-->

Use Google for Advanced Hacking and Penetration Testing





Google is the best search engine in the world,  Actually people think that Google's popularity is because of its simple and fast searching interface but, its more popular because it has rich Operators and Query support that will make your searching experience better. Most of us doesn't know which operators are supported by Google and if they know some of them, they doesn't know how actually these operators work and enrich our searching practice.

Advanced Google searching techniques


Google operators:


Google operators are classified into two basic categories:
1. Basic Google Operators like and, or, not etc.
2. Advanced google operators like inurl, intitle etc.
I am also including bonus search queries that are extremely useful for hackers. 

Basic Google Operators:-


1) And (+) :- This operator is used to include multiple terms in a query which is to be searched in google.
example:- if we type "hacker+yahoo+science" in google search box and click search, it will reveal the results something which are related to all the three words simultaneously i.e. hacker, yahoo and science.

►►You Might Like : DNS Hijacking On Free Hosting Accounts ◄◄


2 ) OR (|) :- The OR operator, represented by symbol( | ) or simply the word OR in uppercase letters, instructs google to locate either one term or another term in a query.


3) NOT :- It is opposite of AND operator, a NOT operator excludes a word from search.
example:- If we want to search websites containing the terms google and hacking but not security then we enter the query like "google+hacking" NOT "security".


Advanced Operators:-


1) Intitle :- This operator searches within the title tags.
Description:- intitle:hacking returns all pages that have the string "hacking" in their title.
intitle:"index of" returns all pages that have string "index of" in their title.
Similar operator:- "allintitle".

2) Inurl :- Returns all matches, where url of the pages contains given word.
Description:- inurl:admin returns all matches, where url of searched pages must contains the word "admin".
Companion operator:- "allinurl".

3) Site :- This operator narrows search to specific website. 
Description : It will search results only from given domain. Can be used to carry out information gathering on specific domain.
example:- site:www.microsoft.com will find results only from the domain www.microsoft.com

4) Link :- This operator allows you to search for pages that links to given website.
example:- link:www.microsoft.com
Here, each of the searched result contains asp links to www.microsoft.com

5) Info :- This operator shows summary information for a site and provides links to other google searches that might pertain to that site.
example:- info:www.yahoo.com

6) Define :- This operator shows definition for any term.
example:- define:security
It gives various definitions for the word "security" in different manner from all over the world.

7) Filetype :- This operator allows us to search specific files on the internet. The supported file types can be pdf, xls, ppt, doc, txt, asp, swf, rtf, etc..
example:- If you want to search for all text documents presented on domain www.microsoft.com then we enter the query something like following.
"inurl:www.microsoft.com filetype:txt"

Other popular search terms only for Hackers:



1. For searching active webcams online:
In Google Search Box type :-
"Active Webcam Page" inurl:8080
Description- Active WebCam is a shareware program for capturing and sharing the video streams from a lot of video devices. Known bugs: directory traversal and cross site scripting.

2. For accessing the deleted messages on forums:

In Google Search Box type:- 
"delete entries" inurl:admin/delete.asp
Description- AspJar contains a flaw that may allow a malicious user to delete arbitrary messages. The issue is triggered when the authentication method is bypassed and /admin/delete.asp is accessed directly. It is possible that the flaw may allow a malicious user to delete messages resulting in a loss of integrity.

3. For searching personal information of person:

In Google Search box type :- 
"phone * * *" "address *" "e-mail" intitle:"curriculum vitae"
Description- This search gives hundreds of existing curriculum vitae with names and address. An attacker could steal identity if there is an SSN in the document.

4.For searching secret financial spread sheets:

In Google Search box type :- 
intitle:"index of" finance.xls
Description- Secret financial spreadsheets 'finance.xls' or 'finances.xls' of companies may revealed by this query.

5. In Google Search box :- 

intitle:"index.of" robots.txt
Description- The robots.txt file contains "rules" about where web spiders are allowed (and NOT allowed) to look in a website's directory structure. Without over-complicating things, this means that the robots.txt file gives a mini-roadmap of what's somewhat public and what's considered more private on a web site. Have a look at the robots.txt file itself, it contains interesting stuff. However, don't forget to check out the other files in these directories since they are usually at the top directory level of the web server!

6. For locating admin directories of websites:

In Google Search box type :- 
intitle:index.of.admin
Description- Locate "admin" directories that are accessible from directory listings.

7. For searching proxies online:

In Google Search box type :- 
inurl:"nph-proxy.cgi" "start browsing"
Description- Returns lots of proxy servers that protects your identity online.

Related Posts

Post a Comment

Subscribe Our Newsletter