Karl.Fail

Using Brave Search Goggles for Recon

Written by

Karl

in

on

(Last update:

)

Introduction

The world’s most potent OSINT (Open Source Intelligence) tools are search engines. They collect, index, and aggregate all the freely available information on the internet, essentially encapsulating the world’s knowledge. Nowadays, the ability to enter a topic in a search bar and receive results within milliseconds is often taken for granted. Personally, I’ve developed a profound appreciation for this technology by constructing my own search engines from scratch using Golang. But let’s dive into our topic – have you ever tried Googling your own name?

Today, I want to shine a light on Brave Search (Brave Search docs). In 2022, Brave introduced a remarkable yet underappreciated feature known as Goggles. Described on the Brave Goggles website as follows:

Goggles allow you to choose, alter, or extend the ranking of Brave Search results. Goggles are openly developed by the community of Brave Search users.

Here’s a straightforward example:

$boost=1,site=facebook.com

This essentially boosts search results found on the facebook.com domain, elevating them higher in the results. The syntax is straightforward and limited; you can find an overview here.

Pattern Matching:

  • Plain-text pattern matching in URLs: /this/is/a/pattern
  • Globbing capabilities using ’*’ to match zero, one, or more characters: /this/is/*/pattern
  • Use of ’^’ to match URL delimiters or end-of-URL: /this/is/a/pattern^

Anchoring:

  • Use of ’|’ character for prefix or suffix matches in URLs.
    • Prefix: |https://en.
    • Suffix: /some/path.html|

Options:

  • ‘site=’ option to limit instructions to specific websites based on their domain: $site=brave.com

Actions:

  • ‘boost’: Boost the ranking of matched results: /r/brave_browser/$boost or $boost=4,site=test.de
  • ‘downrank’: Downrank the ranking of matched results: /r/google/$downrank
  • ‘discard’: Completely discard matched results: /this/is/spam/$discard

Strength of Actions:

  • Adjust the strength of boosting or downranking actions (limited to a maximum value of 10): /r/brave_browser/$boost=3

Combining Instructions:

  • Combine multiple instructions to express complex reranking functions with a comma ”,”: /hacking/$boost=3,site=github.com

Finding Goggles

Now that you have a basic idea of how to construct Goggles, you can find prebuilt ones here.

A search for “osint” reveals my very own creation, the world’s first public 🎉 OSINT Goggle.

When building your own Goggle, it needs to be hosted on GitHub or Gitlab. I host mine here on GitHub.

DACH OSINT Goggle

Here’s my code:

! name: DACH OSINT
! description: OSINT Goggle for the DACH (Germany, Austria, and Switzerland) Region. Find out more on my blog [exploit.to](https://exploit.to/)
! public: true
! author: StasonJatham
! avatar: #ec4899

! German Platforms
$boost=4,site=telefonbuch.de
$boost=4,site=dastelefonbuch.de
$boost=4,site=northdata.de
$boost=4,site=unternehmensregister.de
$boost=4,site=firmen.wko.at

! Small boost for social media
$boost=1,site=facebook.com
$boost=1,site=twitter.com
$boost=1,site=linkedin.com
$boost=1,site=xing.com

! Online reviews
$boost=2,site=tripadvisor.de
$boost=2,site=tripadvisor.at
$boost=2,site=tripadvisor.ch

! Personal/Business contact information, path boost
/kontakt*$boost=3
/datenschutz*$boost=3
/impressum*$boost=3

! General boost, words included in pages
*mail*$boost=1,site=de
*mail*$boost=1,site=at
*mail*$boost=1,site=ch
*adresse*$boost=1,site=de
*adresse*$boost=1,site=at
*adresse*$boost=1,site=ch
*verein*$boost=1

! Personal email
*gmx*$boost=1
*web*$boost=1
*t-online*$boost=1
*gmail*$boost=1
*yahoo*$boost=1
*Postadresse*$boost=1

I believe it’s self-explanatory; the aim is to prioritize results that commonly contain personal information. However, it’s still a work in progress, and I plan to add more filters to these rules.

Rule Development

Rant Alert: Developing these rules can be quite frustrating. You have to push your rule to GitHub, then enter the URL in the Goggle upload and hope that you don’t encounter any cached results. The error messages received are often useless; most of the time, you just get something like “cannot compile.” In the future, I earnestly hope for an online editor or VSCode support. If the frustration persists, I might consider building it myself. Despite these challenges, writing these rules is generally straightforward.

Future

I hope the Brave team prioritizes this feature, and more people embrace it. They’ve hinted at more advanced filter rules akin to those found on Google, such as “intitle,” which, in my opinion, would make this the most powerful search engine on the planet.

I also intend to focus on malware research, aiming to refine searches to uncover information about whether a particular file, domain, or email is known to be malicious.

Please take a look at my Goggle and try it out for yourself. Provide feedback, spread the word, and create your own Goggles to give this feature the love it deserves.

The title image is by Brave Software, Inc.  on Brave Search 

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *


More posts