Tuesday, 13 March 2012


























Why HackSearch ?

As part of our testing, we have seen that there are lots of webpages and files of websites that are indexed by google which are confidential and shouldn't be public. These stuff, available online, which even you might not be aware of can serve as reasons for malicious users to use it against you or hack into your website. The addon, HackSearch is made available so that all website owners can use it to discover the vulnerabilities themselves and use it to secure their websites.


How do I use it ?

  • Install HackSearch
  • Open up your website in the browser
  • Right click and select each of the options of HackSearch
  • Check every result that's shown ( Yes, it's a tedious job, but it is needed to secure your site ! )
  • See if there is any data that should NOT be made public
  • Ask your developer/network administrator to fix it



How do I interpret the results ?

  • No results should show any sensitive data such as credit card details or passwords.
  • If the results show usernames, address or any other confidential details of yours, your employees or those of your firm, you need to rethink if it really needs to be shown. Ask them not to post confidential stuff in public forums.
  • For any emails that show up in the search results, make sure you talk to your employees and friends to have a very strong password which is atleast 8 characters in length. Talk to them to change the password periodically.
  • If the results show webpages, files or subdomains that should NOT be shown, talk to your developer/network administrator to fix it. He could do it by updating robots.txt and .htaccess or even by removing unwanted files or pages. Note: The data might still be available in google cache.
  • If you need to immediately get the data removed from google index or cache, go to Google Support Pages.
  • If the domain health or information tabs of HackSearch show red flags or contain data that you dont seem to understand, dont worry. Just show it to your network administrator and he will help you out to fix it if there are any issues.
NOTE: Incase the google search doesn't return any results, it only means that google hasn't indexed anything pertaining to that specific search query which is good, security wise.


How do I add the button to Addon Bar ?

  • Open Firefox
  • Go to View >> AddonBar
  • Shortcut: Alt+(VTA)


How do I add the button to Toolbar ?

  • Open Firefox
  • Go to View >> Toolbars >> Customize
  • Shortcut: Alt+(VTC)


Feedback: Please let us know what you feel about the addon. You suggestions are valuable for us to make this even better. You can send your feedbacks to penzeal@gmail.com or post it as comments.


Advice: Love Open Source. Contribute More ! Let's give something back to the open source community in our own ways !


Disclaimer: The addon, HackSearch is intended to be used only to discover issues with the site/sites that you own so that you can secure it to an extend. Please make sure you are either the owner or someone authorised to test the site before you use it. We or the addon does not guarentee complete security against malicious users. The addon is only to be used as another aid to lessen the vulnerabilities associated with your sites. For complete security you would have to get your site security tested from a reputed security testing firm.

We or the addon do not guarentee the accuracy or security of the data returned from the third party sites such as www.google.com, www.intodns.com and www.robtext.com. We only serve as a redirecting agent and are not responsible in any way for any issues that might happen by browsing/searching in the sites. Please make sure you check the third party privacy policies and FAQ pages before testing your site.

Testing on unauthorised sites or editing the google results obtained from the addon search to show vulnerabilities of other affected sites and carrying forward by clicking on the links the can cause you to break the law. Neither the HackSearch addon nor the developers of it are responsible for what you do with it on the websites that you do not own and you are at your own risk.

By loading this page you agree to have read and understood everything mentioned in the disclaimer.

Thank you !

Posted by at 2 comments:
Subscribe to: Posts (Atom)