Scribd
Upload
715 views

Google Hacking - The Basics

Google hacking involves using Google search operators and modifiers to identify vulnerabilities on websites. The document provides examples of common operators like cache:, link:, related:, and site: and shows how to combine them to search for things like unconfigured Drupal sites, printer status pages, SQL dumps, network assessments, and more private files. It recommends the johnny.ihackstuff.com website for more information on advanced Google hacking techniques.

Uploaded by

deni33
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
715 views

Google Hacking - The Basics

Google hacking involves using Google search operators and modifiers to identify vulnerabilities on websites. The document provides examples of common operators like cache:, link:, related:, and site: and shows how to combine them to search for things like unconfigured Drupal sites, printer status pages, SQL dumps, network assessments, and more private files. It recommends the johnny.ihackstuff.com website for more information on advanced Google hacking techniques.

Uploaded by

deni33
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 32

Google Hacking - The Basics

Maniac
Hacking - The Basics

• What exactly is Google Hacking?

• Google Hacking involves using the Google search engine to identify


vulnerabilities in websites.
Hacking - The Basics

• Ok, so you use Google to find all of this stuff, but how do you?

• Google supports a multitude of operators and modifiers that add a ton of


power to google searching.
Hacking - The Basics

• Mmmmmm....operators and modifiers! I want them!


Hacking - The Basics

• cache:

• Syntax: cache:URL [highlight]

• The cache operator will search through google’s cache and return the
results based on those documents. You can alternatively tell cache to
highlight a word or phrase by adding it after the operator and URL.
Hacking - The Basics

• link:

• Syntax: link:URL

• Sites that have a hyperlink to the URL specified will be returned in the
search results.
Hacking - The Basics

• related:

• Syntax: related:URL

• The related operator will return results that are “similar” to the page that was
specified.
Hacking - The Basics

• info:

• Syntax: info:URL

• This tag will give you the information that Google has on the given URL.
Hacking - The Basics

• site:

• Syntax: site:Domain

• This modifier will restrict results to those sites within the domain given.
Hacking - The Basics

• allintitle:

• Syntax: allintitle: oper1 [oper2] [oper3] [etc..]

• Google will restrict the results to those that have all of the words entered
after the modifier within the title. NOTE: This modifier does not play well
with others.
Hacking - The Basics

• intitle:

• Syntax: intitle:operator

• Google will return only results that match the word or phrase entered after
the modifier within the title of the page.
Hacking - The Basics

• allinurl:

• Syntax: allinurl: oper1 [oper2] [oper3] [etc...]

• This modifier is similar to allintitle: in that it will use the rest of the query and
look for all the words or phrases in the URL that was specified. NOTE: Also
like allintitle:, this modifier doesn’t play well with others.
Hacking - The Basics

• inurl:

• Syntax: inurl:operator

• Here is the single operator version of allinurl:. Will return anything that has
the operator in the URL.
Hacking - The Basics

• allintext:

• Syntax: allintext: oper1 [oper2] [oper3] [etc...]

• Just like not using any operators....


Hacking - The Basics

• intext:

• Syntax: intext:operator

• Ok, ok, I’ll let you guess on this one.


Hacking - The Basics

• Are you done yet? That seemed like a lot, and what the hell was with all the
apple stuff?

• Almost there. Now its time to start mixing and matching these modifiers
and operators.

• The four most commonly used will be intitle:, intext:, inurl:, and filetype:

• Also note, you can use OR and + and - signs.


Hacking - The Basics

• mixing in intext:, inurl:, and intitle: and looking for default drupal sites that
haven’t been configured yet.

• -inurl:drupal.org intext:"Welcome to your new Drupal-powered website."


intitle:drupal
Hacking - The Basics

• "display printer status" intitle:"Home"


Hacking - The Basics

• Whoa! a Xerox printer!


Hacking - The Basics

• "#mysql dump" filetype:sql 21232f297a57a5a743894a0e4a801fc3

21232f297a57a5a743894a0e4a801fc3 is the MD5sum for


admin
Hacking - The Basics

• "Certificate Practice Statement" inurl:(PDF | DOC)

CAs are the formal requests that are made to get a Digital Certificate.
Hacking - The Basics

• "Network Vulnerability Assessment Report"


Hacking - The Basics

• "Thank you for your order" +receipt filetype:pdf


Hacking - The Basics

• "robots.txt" + "Disallow:" filetype:txt


Hacking - The Basics

• "phpMyAdmin" "running on" inurl:"main.php"


Hacking - The Basics

• "phone * * *" "address *" "e-mail" intitle:"curriculum vitae"


Hacking - The Basics

• "social security number" "phone * * *“ "address *" "e-mail *" intitle:"curriculum


vitae" filetype:pdf site:.edu
Hacking - The Basics

• ext:vmx vmx
Hacking - The Basics

• filetype:QBW qbw
Hacking - The Basics

• filetype:xls inurl:"email.xls"
Hacking - The Basics

• intitle:"Index of" finances.xls


Hacking - The Basics

• WOW! That was a lot of good finds! Where can I find more info on
googlehacking?

• http://johnny.ihackstuff.com

You might also like