8/14/2019 Google Hacking - The Basics
1/32
Google Hacking - The Basics
Maniac
8/14/2019 Google Hacking - The Basics
2/32
Hacking - The Basics
What exactly is Google Hacking?
Google Hacking involves using the Google search engine to identifyvulnerabilities in websites.
8/14/2019 Google Hacking - The Basics
3/32
Hacking - The Basics
Ok, so you use Google to nd all of this stuff, but how do you?
Google supports a multitude of operators and modiers that add a ton ofpower to google searching.
8/14/2019 Google Hacking - The Basics
4/32
Hacking - The Basics
Mmmmmm....operators and modiers! I want them!
8/14/2019 Google Hacking - The Basics
5/32
Hacking - The Basics
cache:
Syntax: cache:URL [highlight]
The cache operator will search through googles cache and return theresults based on those documents. You can alternatively tell cache tohighlight a word or phrase by adding it after the operator and URL.
8/14/2019 Google Hacking - The Basics
6/32
Hacking - The Basics
link:
Syntax: link:URL
Sites that have a hyperlink to the URL specied will be returned in thesearch results.
8/14/2019 Google Hacking - The Basics
7/32
Hacking - The Basics
related:
Syntax: related:URL
The related operator will return results that are similar to the page that wasspecied.
8/14/2019 Google Hacking - The Basics
8/32
Hacking - The Basics
info:
Syntax: info:URL
This tag will give you the information that Google has on the given URL.
8/14/2019 Google Hacking - The Basics
9/32
Hacking - The Basics
site:
Syntax: site:Domain
This modier will restrict results to those sites within the domain given.
8/14/2019 Google Hacking - The Basics
10/32
Hacking - The Basics
allintitle:
Syntax: allintitle: oper1 [oper2] [oper3] [etc..]
Google will restrict the results to those that have all of the words enteredafter the modier within the title. NOTE: This modier does not play wellwith others.
8/14/2019 Google Hacking - The Basics
11/32
Hacking - The Basics
intitle:
Syntax: intitle:operator
Google will return only results that match the word or phrase entered afterthe modier within the title of the page.
8/14/2019 Google Hacking - The Basics
12/32
Hacking - The Basics
allinurl:
Syntax: allinurl: oper1 [oper2] [oper3] [etc...]
This modier is similar to allintitle: in that it will use the rest of the query andlook for all the words or phrases in the URL that was specied. NOTE: Alsolike allintitle:, this modier doesnt play well with others.
8/14/2019 Google Hacking - The Basics
13/32
Hacking - The Basics
inurl:
Syntax: inurl:operator
Here is the single operator version of allinurl:. Will return anything that hasthe operator in the URL.
8/14/2019 Google Hacking - The Basics
14/32
Hacking - The Basics
allintext:
Syntax: allintext: oper1 [oper2] [oper3] [etc...]
Just like not using any operators....
8/14/2019 Google Hacking - The Basics
15/32
Hacking - The Basics
intext:
Syntax: intext:operator
Ok, ok, Ill let you guess on this one.
8/14/2019 Google Hacking - The Basics
16/32
Hacking - The Basics
Are you done yet? That seemed like a lot, and what the hell was with all theapple stuff?
Almost there. Now its time to start mixing and matching these modiersand operators.
The four most commonly used will be intitle:, intext:, inurl:, and letype:
Also note, you can use OR and + and - signs.
8/14/2019 Google Hacking - The Basics
17/32
Hacking - The Basics
mixing in intext:, inurl:, and intitle: and looking for default drupal sites thathavent been congured yet.
-inurl:drupal.org intext:"Welcome to your new Drupal-powered website."intitle:drupal
8/14/2019 Google Hacking - The Basics
18/32
Hacking - The Basics
"display printer status" intitle:"Home"
8/14/2019 Google Hacking - The Basics
19/32
Hacking - The Basics
Whoa! a Xerox printer!
8/14/2019 Google Hacking - The Basics
20/32
Hacking - The Basics
"#mysql dump" letype:sql 21232f297a57a5a743894a0e4a801fc3
21232f297a57a5a743894a0e4a801fc3 is the MD5sum foradmin
8/14/2019 Google Hacking - The Basics
21/32
Hacking - The Basics
"Certicate Practice Statement" inurl:(PDF | DOC)
CAs are the formal requests that are made to get a Digital Certicate.
8/14/2019 Google Hacking - The Basics
22/32
Hacking - The Basics
"Network Vulnerability Assessment Report"
8/14/2019 Google Hacking - The Basics
23/32
Hacking - The Basics
"Thank you for your order" +receipt letype:pdf
8/14/2019 Google Hacking - The Basics
24/32
Hacking - The Basics
"robots.txt" + "Disallow:" letype:txt
8/14/2019 Google Hacking - The Basics
25/32
8/14/2019 Google Hacking - The Basics
26/32
Hacking - The Basics
"phone * * *" "address *" "e-mail" intitle:"curriculum vitae"
8/14/2019 Google Hacking - The Basics
27/32
Hacking - The Basics
"social security number" "phone * * * "address *" "e-mail *" intitle:"curriculumvitae" letype:pdf site:.edu
8/14/2019 Google Hacking - The Basics
28/32
Hacking - The Basics
ext:vmx vmx
8/14/2019 Google Hacking - The Basics
29/32
8/14/2019 Google Hacking - The Basics
30/32
Hacking - The Basics
letype:xls inurl:"email.xls"
8/14/2019 Google Hacking - The Basics
31/32
Hacking - The Basics
intitle:"Index of" nances.xls
8/14/2019 Google Hacking - The Basics
32/32