This document discusses Google hacking, which involves using various Google search operators to optimize search results and identify website vulnerabilities. It begins by defining Google hacking and listing some basic operators like "+" for inclusion, "-" for exclusion, and "*" as a wildcard. It then covers more advanced operators like "intitle:", "inurl:", and "filetype:" and provides examples. The document concludes by discussing mixing different operators and listing alternative resources for Google hacking techniques.
2. Contents
What is Google hacking?
Basic operators
Advanced operators
Mixing different operators
3. What is Google hacking?
It's not hacking into Google servers!
Google hacking is using different Google
operators to effectively optimize search results.
It also involves using Google to identify
vulnerabilities in websites.
Results are highly customizable.
4. Basic operators
• For inclusion of something common (+)
Words that are commonly used, like 'the,' 'a,' and 'for,' are usually
ignored (these are called stop words).
• Terms you want to exclude (-)
Anti-virus -software
Georgia -america -state
• Search for an exact term (“)
“enter your text here”
5. Basic operators cont.
• ( * ) any word (wild card)
If you include * within a query, it tells Google to try to treat the star
as a placeholder for any unknown term(s) and then find the best
matches.
Estonia parliament voted on the * bill
• ( | ) boolean ‘OR’
I'll let you guess this one on your own.
6. Advanced operators
Advanced operators use a syntax such as the
following:
operator:search_term
• There’s no space between the operator, the
colon, and the search term!
7. Advanced operators
Intitle:
Google returns results with the word/phrase found within the title
of the page
Intitle:index.of
Inurl:
Finds a specific term within the URL
Inurl:view/index.shtml
10. intitle:admin intitle:login
Search for phpMyAdmin installations that are
configured to run the MySQL database with root
privileges:
intitle:phpMyAdmin “Welcome to phpMyAdmin
***” “running on * as root@*”
11. Johnny I hack stuff
Most of this information was underground until
Johnny Long put it into public hands and
published the “google hacking database”
Last year he changed his website and started
doing charity work.
12. The old GHDB (last update 2006)
http://www.hackersforcharity.org/ghdb/
The new and up-to-date GHDB
http://www.exploit-db.com/google-dorks/