Google Hacking

Google Hacking - The Basics
Maniac
Hacking - The Basics
• What exactly is Google Hacking?
• Google Hacking involves using the Google search engine to identify
vulnerabilities in websites.
Hacking - The Basics
• Ok, so you use Google to find all of this stuff, but how do you?
• Google supports a multitude of operators and modifiers that add a ton of
power to google searching.
Hacking - The Basics
• Mmmmmm....operators and modifiers! I want them!
Hacking - The Basics
• cache:
• Syntax: cache:URL [highlight]
• The cache operator will search through google’s cache and return the
results based on those documents. You can alternatively tell cache to
highlight a word or phrase by adding it after the operator and URL.
Hacking - The Basics
• link:
• Syntax: link:URL
• Sites that have a hyperlink to the URL specified will be returned in the
search results.
Hacking - The Basics
• related:
• Syntax: related:URL
• The related operator will return results that are “similar” to the page that was
specified.
Hacking - The Basics
• info:
• Syntax: info:URL
• This tag will give you the information that Google has on the given URL.
Hacking - The Basics
• site:
• Syntax: site:Domain
• This modifier will restrict results to those sites within the domain given.
Hacking - The Basics
• allintitle:
• Syntax: allintitle: oper1 [oper2] [oper3] [etc..]
• Google will restrict the results to those that have all of the words entered
after the modifier within the title. NOTE: This modifier does not play well
with others.
Hacking - The Basics
• intitle:
• Syntax: intitle:operator
• Google will return only results that match the word or phrase entered after
the modifier within the title of the page.
Hacking - The Basics
• allinurl:
• Syntax: allinurl: oper1 [oper2] [oper3] [etc...]
• This modifier is similar to allintitle: in that it will use the rest of the query and
look for all the words or phrases in the URL that was specified. NOTE: Also
like allintitle:, this modifier doesn’t play well with others.
Hacking - The Basics
• inurl:
• Syntax: inurl:operator
• Here is the single operator version of allinurl:. Will return anything that has
the operator in the URL.
Hacking - The Basics
• allintext:
• Syntax: allintext: oper1 [oper2] [oper3] [etc...]
• Just like not using any operators....
Hacking - The Basics
• intext:
• Syntax: intext:operator
• Ok, ok, I’ll let you guess on this one.
Hacking - The Basics
• Are you done yet? That seemed like a lot, and what the hell was with all the
apple stuff?
• Almost there. Now its time to start mixing and matching these modifiers
and operators.
• The four most commonly used will be intitle:, intext:, inurl:, and filetype:
• Also note, you can use OR and + and - signs.
Hacking - The Basics
• mixing in intext:, inurl:, and intitle: and looking for default drupal sites that
haven’t been configured yet.
• -inurl:drupal.org intext:"Welcome to your new Drupal-powered website."
intitle:drupal
Hacking - The Basics
• "display printer status" intitle:"Home"
Hacking - The Basics
• Whoa! a Xerox printer!
Hacking - The Basics
• "#mysql dump" filetype:sql 21232f297a57a5a743894a0e4a801fc3
21232f297a57a5a743894a0e4a801fc3 is the MD5sum for
admin
Hacking - The Basics
• "Certificate Practice Statement" inurl:(PDF | DOC)
CAs are the formal requests that are made to get a Digital Certificate.
Hacking - The Basics
• "Network Vulnerability Assessment Report"
Hacking - The Basics
• "Thank you for your order" +receipt filetype:pdf
Hacking - The Basics
• "robots.txt" + "Disallow:" filetype:txt
Hacking - The Basics
• "phpMyAdmin" "running on" inurl:"main.php"
Hacking - The Basics
• "phone * * *" "address *" "e-mail" intitle:"curriculum vitae"
Hacking - The Basics
• "social security number" "phone * * *“ "address *" "e-mail *" intitle:"curriculum
vitae" filetype:pdf site:.edu
Hacking - The Basics
• ext:vmx vmx
Hacking - The Basics
• filetype:QBW qbw
Hacking - The Basics
• filetype:xls inurl:"email.xls"
Hacking - The Basics
• intitle:"Index of" finances.xls
Hacking - The Basics
• WOW! That was a lot of good finds! Where can I find more info on
googlehacking...