Google Hack Database (GHDB)

Wikto is a web server assessment tool. It us开发者_如何学JAVAes GHDB as one of the section when finding the vulnerabilities on the target site. Can anybody tell what is GHDB and how it is useful in finding the vulnerabilities?

The Google Hacking Database is a database list of queries that expose known issues with software that runs websites. There are some bugs that expose information you might not want the public reading (passwords, etc).

This isn't hacking you understand. This is just stuff Google has picked up while browsing around sites.

But turning to the scanner, anything which relies just on what Google can see isn't going to be very thorough for security analysis. Without looking too closely, I imaging wikto uses the patterns in the GHDB and tests them against your own site. If it finds matches, you might have a problem.

It's not going to test for actual exploits which are a real issue and will usually leave you much more open.

Ironically, Let me google that for you

It seems to be a repository of strings that when fed to google possibly return hidden pages and the like. I'm assuming that you can use it in conjunction with site:http://yourSiteHere.com to test if such pages return from your web site.