The document discusses Google searching techniques, focusing on how Google indexes the web using spiders and how users can manipulate search results with basic and advanced operators. It highlights methods for finding security vulnerabilities on poorly constructed web applications and offers examples of combined search queries to enhance results. Additionally, it introduces the concept of a Google hack honeypot, which is designed to trap would-be hackers by redirecting them to a logging script rather than exposing sensitive backend data.

1. By
Sathish Kumar S

2. When we searching in google,
 We are not actually searching the web
 Searching google’s index of the web
 Indexing is done in google with a software
program called “Spiders”.
 Spider collects every links in a particular
webpage and the webpages where the links
lead to and it goes on and on…

3.  Once after spidering, there created a big
chunk of data which is the index.
 Once the search term is entered, google
checks in the index for several criteria and
shows the results.
 How many times the search keywords used.
 Whether it is present in title and the url.
 Does the page have synonyms and good PR.

4.  GH is not about hacking Google itself.
 Google, a powerful searching engine as we all
know.
 GH is all about tips and tricks to get more out
of a google search.
 GH is used to search and locate security
vulnerabilities on poorly constructed web
application on the internet.

5.  GH is used by hackers to pull sensitive
information like credit card information.
 GH helps us to highly customize the search
results.

6. Two types:
1. Basic operators
2. Advanced operators

7.  “ ” double quotes : Exact phrases
 - Minus : Excludes the keyword or value
 + Add : Includes the keyword or value
 . Dot : Single character wildcard
 .. Num range : Creates a number range b/w 2
 * Asterisk : Place holder to any unknown term
 ~ Tilde : Synonyms of the keyword
 ..and more available.

8.  Define – shows the definition of the word
 Related – Shows related websites
 Similar – Shows similar websites
 Cache – Shows the cache of a webpage
 Info – Shows the information about a web
address
 Filetype – Finds specific format in the web
 Inurl – Searches the keyword in the url
 Intitle – searches the keyword in the title
 …

9.  Site: searches in the particular website
 ..and more
 The best use of advanced operators are
utilized when multiple operators are
combined in a search.
 Ex: female designer intitle:"resume"
filetype:pdf

10.  Directory Listing
1. intitle:index.of server.at
2. intitle:index.of server.at site:microsoft.com
3. intitle:index.of “parent directory”
4. intitle:index.of name size

12.  "PHP Version" intitle:phpinfo inurl:info.php

13.  ext:log inurl:password

15.  "create table" "insert into"
"pass|passwd|password" (ext:sql | ext:dump |
ext:dmp)

16.  inurl:/view.shtml Mostly security cameras, car
parks, colleges etc.
 inurl:/view/index.shtml Mostly security cameras,
airports, car parks, back gardens, traffic cams etc.
 inurl:viewerframe?mode= Network cameras, mostly
private webcams etc.
 inurl:”viewerframe?mode=motion” Network
cameras
 inurl:ViewerFrame?Mode=RefreshMostly security
cameras, parks, bird tables etc.

18.  intitle:index.of passwd passwd.bak
 intitle:phpinfo "PHP Version"
 "supplied argument is not a valid MySQL
result resource“
 intitle:index.of robots.txt
 index.of passlist (plaintext passwords)
 index.of.private (dir marked as private)
 index.of.secure
 index.of.protected
 …

19.  index.of.password (dir named passwords)
 filetype:xls username password email
 site:edu admin grades
 allinurl:auth_user_file.txt
 inurl:config.php dbuname dbpass
 e-mail address filetype:csv csv
 filetype:QDF QDF
 inurl:"/becommunity/community/in
dex.php?pageurl=“
 ext:yml database inurl:config (Ruby on rails
config files)

21.  The robots.txt file contains "rules" about where
web spiders are allowed (and NOT allowed) to
look in a website's directory structure. Without
over-complicating things, this means that the
robots.txt file gives a miniroadmap of what's
somewhat public and what's considered more
private on a web site. Have a look at the
robots.txt file itself, it contains interesting
stuff.However, don't forget to check out the other
files in these directories since they are usually at
the top directory level of the web server!

22. ◦ The idea behind a Google Hack Honeypot is that it
places an invisible link onto your Web site. Just like
the case with a poorly constructed application,
visitors to your site will never see this link, but
Google will. However, instead of providing access to
backend data, the link directs would-be hackers to
a PHP script that logs their activity. Your site's real
backend is never exposed through this link.
◦ http://ghh.sourceforge.net/index.php

23.  http://www.googleguide.com/advanced_operators_reference.
html
 http://searchenterprisedesktop.techtarget.com/tip/An-
introduction-to-Google-Hack-Honeypots
 http://www.googleguide.com/advanced_oper
ators_reference.html
 https://d4msec.wordpress.com/2015/09/05/google-dorks-
of-live-webcams-cctv-etc-google-unsecured-ip-cameras/
 Google hacking wikipedia
 Slideshare ppt’s
 Youtube videos
 Google Hacking Database (GHDB)