SlideShare a Scribd company logo

Introduction to google hacking database

Download as PPTX, PDF
I
imthebeginner

Tips and tricks on using google to search effectively and getting the expected results is google hacking. Also, hackers use google hacking skills to find private information that present in the web. Like live web camera, web application vulnerabilities, software version and many more.

Technology
1 of 25
By Sathish Kumar S
When we searching in google,  We are not actually searching the web  Searching google’s index of the web  Indexing is done in google with a software program called “Spiders”.  Spider collects every links in a particular webpage and the webpages where the links lead to and it goes on and on…
 Once after spidering, there created a big chunk of data which is the index.  Once the search term is entered, google checks in the index for several criteria and shows the results.  How many times the search keywords used.  Whether it is present in title and the url.  Does the page have synonyms and good PR.
 GH is not about hacking Google itself.  Google, a powerful searching engine as we all know.  GH is all about tips and tricks to get more out of a google search.  GH is used to search and locate security vulnerabilities on poorly constructed web application on the internet.
 GH is used by hackers to pull sensitive information like credit card information.  GH helps us to highly customize the search results.
Two types: 1. Basic operators 2. Advanced operators
 “ ” double quotes : Exact phrases  - Minus : Excludes the keyword or value  + Add : Includes the keyword or value  . Dot : Single character wildcard  .. Num range : Creates a number range b/w 2  * Asterisk : Place holder to any unknown term  ~ Tilde : Synonyms of the keyword  ..and more available.
 Define – shows the definition of the word  Related – Shows related websites  Similar – Shows similar websites  Cache – Shows the cache of a webpage  Info – Shows the information about a web address  Filetype – Finds specific format in the web  Inurl – Searches the keyword in the url  Intitle – searches the keyword in the title  …
 Site: searches in the particular website  ..and more  The best use of advanced operators are utilized when multiple operators are combined in a search.  Ex: female designer intitle:"resume" filetype:pdf
 Directory Listing 1. intitle:index.of server.at 2. intitle:index.of server.at site:microsoft.com 3. intitle:index.of “parent directory” 4. intitle:index.of name size
 "PHP Version" intitle:phpinfo inurl:info.php
 ext:log inurl:password
 "create table" "insert into" "pass|passwd|password" (ext:sql | ext:dump | ext:dmp)
 inurl:/view.shtml Mostly security cameras, car parks, colleges etc.  inurl:/view/index.shtml Mostly security cameras, airports, car parks, back gardens, traffic cams etc.  inurl:viewerframe?mode= Network cameras, mostly private webcams etc.  inurl:”viewerframe?mode=motion” Network cameras  inurl:ViewerFrame?Mode=RefreshMostly security cameras, parks, bird tables etc.
 intitle:index.of passwd passwd.bak  intitle:phpinfo "PHP Version"  "supplied argument is not a valid MySQL result resource“  intitle:index.of robots.txt  index.of passlist (plaintext passwords)  index.of.private (dir marked as private)  index.of.secure  index.of.protected  …
 index.of.password (dir named passwords)  filetype:xls username password email  site:edu admin grades  allinurl:auth_user_file.txt  inurl:config.php dbuname dbpass  e-mail address filetype:csv csv  filetype:QDF QDF  inurl:"/becommunity/community/in dex.php?pageurl=“  ext:yml database inurl:config (Ruby on rails config files)
 The robots.txt file contains "rules" about where web spiders are allowed (and NOT allowed) to look in a website's directory structure. Without over-complicating things, this means that the robots.txt file gives a miniroadmap of what's somewhat public and what's considered more private on a web site. Have a look at the robots.txt file itself, it contains interesting stuff.However, don't forget to check out the other files in these directories since they are usually at the top directory level of the web server!
◦ The idea behind a Google Hack Honeypot is that it places an invisible link onto your Web site. Just like the case with a poorly constructed application, visitors to your site will never see this link, but Google will. However, instead of providing access to backend data, the link directs would-be hackers to a PHP script that logs their activity. Your site's real backend is never exposed through this link. ◦ http://ghh.sourceforge.net/index.php
 http://www.googleguide.com/advanced_operators_reference. html  http://searchenterprisedesktop.techtarget.com/tip/An- introduction-to-Google-Hack-Honeypots  http://www.googleguide.com/advanced_oper ators_reference.html  https://d4msec.wordpress.com/2015/09/05/google-dorks- of-live-webcams-cctv-etc-google-unsecured-ip-cameras/  Google hacking wikipedia  Slideshare ppt’s  Youtube videos  Google Hacking Database (GHDB)
Introduction to google hacking database
Introduction to google hacking database

Recommended

Google Dorks
Google DorksGoogle Dorks
Google DorksAdhoura Academy
 
Google Dorks
Google DorksGoogle Dorks
Google DorksAndrea D'Ubaldo
 
OWASP Secure Coding
OWASP Secure CodingOWASP Secure Coding
OWASP Secure Codingbilcorry
 
Information Gathering With Google
Information Gathering With GoogleInformation Gathering With Google
Information Gathering With GoogleZero Science Lab
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff
 
Secure Coding - Web Application Security Vulnerabilities and Best Practices
Secure Coding - Web Application Security Vulnerabilities and Best PracticesSecure Coding - Web Application Security Vulnerabilities and Best Practices
Secure Coding - Web Application Security Vulnerabilities and Best PracticesWebsecurify
 
Polyglot payloads in practice by avlidienbrunn at HackPra
Polyglot payloads in practice by avlidienbrunn at HackPraPolyglot payloads in practice by avlidienbrunn at HackPra
Polyglot payloads in practice by avlidienbrunn at HackPraMathias Karlsson
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopPaul Ionescu
 

Recommended

Google Dorks
Google DorksGoogle Dorks
Google DorksAdhoura Academy
 
Google Dorks
Google DorksGoogle Dorks
Google DorksAndrea D'Ubaldo
 
OWASP Secure Coding
OWASP Secure CodingOWASP Secure Coding
OWASP Secure Codingbilcorry
 
Information Gathering With Google
Information Gathering With GoogleInformation Gathering With Google
Information Gathering With GoogleZero Science Lab
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff
 
Secure Coding - Web Application Security Vulnerabilities and Best Practices
Secure Coding - Web Application Security Vulnerabilities and Best PracticesSecure Coding - Web Application Security Vulnerabilities and Best Practices
Secure Coding - Web Application Security Vulnerabilities and Best PracticesWebsecurify
 
Polyglot payloads in practice by avlidienbrunn at HackPra
Polyglot payloads in practice by avlidienbrunn at HackPraPolyglot payloads in practice by avlidienbrunn at HackPra
Polyglot payloads in practice by avlidienbrunn at HackPraMathias Karlsson
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopPaul Ionescu
 
3 google hacking
3 google hacking3 google hacking
3 google hackingSyahmi Afiq Nizam
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practicesMohammed Danish Amber
 
Secure code
Secure codeSecure code
Secure codeddeogun
 
A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...Noppadol Songsakaew
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101Cybersecurity Education and Research Centre
 
Securing dns records from subdomain takeover
Securing dns records from subdomain takeoverSecuring dns records from subdomain takeover
Securing dns records from subdomain takeovern|u - The Open Security Community
 
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityMohammed Fazuluddin
 
Neat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protectionNeat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protectionMikhail Egorov
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Codemotion
 
Html 5 Features And Benefits
Html 5 Features And Benefits Html 5 Features And Benefits
Html 5 Features And Benefits Software Engineering
 
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programs
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programsAEM hacker - approaching Adobe Experience Manager webapps in bug bounty programs
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programsMikhail Egorov
 
Seo
SeoSeo
Seoankisharma447
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurationsMegha Sahu
 
Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applicationsAdeel Javaid
 
A5: Security Misconfiguration
A5: Security Misconfiguration A5: Security Misconfiguration
A5: Security Misconfiguration Tariq Islam
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
Google Dorks and SQL Injection
Google Dorks and SQL InjectionGoogle Dorks and SQL Injection
Google Dorks and SQL InjectionMudassir Hassan Khan
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
Demystifying google hacks
Demystifying google hacksDemystifying google hacks
Demystifying google hacksdarwinah retno
 
Kiran karnad rtc2014 ghdb-final
Kiran karnad rtc2014 ghdb-finalKiran karnad rtc2014 ghdb-final
Kiran karnad rtc2014 ghdb-finalRomania Testing
 

More Related Content

What's hot

Secure code
Secure codeSecure code
Secure codeddeogun
 
A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...Noppadol Songsakaew
 
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityMohammed Fazuluddin
 
Neat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protectionNeat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protectionMikhail Egorov
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Codemotion
 
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programs
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programsAEM hacker - approaching Adobe Experience Manager webapps in bug bounty programs
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programsMikhail Egorov
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurationsMegha Sahu
 
Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applicationsAdeel Javaid
 
A5: Security Misconfiguration
A5: Security Misconfiguration A5: Security Misconfiguration
A5: Security Misconfiguration Tariq Islam
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 

What's hot (20)

3 google hacking
3 google hacking3 google hacking
3 google hacking
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
 
Secure code
Secure codeSecure code
Secure code
 
A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
 
Securing dns records from subdomain takeover
Securing dns records from subdomain takeoverSecuring dns records from subdomain takeover
Securing dns records from subdomain takeover
 
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API Security
 
Neat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protectionNeat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protection
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
 
Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...
 
Html 5 Features And Benefits
Html 5 Features And Benefits Html 5 Features And Benefits
Html 5 Features And Benefits
 
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programs
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programsAEM hacker - approaching Adobe Experience Manager webapps in bug bounty programs
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programs
 
Seo
SeoSeo
Seo
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurations
 
Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applications
 
A5: Security Misconfiguration
A5: Security Misconfiguration A5: Security Misconfiguration
A5: Security Misconfiguration
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
 
Google Dorks and SQL Injection
Google Dorks and SQL InjectionGoogle Dorks and SQL Injection
Google Dorks and SQL Injection
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
 

Similar to Introduction to google hacking database

Demystifying google hacks
Demystifying google hacksDemystifying google hacks
Demystifying google hacksdarwinah retno
 
Kiran karnad rtc2014 ghdb-final
Kiran karnad rtc2014 ghdb-finalKiran karnad rtc2014 ghdb-final
Kiran karnad rtc2014 ghdb-finalRomania Testing
 
Page 18Goal Implement a complete search engine. Milestones.docx
Page 18Goal Implement a complete search engine. Milestones.docxPage 18Goal Implement a complete search engine. Milestones.docx
Page 18Goal Implement a complete search engine. Milestones.docxsmile790243
 
How To Crawl Amazon Website Using Python Scrapy.pdf
How To Crawl Amazon Website Using Python Scrapy.pdfHow To Crawl Amazon Website Using Python Scrapy.pdf
How To Crawl Amazon Website Using Python Scrapy.pdfjimmylofy
 
How To Crawl Amazon Website Using Python Scrap (1).pptx
How To Crawl Amazon Website Using Python Scrap (1).pptxHow To Crawl Amazon Website Using Python Scrap (1).pptx
How To Crawl Amazon Website Using Python Scrap (1).pptxiwebdatascraping
 
Structured Document Search and Retrieval
Structured Document Search and RetrievalStructured Document Search and Retrieval
Structured Document Search and RetrievalOptum
 
Working Of Search Engine
Working Of Search EngineWorking Of Search Engine
Working Of Search EngineNIKHIL NAIR
 
Using Thinking Sphinx with rails
Using Thinking Sphinx with railsUsing Thinking Sphinx with rails
Using Thinking Sphinx with railsRishav Dixit
 
Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)Maximiliano Soler
 
IRJET - Review on Search Engine Optimization
IRJET - Review on Search Engine OptimizationIRJET - Review on Search Engine Optimization
IRJET - Review on Search Engine OptimizationIRJET Journal
 
Advanced Web Development
Advanced Web DevelopmentAdvanced Web Development
Advanced Web DevelopmentRobert J. Stein
 
Anant kochhar _revealing_the_secrets - ClubHack2009
Anant kochhar _revealing_the_secrets - ClubHack2009Anant kochhar _revealing_the_secrets - ClubHack2009
Anant kochhar _revealing_the_secrets - ClubHack2009ClubHack
 
12 core technologies you should learn, love, and hate to be a 'real' technocrat
12 core technologies you should learn, love, and hate to be a 'real' technocrat12 core technologies you should learn, love, and hate to be a 'real' technocrat
12 core technologies you should learn, love, and hate to be a 'real' technocratlinoj
 
Advanced full text searching techniques using Lucene
Advanced full text searching techniques using LuceneAdvanced full text searching techniques using Lucene
Advanced full text searching techniques using LuceneAsad Abbas
 
Advance searching techniques
Advance searching techniquesAdvance searching techniques
Advance searching techniquesHumayun Khan
 

Similar to Introduction to google hacking database (20)

Demystifying google hacks
Demystifying google hacksDemystifying google hacks
Demystifying google hacks
 
Kiran karnad rtc2014 ghdb-final
Kiran karnad rtc2014 ghdb-finalKiran karnad rtc2014 ghdb-final
Kiran karnad rtc2014 ghdb-final
 
Hacking
HackingHacking
Hacking
 
Page 18Goal Implement a complete search engine. Milestones.docx
Page 18Goal Implement a complete search engine. Milestones.docxPage 18Goal Implement a complete search engine. Milestones.docx
Page 18Goal Implement a complete search engine. Milestones.docx
 
Web Search Engine
Web Search EngineWeb Search Engine
Web Search Engine
 
How To Crawl Amazon Website Using Python Scrapy.pdf
How To Crawl Amazon Website Using Python Scrapy.pdfHow To Crawl Amazon Website Using Python Scrapy.pdf
How To Crawl Amazon Website Using Python Scrapy.pdf
 
How To Crawl Amazon Website Using Python Scrap (1).pptx
How To Crawl Amazon Website Using Python Scrap (1).pptxHow To Crawl Amazon Website Using Python Scrap (1).pptx
How To Crawl Amazon Website Using Python Scrap (1).pptx
 
Structured Document Search and Retrieval
Structured Document Search and RetrievalStructured Document Search and Retrieval
Structured Document Search and Retrieval
 
Working Of Search Engine
Working Of Search EngineWorking Of Search Engine
Working Of Search Engine
 
Using Thinking Sphinx with rails
Using Thinking Sphinx with railsUsing Thinking Sphinx with rails
Using Thinking Sphinx with rails
 
Seo Manual
Seo ManualSeo Manual
Seo Manual
 
Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)
 
IRJET - Review on Search Engine Optimization
IRJET - Review on Search Engine OptimizationIRJET - Review on Search Engine Optimization
IRJET - Review on Search Engine Optimization
 
Advanced Web Development
Advanced Web DevelopmentAdvanced Web Development
Advanced Web Development
 
Anant kochhar _revealing_the_secrets - ClubHack2009
Anant kochhar _revealing_the_secrets - ClubHack2009Anant kochhar _revealing_the_secrets - ClubHack2009
Anant kochhar _revealing_the_secrets - ClubHack2009
 
12 core technologies you should learn, love, and hate to be a 'real' technocrat
12 core technologies you should learn, love, and hate to be a 'real' technocrat12 core technologies you should learn, love, and hate to be a 'real' technocrat
12 core technologies you should learn, love, and hate to be a 'real' technocrat
 
Advanced full text searching techniques using Lucene
Advanced full text searching techniques using LuceneAdvanced full text searching techniques using Lucene
Advanced full text searching techniques using Lucene
 
Advance searching techniques
Advance searching techniquesAdvance searching techniques
Advance searching techniques
 
Google
GoogleGoogle
Google
 
I0331047050
I0331047050I0331047050
I0331047050
 

Recently uploaded

Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 

Recently uploaded (20)

Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 

Introduction to google hacking database

  • 2. When we searching in google,  We are not actually searching the web  Searching google’s index of the web  Indexing is done in google with a software program called “Spiders”.  Spider collects every links in a particular webpage and the webpages where the links lead to and it goes on and on…
  • 3.  Once after spidering, there created a big chunk of data which is the index.  Once the search term is entered, google checks in the index for several criteria and shows the results.  How many times the search keywords used.  Whether it is present in title and the url.  Does the page have synonyms and good PR.
  • 4.  GH is not about hacking Google itself.  Google, a powerful searching engine as we all know.  GH is all about tips and tricks to get more out of a google search.  GH is used to search and locate security vulnerabilities on poorly constructed web application on the internet.
  • 5.  GH is used by hackers to pull sensitive information like credit card information.  GH helps us to highly customize the search results.
  • 6. Two types: 1. Basic operators 2. Advanced operators
  • 7.  “ ” double quotes : Exact phrases  - Minus : Excludes the keyword or value  + Add : Includes the keyword or value  . Dot : Single character wildcard  .. Num range : Creates a number range b/w 2  * Asterisk : Place holder to any unknown term  ~ Tilde : Synonyms of the keyword  ..and more available.
  • 8.  Define – shows the definition of the word  Related – Shows related websites  Similar – Shows similar websites  Cache – Shows the cache of a webpage  Info – Shows the information about a web address  Filetype – Finds specific format in the web  Inurl – Searches the keyword in the url  Intitle – searches the keyword in the title  …
  • 9.  Site: searches in the particular website  ..and more  The best use of advanced operators are utilized when multiple operators are combined in a search.  Ex: female designer intitle:"resume" filetype:pdf
  • 10.  Directory Listing 1. intitle:index.of server.at 2. intitle:index.of server.at site:microsoft.com 3. intitle:index.of “parent directory” 4. intitle:index.of name size
  • 11.
  • 12.  "PHP Version" intitle:phpinfo inurl:info.php
  • 14.
  • 15.  "create table" "insert into" "pass|passwd|password" (ext:sql | ext:dump | ext:dmp)
  • 16.  inurl:/view.shtml Mostly security cameras, car parks, colleges etc.  inurl:/view/index.shtml Mostly security cameras, airports, car parks, back gardens, traffic cams etc.  inurl:viewerframe?mode= Network cameras, mostly private webcams etc.  inurl:”viewerframe?mode=motion” Network cameras  inurl:ViewerFrame?Mode=RefreshMostly security cameras, parks, bird tables etc.
  • 17.
  • 18.  intitle:index.of passwd passwd.bak  intitle:phpinfo "PHP Version"  "supplied argument is not a valid MySQL result resource“  intitle:index.of robots.txt  index.of passlist (plaintext passwords)  index.of.private (dir marked as private)  index.of.secure  index.of.protected  …
  • 19.  index.of.password (dir named passwords)  filetype:xls username password email  site:edu admin grades  allinurl:auth_user_file.txt  inurl:config.php dbuname dbpass  e-mail address filetype:csv csv  filetype:QDF QDF  inurl:"/becommunity/community/in dex.php?pageurl=“  ext:yml database inurl:config (Ruby on rails config files)
  • 20.
  • 21.  The robots.txt file contains "rules" about where web spiders are allowed (and NOT allowed) to look in a website's directory structure. Without over-complicating things, this means that the robots.txt file gives a miniroadmap of what's somewhat public and what's considered more private on a web site. Have a look at the robots.txt file itself, it contains interesting stuff.However, don't forget to check out the other files in these directories since they are usually at the top directory level of the web server!
  • 22. ◦ The idea behind a Google Hack Honeypot is that it places an invisible link onto your Web site. Just like the case with a poorly constructed application, visitors to your site will never see this link, but Google will. However, instead of providing access to backend data, the link directs would-be hackers to a PHP script that logs their activity. Your site's real backend is never exposed through this link. ◦ http://ghh.sourceforge.net/index.php
  • 23.  http://www.googleguide.com/advanced_operators_reference. html  http://searchenterprisedesktop.techtarget.com/tip/An- introduction-to-Google-Hack-Honeypots  http://www.googleguide.com/advanced_oper ators_reference.html  https://d4msec.wordpress.com/2015/09/05/google-dorks- of-live-webcams-cctv-etc-google-unsecured-ip-cameras/  Google hacking wikipedia  Slideshare ppt’s  Youtube videos  Google Hacking Database (GHDB)