in the “Google Hacking” book. • For much more detail, I encourage you to check out. “Google Hacking for Penetration Testers” by Syngress. Publishing. Google search engine, techniques that have collectively been termed “Google hacking.” The intent of this paper is to educate web administrators and the. What is Google hacking? The purpose of Google Hacking is to leverage the vast amounts of data that are stored and indexed in search engines to produce.
|Language:||English, Spanish, Arabic|
|Distribution:||Free* [*Registration needed]|
Google Hacking. Making Competitive. Intelligence Work for You. Tom Bowers. President Philadelphia InfraGard. Managing Director, Security Constructs, LLC. Demystifying Google Hacks. By Debasis Mohanty. Introduction. I have been thinking of publishing this paper since long but due to lack of time I was not able to. Google Hacking Cheat Sheet. Advanced Querying. Query. Description & Example inurl: Value is contained somewhere in the url. Ex: “preventing ransomware.
Replicating these searches across various search engines is a good way to get a sense of those differences. As you explore these searches, you might locate some sensitive information, so it's a good idea to use the Tor Browser, if you can, and to refrain from downloading any files.
In addition to legal issues, it's good to keep in mind that random files on the internet sometimes contain malware. Always download with caution.
Importantly, the DuckDuckGo query does not return correct results. However, using the filetype operator on its own does return correct results, just not targeted to the dhs.
But using the ext operator, which serves the same purpose on DuckDuckGo does return results targeted to the dhs. You will have to investigate quirks like this as you proceed. Example 2: Finding passwords Searching for login and password information can be useful as a defensive dork.
Passwords are, in rare cases, clumsily stored in publicly accessible documents on webservers. Try the following dorks in different search engines: password filetype:doc site:Your site password filetype:docx site:Your site password filetype:pdf site:Your site password filetype:xls site:Your site In this case, the search engines again returned different results. When we tried this search without the "site:[Your site]" term, Google returned documents that contained actual usernames and passwords for a North American high school.
We have blocked out these results in the screenshot below, and notified the school that their data is vulnerable. The other search engines did not return this information on the first few pages of results. As you can see, both Yahoo and DuckDuckGo also returned some non-relevant results. This is to be expected when dorking: some queries work better than others.
You can find more ideas in this guide from the Center for Investigative Journalism. In the following section, we will share the dorks we found, and how they work across search engines. Dork It Yourself Below, is an updated list of the relevant dorks we identified as of March This list might not be exhaustive, but the operators below should help you get started.
DorkDorkGo We have included the most widely-used search engines in this analysis.
Now I will tell you some of the Google funny tricks…………. Trick 1 Type Google Gravity and click on I am feeling lucky. Trick 4 Type Google Hacker and click on I am feeling lucky. Trick 6 Type Google Sphere and click on I am feeling lucky. Trick 8 Type Google Ninja and click on I am feeling lucky.
Trick 10 Type Google Mentalplex and click on I am feeling lucky. Trick 12 Type Annonying Google and click on I am feeling lucky. These results, rather than being characteristic of the tool or method itself, instead rely on the intentions of those using googleDorking, the questions they are asking, and what they do with the results. Although you are free to search at-will on search engines, accessing certain webpages or downloading files from them can be a prosecutable offense, especially in the United States in accordance with the extremely vague and overreaching Computer Fraud and Abuse Act CFAA.
Moreover, if you're dorking in a country with heavy internet surveillance i. As protection, we recommend using the Tor Browser or Tails when googleDorking on any search engine.
Tor masks your internet traffic, divorcing your computer's identifying information from the webpages that you are accessing. Using Tor will often make your searches more difficult. If your Tor exit node has recently been overrun with bots, search engines might block your searches entirely. In this case, you should refresh your Tor circuit until you connect to an exit node that's not blacklisted.
Please note that, depending on what country you are in, using Tor might flag your online activity as suspicious.
This is a risk you must be wiling to take when using Tor, though you can mitigate that risk to some extent by using a Tor Bridge with an obfuscated pluggable transport. Unless your are specifically targeted by an advanced attack, however, the Tor Browser is quite good at preventing anyone from associating your online identity with the websites you visit or the search terms you enter.
If you can not use Tor, you might want to find a VPN provider that you trust and use it with a privacy-aware search engine, such as DuckDuckGo.
If you decide to proceed with an investigation that involves googleDorking, the remainder of this guide will help you get started and provide a comparison of supported dorks across search engines as of March Dorking can be employed across various search engines, not just on Google.
In everyday use, search engines like Google, Bing, Yahoo, and DuckDuckGo accept a search term, or a string of search terms and return matching results. But search engines are also programmed to accept more advanced operators that refine those search terms. An operator is a key word or phrase that has particular meaning for the search engine.
Each operator is followed by a colon which is followed by the relevant term or terms with no space before or after the colon.
A googleDork is just a search that uses one or more of these advanced techniques to reveal something interesting. These operators allow a search to target more specific information, such as certain strings of text in the body of a website or files hosted on a given url. Among other things, a googleDorker can locate hidden login pages, error messages that give away too much information and files that a website administrator might not realise are publicly accessible.
Not all advanced search techniques rely on operators. For example, including quotation marks around text prompts the engine to search for only the exact phrase in quotes. This googleDork will search https: A similar search on https: You can use more than one operator, and the order generally does not matter.
However, if your search isn't working, it wouldn't hurt to switch around operator names and test out the different results. There are many existing googleDork operators, and they vary across search engines. To give you a general idea of what can be found, we have included four dorks below.
Even if two search engines support the same operators, they often return different results. Replicating these searches across various search engines is a good way to get a sense of those differences. As you explore these searches, you might locate some sensitive information, so it's a good idea to use the Tor Browser, if you can, and to refrain from downloading any files.