What is The HackSearch?
Why The HackSearch?
We know that Google indexes large amount of data which cannot be easily retrieved by a normal Googling. What are the contents of a webpage are indexed by these search engines? Passwords? Usernames? Sensitive directories? Or even server configuration files?! Who knows?
Anything that are exposed to public by a web application can be crawled by search engines, and they keep these records even-though we cleared those data from our sites (or site under test). The HackSearch helps the site owners/testers to effectively discover such sensitive data with ease.
How to use The HackSearch?
- Download & install The Hacksearch from chrome webstore
- Open the website under test in a new tab
- Click and open each and every options in The HackSearch extension. (While using this extension make sure that you are landed in the tab in which the site under test is kept open)
- Analyse the results, and find out if there is anything that should NOT be made public.
- Ask your developer/network administrator to fix it
How do I interpret the results ?
- No results should show any sensitive data such as credit card details or passwords.
- If the results show usernames, address or any other confidential details of yours, your employees or those of your firm, you need to rethink if it really needs to be shown. Ask them not to post confidential stuff in public forums.
- For any emails that show up in the search results, make sure you talk to your employees and friends to have a very strong password which is atleast 8 characters in length. Talk to them to change the password periodically.
- If the results show webpages, files or subdomains that should NOT be shown, talk to your developer/network administrator to fix it. He could do it by updating robots.txt and .htaccess or even by removing unwanted files or pages.
- Note: The data might still be available in google cache.
- If you need to immediately get the data removed from google index or cache, please go to Google Support Pages.
- If the domain health or information tabs of HackSearch show red flags or contain data that you dont seem to understand, dont worry. Just show it to your network administrator and he will help you out to fix it if there are any issues.