Subscribe by RSS RSS Icon
Follow me on Twitter Twitter Icon

Google - Hacker's Best Friend

Search engines have for a long time been a good helper of people trying to find sensitive information or vulnerabilities on the web. When you have a few billion documents indexed, it is inevitable some things that should remain private inadvertainly end up in public directories and get indexed, then its just a matter of writing a sufficiently creative search query to find that data.

Google search can be very useful tool for gathering information about the target system. It can be used to locate security vulnerability and misconfiguration. Google hacking on the other hand is the term used when a hacker tries to find vulnerable targets or sensitive data by using the Google search engine.


Here is a list of Google advanced search operators, operator combinations and related uses:

link: URL: lists other pages that link to the URL.
related: URL: lists other pages that related to the URL.
site: domain.com: restricts search results to the given domain.
allinurl: WORDS: shows only pages with all search term in the url.
inurl: WORDS: like allinurl but filters the URL based on the first term only.
allintitle:WORD: shows only results with terms in title.
intitle:WORD: similar to allintitle, but only for the next word.
cache:URL: will show the Google cached version of the URL.
backlink:URL: will show backlinks and pages containing the url.
filetype: SOMEFILETYPE: will restrict searches to that filetype.
-filetype: SOMEFILETYPE: will remove that file type from the search.
site: www.somesite.net"+www.somesite.net": shows you how many pages of your site are indexed by google.
allintext:: searches only within text of pages, but not in the links or page title
allinlinks:: searches only within links, not text or title
WordA OR WordB: search for either the word A or B.
"Word" OR "Phrase": search exact word or phrase.
WordA-WordB: find word A but filter results that include word B.
WordA+WordB: results much contain both Word A and Word B.
~WORD: looks up the word and its synonyms.
~WORD-WORD: looks up only the synonyms to the word.


Google hacking techniques:

Index of - Using “Index of ” syntax to find sites enabled with Index browsing

Index.of /admin
Index.of /passwd
Index.of /password
Index.of /mail
“Index of /” +passwd
“Index of /” +password.txt
“Index of /” +.htaccess
“Index of /secret”
“Index of /confidential”
“Index of /root”
“Index of /cgi-bin”
“Index of /credit-card”
“Index of /logs”
“Index of /config”

inurl or allinurl - Search google based on the url

inurl:admin filetype:txt
inurl:admin filetype:db
inurl:admin filetype:cfg
inurl:mysql filetype:cfg
inurl:passwd filetype:txt
inurl:iisadmin
inurl:auth_user_file.txt
inurl:orders.txt
inurl:”wwwroot/*.”
inurl:adpassword.txt
inurl:webeditor.php
inurl:file_upload.php
inurl:gov filetype:xls “restricted”

intitle or allintitle - Search google using the page title

intitle:”Index of” .sh_history
intitle:”Index of” .bash_history
intitle:”index of” passwd
intitle:”index of” people.lst
intitle:”index of” pwd.db
intitle:”index of” etc/shadow
intitle:”index of” spwd
intitle:”index of” master.passwd
intitle:”index of” htpasswd
intitle:”index of” members OR accounts
intitle:”index of” user_carts OR user_cart

allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov

Examples usage of google hacking techniques:

Remote Services:
"VNC Desktop" inurl:5800
intitle:"Terminal Services Web Connection"

PhpMyAdmin page
"phpMyAdmin" inurl:"main.php"

Sensitive information
site:mampu.gov.my filetype:pdf | doc | xls | ppt | txt
filetype:log inurl:"password.log"

Admin page
inurl:admin intitle:login

Music, Video or Ebooks
Find Music:
-inurl:(htm|html|php) intitle:"index of" + "last modified" + "parent directory" + description+size=(wma|mp3) "nirvana"

Find Videos:
-inurl(htm|html|php) intitle:"index of" + "last modified" + "parent directory" +description+size_(mpg|wmv) "matrix"

Find Ebooks:
-inurl(htm|html|php) intitle:"index of" + "last modified" + "parent directory" +description+size_(pdf|doc) "google hacking"

For more examples, you can visit google hacking database here:

Download Google Hacking for Penetration Testers Vol.2 here:

15 comments:

Mr.Hac said...

way to go bro..keep it up the good..i mean, the great works that u hv done..

i think it is better for me to learn hacking and PC things from you rather than learning it from forums..

yaah..you know it bro..every forums WILL and MUST have an 'OTAI' that will bash a newbie like me..they will show up their face and they will tell you who's the boss there..i'm done watching the forums and i think its enough..

this blog, dgodam's blog will be in a part of history bro..i hope u will always come with new things and i will support u from behind..

what ever it is, i think i have to research for a few weeks just to understand about this nu entry..hahaha..good job bro..well done.. :)

dgodam said...

thanks for the encouraging comment..i have gone thru that stage before...time aku dulu nak belajar lagi ler susah x byk resource cam sekarang ni...kalau ada pun masing2 simpan sendiri jer ilmu tu..whatever things i wrote here are based on my experience using the tools and techniques...cuma bahan2 ni tak properly structured i.e. tak follow the standard methodology...but if the materials here can benefit you than i'm more than happy already :)

alekhya said...

wonderful information, I had come to know about your blog from my friend nandu , hyderabad,i have read atleast 7 posts of yours by now, and let me tell you, your website gives the best and the most interesting information. This is just the kind of information that i had been looking for, i\'m already your rss reader now and i would regularly watch out for the new posts, once again hats off to you! Thanks a ton once again, Regards, atozlatestsongs free download
Thanks & Regards
V.Alekhya
http://atozlatestmp3.com/teri-rehmatein-2012-hindi-mp3-songs-free-download/

Sarkari Nakuri said...

nice blog Regards Sarkari Result

Sarkari Nakuri said...

All Sarkari Result and u can get the details about exam updates and results.

Akula Rahul said...

Jharkhand Labour Department Recruitment 2016


Awesome article, Thanking author for publishing useful post........

Sandya Kumari said...

Thanks for giving Sarkari Result Great article you write.

Govt Jobs said...

Great platform for those who are connected to government jobs and willing to prepare for competitive exams. Regular updates of the website is the key to success of this site. Thanks a lot.

sindhukk said...

Your site looking too good.. And your writing skills so good keep it up. Regards: Sarkari Result

Ram Leela said...

http://jntuinfo.in/

Akhila Mouli said...

Sarkari Recruitment is one of the biggest Indian Job Site so here you will getTPSC Jobs 2017so

sumer yadav said...

For popular jobs in India click Sarkari Result from here.

Reshma said...

Sarkari Recruitment is one of the biggest Indian Job Site so here you will getPGCIL Jobs 2017so

Kamlesh said...

very nice post ...thanks a lot ,,..this article is very helpful to me ...keep posting ...please write for SSC MTS Exam Result
Bihar Police Admit Card 2017

DSSSB Admit Card 2017

Railway Recruitment 2017

Vikash Sharma said...

very nice content,you can check your HTET Answer Key

 
Copyright Info.

Only for my personal reference. I do not own any of these materials here. Use it at your own risk!

XHTML/CSS validations
Valid XHTML 1.0 Transitional Valid CSS!