Google Hacking, also called Google Dorking, is the use of special commands for Google Searches to bring insights into vulnerabilities of computers or return results that can enable further exploitation. It is important to know how these work so you can perform this type of hack against your own web presence.
Google hacking techniques are easy to learn. There are so many we offer a “cheat sheet” below to reference as many as we can find.
But first let’s walk through a very simple example. Supposed you wanted to do a search for files that contain passwords on the internet. There is a google command that limits what you search to the text of the document. So you can search for files that say “Index of /password” and return a wide range of references to files that may have passwords.
Try it by clicking on this link:
https://google.com/search?q=intext:”index of /password”
This returns a huge list. Not all will deliver the results you are expecting, but clearly there is information being disclosed that organizations do not want revealed.
Now what if you want to look for information openly published on a company website that maybe was accidentally released? For example, webpages that have information that is marked “proprietary”. You can search for the word only in one domain. Here is one using the URL of the contractor Northrop Grumman and the word proprietary:
site:northropgrumman.com (proprietary)
You can also limit the search to only certain types of documents, for example, PDF files:
site:northropgrumman.com (proprietary) filetype:pdf
Now try searching all .mil sites for any PDF file that has the marking (SBU) or (CUI) in it (these are terms used to mark information that should be controlled, SBU is Sensitive but Unclassified. CUI is Controlled Unclassified Information). Files with these terms in them should just be admin instructions, but if someone accidentally released something to the web it may be indexed and available for the world to read:
site:*.mil (SBU) or (CUI) filetype:pdf
Those are some simple examples. The point is to tailor those to your own research needs, and to also use this type of capability to test your own information leaks. Is your local school system leaking information on your kids? Is your boss leaking information on you? What could a bad guy find out about your business or family?
Google Hacking Cheat Sheet (from the Sundowndev github site)
| Filter | Description | Example |
|---|---|---|
| allintext | Searches for occurrences of all the keywords given. | allintext:"keyword" |
| intext | Searches for the occurrences of keywords all at once or one at a time. | intext:"keyword" |
| inurl | Searches for a URL matching one of the keywords. | inurl:"keyword" |
| allinurl | Searches for a URL matching all the keywords in the query. | allinurl:"keyword" |
| intitle | Searches for occurrences of keywords in title all or one. | intitle:"keyword" |
| allintitle | Searches for occurrences of keywords all at a time. | allintitle:"keyword" |
| site | Specifically searches that particular site and lists all the results for that site. | site:"www.google.com" |
| filetype | Searches for a particular filetype mentioned in the query. | filetype:"pdf" |
| link | Searches for external links to pages. | link:"keyword" |
| numrange | Used to locate specific numbers in your searches. | numrange:321-325 |
| before/after | Used to search within a particular date range. | filetype:pdf & (before:2000-01-01 after:2001-01-01) |
| allinanchor (and also inanchor) | This shows sites which have the keyterms in links pointing to them, in order of the most links. | inanchor:rat |
| allinpostauthor (and also inpostauthor) | Exclusive to blog search, this one picks out blog posts that are written by specific individuals. | allinpostauthor:"keyword" |
| related | List web pages that are “similar” to a specified web page. | related:www.google.com |
| cache | Shows the version of the web page that Google has in its cache. | cache:www.google.com |
Learning to think like a hacker is a critical component of enhancing your security. This will take you much further than simply following security best practices and checklists. But we should end with a reminder. If you are not following best practices, you are leaving yourself open to much greater damage than if you are.
Further reading:
- Tips For Managing Your Online Footprint
- How To Stop Spies
- Adding Industrial Strength Protection To Your Online Accounts With Yubikey
The post The Quick And Easy Guide To Google Hacking appeared first on Spy Tales.
