Google Hacking

“Google, properly leveraged, has more intrusion potential than any hacking tool.” - Adrian Lamo (Grey Hat Hacker, hacked NY Times, Yahoo, etc.)

See this book: Google Hacking For Penetration Testers - Johnny Long

Google Searching Basics

• Web
• Images
• Groups
• Shopping
• Books
  
• Scholor
• Finance
• Blogs
• More

Preferences and Advanced

• Preferences
• Language Tools
• Advanced Search

Advanced Directives

• site: (Searches only within a given domain)
• [all]intext: (Shows pages with all terms in page text)
• [all]inurl: (Shows pages whose URL matches)
• [all]intitle: (Shows pages whose title matches)
• filetype: (ext:) vs. searchterm
• phonebook: (General)
• bphonebook: (Business)
• rphonebook: (Residential)
• link: (Shows all sites linked to a given site)
• related: (Shows similar pages [hit/miss])
• cache: (Google cache)
• info: (Cached + link: + related: ... Not very useful)
• daterange: (Indexed by Google during dates within range) -Must always be a range - Must be in Julian Date form (Number of days since Jan 1, 4713 B.C.)
• vs &as_qdr={h.d.w.m.y}[2..x]

Operators

• ""
• (|) / (OR v. or)
• (-) (+)
• (.) (*)
• (..) / numrange
• (~)

Google Hacking Database

• Available remote desktop systems
• Default web material
• Indexable directories
• UserIDs and passwords
• Shell history
• GHDB of "GoogleDorks" (http://johnny.ihackstuff.com)