I’m sure you know, Security testers and investigators use Dorking (Google Hacking) to find sensitive information stored on websites. However, have you considered how a ridiculously intelligent AI assistant (ChatGPT), combined with our free DorkSearch service, could help you with Dorking? (or just do it all for you!)
Specific search operators and keywords can find vulnerabilities, sensitive files, and other information that may not be easily accessible. AI image recognition is growing by ability at 6%, year on year, with word-based AI growing by 8.5%. To put it in perspective, if your brain grew at the same rate, you’d be a genius… but your head would be the size of a hot air balloon!
Real-world use cases of ChatGPT’s assistance in Google Dorking for OSINT:
Just to get your brain on the same page as us, this is how some experts are already using the AI:
- Utilizes Natural Language Processing (NLP) for understanding and replying to human language
- Aids in finding new Google Dorks for OSINT
- Assists in improving search queries for faster information searching
- Analyzes past Google Dorking searches to identify new and helpful search operators and keywords
- Automates the Google Dorking process by running multiple search queries simultaneously
- Ideal for security researchers and investigators looking to save time and effort
- Investigators use Google Dorking not only to uncover sensitive information stored on websites but also to optimize SEO actively.
- Improve your search results with the advanced capabilities of ChatGPT
The power of ChatGPT doesn’t stop at just Google Dorking; it can also assist in security research and investigations.
How does ChatGTP work?
ChatGPT is a language model developed by OpenAI that uses deep learning to generate human-like text. It is based on the GPT (Generative Pre-trained Transformer) architecture. That’s quite a mouthful, so we’re glad they shortened it to GTP! GTP is a type of transformer neural network. The model is trained on billions of text, books, articles, websites, and backend databases that are openly accessible via APIs. We’ve even seen signs that it has leaked databases in its big brain!
When given a prompt or a text, it replies to you by ‘predicting’ the next word based on the patterns from training. For example, if your prompt is “What’s the weather like today in New York?”, ChatGPT would say “It’s currently sunny and 72 degrees in New York.” It can also generate more complex text, such as short stories or articles.
One of the critical advantages of ChatGPT is its ability to understand the context and generate coherent and fluent text. The model has been trained on a wide variety of text, so it has a good understanding of how language is used in different contexts. It can also focus on certain points of your text and give responses that are directly relevant to the subject.
Future versions of ChatGPT will continue to improve their ability to understand and generate text. It will be trained on more extensive and diverse datasets, making it more accurate and realistic in the next generation. New techniques like transfer learning and fine-tuning will also improve the model’s performance on specific tasks and domains.
How to use ChatGTP for Dorking?
ChatGPT can be used for Google Dorking (not really surprising, given the title of this article). One way to use ChatGPT for Dorking is to have it craft search queries. For example, ChatGPT could suggest search operators and keywords uncover specific types of information, such as login pages or sensitive files. This can save a significant amount of time for the hacker, as manually trying different combinations of search operators can be time-consuming.
Another way ChatGPT can be used is to analyze the results of a Google Dork search. ChatGPT can be trained to identify specific types of information, such as login pages or sensitive files, in the search results. This can help the hacker quickly identify potential vulnerabilities in a website.
We asked ChatGPT for a proposed 5-step plan for performing a security assessment with Dorking, which incorporates the usage of ChatGPT. What did it give us?… A proposed 1–5 step plan for integrating ChatGPT into a cyber security assessment of a website as part of using Google Dorking (exactly what we asked for, but in about 1.3 seconds!):
- Train ChatGPT on search operators and keywords commonly used in Google Dorking.
- Use ChatGPT to assist in crafting search queries for the website in assessment.
- Have ChatGPT analyze the results of the Google Dork search and identify potential vulnerabilities.
- Manually verify the vulnerabilities identified by ChatGPT.
- Document and report the vulnerabilities found in the website.
Where can AI help Osint?
We asked ChatGPT what it can help with, for GPT (and to give us examples). Here is what it said:
- Deep Learning: Allows ChatGPT to identify patterns and connections that would be difficult for humans to see
- Predictive Analytics: Allows ChatGPT to predict potential vulnerabilities and security threats
- Multilingual Support: Enables ChatGPT to understand and respond to multiple languages.
- These features are ideal for OSINT investigations and uncovering new vulnerabilities and security threats.
- Stay ahead of the curve with ChatGPT’s advanced features for Google Dorking and OSINT.
In addition to the above-mentioned features, ChatGPT can also assist in identifying new Google Dorks by analyzing large amounts of text data and identifying patterns and connections that would be difficult for humans to see.
Top 10 most potent Dorks, according to ChatGTP:
- site:domain.com filetype: pdf — This search operator will return all PDF files on a specific website.
- inurl: password — This search operator will return all pages that contain the word “password” in the URL.
- intext:”username” — This search operator will return all pages that contain the word “username” in the text.
- filetype:xls — This search operator will return all Excel files on a specific website.
- intitle: “index of” — This search operator will return all pages with “index of” in the title, which can often reveal directory listings and sensitive files.
- This search operator “inurl:”viewerframe?mode” actively finds cameras and other devices that have open ports and are actively connected to the Internet.
- “powered by” — This search operator will return all pages that contain the phrase “powered by,” which can reveal the technology used on a website and potential vulnerabilities.
- This search operator “intext: “Last modified” actively reveals the last updated date of pages or files by returning all pages that contain the phrase “Last modified” in the text.
- inurl: “admin” — This search operator will return all pages containing the word “admin” in the URL, revealing potential login pages for website administrators.
- intext:”privacy policy” — This search operator will return all pages containing the phrase “privacy policy” in the text, revealing important information about how a website handles user data.
Is it ethical or legal?
It’s important to note that Google Dorking can be used for legal and illegal activities. Therefore, it’s crucial to use it for legitimate and lawful purposes. Advanced AI and machine learning technologies (like ChatGPT) can greatly assist in identifying new vulnerabilities and sensitive information. Still, it’s essential to use it ethically and within the bounds of the law.
Another important aspect of Google Dorking is the potential to reveal individuals’ personal information and sensitive data. It’s crucial that any discovered data is reviewed with a ‘pinch of salt’. Also, Dork search operators can change over time as website security evolves.
As AI and machine learning evolve, we expect to see more advanced tools and techniques for Google Dorking for OSINT. For example, deep learning algorithms could allow for more advanced pattern recognition and identification of vulnerabilities. At the same time, predictive analytics could help security researchers and investigators stay one step ahead of potential threats.
It’s also important to note that Google Dorking is not the only method of uncovering sensitive information and vulnerabilities through OSINT; other techniques, such as scraping, social media monitoring, and data breaches, can also yield valuable information. AI and machine learning technologies can significantly assist in these areas.
To sum up…
This AI tool, built by OpenAI, can act like an extra member of your team but someone who pretty much knows everything. OSINT, Dorking, new ideas, literally anything it can help you on.
These advanced natural language processing engines (GPT), and automation capabilities, in general, will allow for quickly discovering sensitive information and vulnerabilities on websites. I don’t think anyone would disagree with that point!
However, at the moment, at least, it has limits. False positives and accuracy must be verified (it has a great way of making even the most ridiculous facts sound completely accurate), and more detailed legal and ethical points must be considered. I.e., by using the system to help with Dorking and OSINT, you are teaching a central AI how you do this work. Do you want an AI who knows how to do this stuff?
So, our conclusion? ChatGPT should be used in all OSINT & cyber investigations. With proper planning and ethical considerations in mind, your team’s capability has now grown significantly for free. Head to ChatGPT, sign up for free, and start your AI OSINT journey! And please let us know over in our LinkedIn community if you come across any new great uses for ChatGPT.
