Full Google Hacking
Operators are used to refine the results and to maximize the search value. They are your tools as well as ethical hackers’ weapons
Basic Operators:
+, -, ~ , ., *, “”, |,
OR
Advanced Operators:
allintext:, allintitle:, allinurl:, bphonebook:, cache:, define:, filetype:, info:, intext:, intitle:, inurl:, link:, phonebook:, related:, rphonebook:, site:, numrange:, daterange
Basic Operators !!
Basic Operators:
+, -, ~ , ., *, “”, |,
OR
Advanced Operators:
allintext:, allintitle:, allinurl:, bphonebook:, cache:, define:, filetype:, info:, intext:, intitle:, inurl:, link:, phonebook:, related:, rphonebook:, site:, numrange:, daterange
Basic Operators !!
(+) force inclusion of something common
Google ignores common words (where, how, digit, single letters) by default:
Example: StarStar Wars Episode +I
(-) exclude a search term
Example: apple –red
(“) use quotes around a search term to search exact phrases:
Example: “Robert Masse”
Robert masse without “” has the 309,000 results, but “robert masse” only has 927 results. Reduce the 99% irrelevant results
Basic Operators
(~) search synonym:
Example: ~food
Return the results about food as well as recipe, nutrition and cooking information
( . ) a single-character wildcard:
Example: m.trix
Return the results of M@trix, matrix, metrix…….
( * ) any word wildcard
Advanced Operators: “Site:”
Site: Domain_name
Find Web pages only on the specified domain. If we search a specific site, usually we get the Web structure of the domain
Examples:
site:http://shaswat.bravehost.com
Advanced Operators: “Filetype:”
Filetype: extension_type
Find documents with specified extensions
The supported extensions are:
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt)
- Adobe Portable Document Format (pdf) - Microsoft Word (doc)
- Adobe PostScript (ps) - Microsoft Works (wks, wps, wdb)
- Lotus 1-2-3 - Microsoft Excel (xls)
(wk1, wk2, wk3, wk4, wk5, wki, wks, wku) - Microsoft Write (wri)
- Lotus WordPro (lwp) - Rich Text Format (rtf)
- MacWrite (mw) - Shockwave Flash (swf)
- Text (ans, txt)
Note: We actually can search asp, php and cgi, pl files as long as it is text-compatible.
Example: Budget filetype: xls
Advanced Operators “Intitle:”
Intitle: search_term
Find search term within the title of a Webpage
Allintitle: search_term1 search_term2 search_term3
Find multiple search terms in the Web pages with the title that includes all these words
These operators are specifically useful to find the directory lists
Example:
Find directory list:
Intitle: Index.of “parent directory”
Advanced Operators “Inurl:”
Inurl: search_term
Find search term in a Web address
Allinurl: search_term1 search_term2 search_term3
Find multiple search terms in a Web address
Examples:
Inurl: cgi-bin
Allinurl: cgi-bin password
Advanced Operators “Intext;”
Intext: search_term
Find search term in the text body of a document.
Allintext: search_term1 search_term2 search_term3
Find multiple search terms in the text body of a document.
Examples:
Intext: Administrator login
Allintext: Administrator login
Advanced Operators: “Cache:”
Cache: URL
Find the old version of Website in Google cache
Sometimes, even the site has already been updated, the old information might be found in cache
Examples:
Cache: http://shaswat.bravehost.com
Advanced Operators
Conduct a number range search by specifying two numbers, separated by two periods, with no spaces. Be sure to specify a unit of measure or some other indicator of what the number range represents
Examples:
Computer $500..1000
DVD player $250..350
Advanced Operators: “Daterange:”
Daterange: -
Find the Web pages between start date and end date
Note: start_date and end date use the Julian date
The Julian date is calculated by the number of days since January 1, 4713 BC. For example, the Julian date for August 1, 2001 is 2452122
Examples:
2004.07.10=2453196
2004.08.10=2453258
Vulnerabilities date range: 2453196-2453258
Advanced Operators “Link:”
Link: URL
Find the Web pages having a link to the specified URL
Related: URL
Find the Web pages that are “similar” to the specified Web page
info: URL
Present some information that Google has about that Web page
Define: search_term
Provide a definition of the words gathered from various online sources
Examples:
Link: shaswat.bravehost.com
Related: shaswat.bravehost.com
Info: shaswat.bravehost.com
Define: Network security
Advanced Operators “phonebook:”
Phonebook
Search the entire Google phonebook
rphonebook
Search residential listings only
bphonebook
Search business listings only
Examples:
Phonebook: robert las vegas (robert in Las Vegas)
Phonebook: (702) 944-2001 (reverse search, not always work)
The phonebook is quite limited to U.S.A
But the Question rises What can Google can do for an Ethical Hacker?
Search sensitive information like payroll, SIN, even the personal email box
Vulnerabilities scanner
Transparent proxy
So how but if i tell u a different way to search
k lets do this type in the following statements n c d results
we can only provide u the guidelines, now u need to implement your Creativity to Keep it rolling.
http://shaswat.bravehost.com
Salary
Salary filetype: xls site: edu
Security social insurance number
Intitle: Payroll intext: ssn filetype: xls site: edu
Security Social Insurance Number
Payroll intext: Employee intext: ssn Filetype: xls
Filetype: xls “checking account” “credit card” - intext: Application -intext:
Form (only 39 results)
Financial Information
Intitle: “Index of” finances.xls (9)
Personal Mailbox
Intitle: Index.of inurl: Inbox (inurl: User OR inurl: Mail) (220)
Confidential Files
“not for distribution” confidential (1,760)
Confidential Files
“not for distribution” confidential filetype: pdf (marketing info) (456)
OS Detection
Use the keywords of the default installation page of a Web server to search.
Use the title to search
Use the footer in a directory index page
OS Detection-Windows
“Microsoft-IIS/5.0 server at”
OS Detection - Windows
Default web page?
Intitle: “Welcome to Windows 2000 Internet Services” IIS 5.0
OS Detection –Apache 1.3.11-1.3.26
Intitle: Test.Page.for.Apache seeing.this.instead
OS Detection-Apache SSL enable
Intitle: Test.page “SSL/TLS-aware” (127)
Search Passwords
Search the well known password filenames in URL
Search the database connection files or configuration files to find a password and username
Search specific username file for a specific product
Search Passwords
Inurl: etc inurl: passwd
Search Passwords
Intitle: “Index of..etc” passwd
Search Passwords
Intitle: “Index of..etc” passwd
Search Passwords
Inurl: admin.pwd filetype: pwd
Search Passwords
Filetype: inc dbconn
Search Passwords
Filetype: inc intext: mysql_connect
Search Passwords
File type: ini +ws_ftp +pwd (get the encrypted passwords)
Search Passwords
File type: log inurl: “password.log”
Search Username
+intext: "webalizer" +intext: “Total Usernames” +intext: “Usage Statistics for”
License Key
Filetype: lic lic intext: key (33) (license key)
Sensitive Directories Listing
Powerful buzz word: Index of
Search the well known vulnerable directories names
Sensitive Directories Listing
“index of cgi-bin” (3590)
Sensitive Directories Listing
Intitle: “Index of” cfide (coldfusion directory)
Sensitive Directories Listing
Intitle: index.of.winnt
Get the serial number you need ! (For Certain Things)
1) Go to Google.
2) Use Keyword as "Product name" 94FBR
3) Where, "Product Name" is the name of the item you want to find the serial number for.
4) And voila - there you go - the serial number you needed.
HOW DOES THIS WORK?
Quite simple really. 94FBR is part of a Office 2000 Pro cd key that is widely distributed as it bypasses the activation requirements of Office 2K Pro. By searching for the product name and 94fbr, you guarantee two things. 1) The pages that are returned are pages dealing specifically with the product you're wanting a serial for. 2) Because 94FBR is part of a serial number, and only part of a serial number, you guarantee that any page being returned is a serial number list page.
See these example searches:
Code:
"Photoshop 7"+94FBR
"Age of Mythology"+94FBR
"Nero Burning Rom 5.5"+94FBR
Google ignores common words (where, how, digit, single letters) by default:
Example: StarStar Wars Episode +I
(-) exclude a search term
Example: apple –red
(“) use quotes around a search term to search exact phrases:
Example: “Robert Masse”
Robert masse without “” has the 309,000 results, but “robert masse” only has 927 results. Reduce the 99% irrelevant results
Basic Operators
(~) search synonym:
Example: ~food
Return the results about food as well as recipe, nutrition and cooking information
( . ) a single-character wildcard:
Example: m.trix
Return the results of M@trix, matrix, metrix…….
( * ) any word wildcard
Advanced Operators: “Site:”
Site: Domain_name
Find Web pages only on the specified domain. If we search a specific site, usually we get the Web structure of the domain
Examples:
site:http://shaswat.bravehost.com
Advanced Operators: “Filetype:”
Filetype: extension_type
Find documents with specified extensions
The supported extensions are:
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt)
- Adobe Portable Document Format (pdf) - Microsoft Word (doc)
- Adobe PostScript (ps) - Microsoft Works (wks, wps, wdb)
- Lotus 1-2-3 - Microsoft Excel (xls)
(wk1, wk2, wk3, wk4, wk5, wki, wks, wku) - Microsoft Write (wri)
- Lotus WordPro (lwp) - Rich Text Format (rtf)
- MacWrite (mw) - Shockwave Flash (swf)
- Text (ans, txt)
Note: We actually can search asp, php and cgi, pl files as long as it is text-compatible.
Example: Budget filetype: xls
Advanced Operators “Intitle:”
Intitle: search_term
Find search term within the title of a Webpage
Allintitle: search_term1 search_term2 search_term3
Find multiple search terms in the Web pages with the title that includes all these words
These operators are specifically useful to find the directory lists
Example:
Find directory list:
Intitle: Index.of “parent directory”
Advanced Operators “Inurl:”
Inurl: search_term
Find search term in a Web address
Allinurl: search_term1 search_term2 search_term3
Find multiple search terms in a Web address
Examples:
Inurl: cgi-bin
Allinurl: cgi-bin password
Advanced Operators “Intext;”
Intext: search_term
Find search term in the text body of a document.
Allintext: search_term1 search_term2 search_term3
Find multiple search terms in the text body of a document.
Examples:
Intext: Administrator login
Allintext: Administrator login
Advanced Operators: “Cache:”
Cache: URL
Find the old version of Website in Google cache
Sometimes, even the site has already been updated, the old information might be found in cache
Examples:
Cache: http://shaswat.bravehost.com
Advanced Operators
Conduct a number range search by specifying two numbers, separated by two periods, with no spaces. Be sure to specify a unit of measure or some other indicator of what the number range represents
Examples:
Computer $500..1000
DVD player $250..350
Advanced Operators: “Daterange:”
Daterange: -
Find the Web pages between start date and end date
Note: start_date and end date use the Julian date
The Julian date is calculated by the number of days since January 1, 4713 BC. For example, the Julian date for August 1, 2001 is 2452122
Examples:
2004.07.10=2453196
2004.08.10=2453258
Vulnerabilities date range: 2453196-2453258
Advanced Operators “Link:”
Link: URL
Find the Web pages having a link to the specified URL
Related: URL
Find the Web pages that are “similar” to the specified Web page
info: URL
Present some information that Google has about that Web page
Define: search_term
Provide a definition of the words gathered from various online sources
Examples:
Link: shaswat.bravehost.com
Related: shaswat.bravehost.com
Info: shaswat.bravehost.com
Define: Network security
Advanced Operators “phonebook:”
Phonebook
Search the entire Google phonebook
rphonebook
Search residential listings only
bphonebook
Search business listings only
Examples:
Phonebook: robert las vegas (robert in Las Vegas)
Phonebook: (702) 944-2001 (reverse search, not always work)
The phonebook is quite limited to U.S.A
But the Question rises What can Google can do for an Ethical Hacker?
Search sensitive information like payroll, SIN, even the personal email box
Vulnerabilities scanner
Transparent proxy
So how but if i tell u a different way to search
k lets do this type in the following statements n c d results
we can only provide u the guidelines, now u need to implement your Creativity to Keep it rolling.
http://shaswat.bravehost.com
Salary
Salary filetype: xls site: edu
Security social insurance number
Intitle: Payroll intext: ssn filetype: xls site: edu
Security Social Insurance Number
Payroll intext: Employee intext: ssn Filetype: xls
Filetype: xls “checking account” “credit card” - intext: Application -intext:
Form (only 39 results)
Financial Information
Intitle: “Index of” finances.xls (9)
Personal Mailbox
Intitle: Index.of inurl: Inbox (inurl: User OR inurl: Mail) (220)
Confidential Files
“not for distribution” confidential (1,760)
Confidential Files
“not for distribution” confidential filetype: pdf (marketing info) (456)
OS Detection
Use the keywords of the default installation page of a Web server to search.
Use the title to search
Use the footer in a directory index page
OS Detection-Windows
“Microsoft-IIS/5.0 server at”
OS Detection - Windows
Default web page?
Intitle: “Welcome to Windows 2000 Internet Services” IIS 5.0
OS Detection –Apache 1.3.11-1.3.26
Intitle: Test.Page.for.Apache seeing.this.instead
OS Detection-Apache SSL enable
Intitle: Test.page “SSL/TLS-aware” (127)
Search Passwords
Search the well known password filenames in URL
Search the database connection files or configuration files to find a password and username
Search specific username file for a specific product
Search Passwords
Inurl: etc inurl: passwd
Search Passwords
Intitle: “Index of..etc” passwd
Search Passwords
Intitle: “Index of..etc” passwd
Search Passwords
Inurl: admin.pwd filetype: pwd
Search Passwords
Filetype: inc dbconn
Search Passwords
Filetype: inc intext: mysql_connect
Search Passwords
File type: ini +ws_ftp +pwd (get the encrypted passwords)
Search Passwords
File type: log inurl: “password.log”
Search Username
+intext: "webalizer" +intext: “Total Usernames” +intext: “Usage Statistics for”
License Key
Filetype: lic lic intext: key (33) (license key)
Sensitive Directories Listing
Powerful buzz word: Index of
Search the well known vulnerable directories names
Sensitive Directories Listing
“index of cgi-bin” (3590)
Sensitive Directories Listing
Intitle: “Index of” cfide (coldfusion directory)
Sensitive Directories Listing
Intitle: index.of.winnt
Get the serial number you need ! (For Certain Things)
1) Go to Google.
2) Use Keyword as "Product name" 94FBR
3) Where, "Product Name" is the name of the item you want to find the serial number for.
4) And voila - there you go - the serial number you needed.
HOW DOES THIS WORK?
Quite simple really. 94FBR is part of a Office 2000 Pro cd key that is widely distributed as it bypasses the activation requirements of Office 2K Pro. By searching for the product name and 94fbr, you guarantee two things. 1) The pages that are returned are pages dealing specifically with the product you're wanting a serial for. 2) Because 94FBR is part of a serial number, and only part of a serial number, you guarantee that any page being returned is a serial number list page.
See these example searches:
Code:
"Photoshop 7"+94FBR
"Age of Mythology"+94FBR
"Nero Burning Rom 5.5"+94FBR
Comments
Post a Comment