mail spam:

http://www.mailbait.info

Anonymous Email / Email spoofing:

http://anonymousemail.me/