+91 9116117170

Google Hacking For Penetration Testers | Cyberops

Google Hacking For Penetration Testers

By Devashish Soni 0 Comment March 19, 2020

Google hacking or Google dorking is an advance google search technique for information gathering. These search queries can be used to gather information for arbitrary or individual targets, identify security vulnerabilities in web applications, discover files containing credentials and other sensitive data, discover error messages disclosing sensitive information

Before we Begin:

Before we start what google hacking is, we should know some golden rule about google searching

  • Google queries are not case sensitive:

          it means where you type your query in lower case (cyberops) in uppercase (CYBEROPS) in camel-case (CyBeRoPs) or in psycho-case (cyBErOpS) the word is always going to be same. But here is an exception for word “or” when using it as Boolean based query it must be written in uppercase as “OR”.

  • 32 words limit:

          In 2005 google has increased it’s search limit from 10 to 32, the maximum search keywords allowed by google search is 2048 after that it will ignore your search query.

  • Google has rights to ignore your search query:

          Google ignore some characters, search string, common words, single characters in his search result. according to google search document ( these words are ignored by google search engine. That include How and Where. However sometime google may include them in your search result.

Boolean Operators and Special Characters:

To perform advanced search queries, it is necessary for us to understand the Boolean operators AND, OR, NOT and some special characters/wildcard characters like *. The most used boolean operator is AND this operator is used to include multiple terms in query like if you type hackers AND crackers it will show you pages which include information about hackers as well as crackers.

The other common Boolean operator is NOT which is just opposite to AND operator. To use it we have to use – symbol in front of the word we want to ignore or exclude from our search query for example if we are searching for “hacks” it may include several unwanted result like “life hacks”, “soap hacks” which we can exclude by including -“life hacks” -“soap hacks” which will give us more revelent result.

A less common or sometimes more confusing Boolean operator is OR. it is represented by the pipe symbol “|” or simply the word OR in uppercase letters, instructs Google to locate either one term or another in a query.

The plus (+) symbol forces the inclusion of the word that follows it for example if we search for “where” “a” “are”  as separate google will ignore them as most common word but if you include them with + symbol like +where, +a, +are (there is no space between + and the follows word) it will force google to include them in result. In addition, we can use double quotes to force google to search them common words in a string like “justice for all”.

Now Let’s Get into the real thing:

Advance Operators:

Beyond the basic searching techniques that we have explored, Google offers special terms which are known as advanced operators to help us perform more advanced queries. if we use these operators properly they can help us get to exactly the information we are looking for without spending too much time poring pages after pages of a search results. When advanced operators are not provided in a search query, Google will locate your search terms in every area of the Web page, including the title, the text, the Uniform Resource Locator (URL), even in the like.

Syntax for Advance Operator:

The syntax for an advance operator is “Operator:Search_Term” for an example “intitle:cyberops” will return all of the pages which have cyberops in their title. Notice that there is no space between operator and search term. Here are some example of Advance Operator intitle, intext, inurl, filetype, site, link, allintitle and etc.

Let’s focus on what we can achieve with this

1} Allintitle: the operator allintitle will return the pages that have only requested search term in the title for example allintitle:“error page” will return pages that have only “error page” in their title.

Let’s have a real-world example: allintitle:”index of” “backup file” it will return all the pages which have ‘index of’ in their title and have ‘backup file’ included somewhere in the web-page.

Here we can see that what kind of result this query has provided to us

Inurl and allinurl: These operators are used to search text string in the URL.

For example inurl:“admin/index.php” will return all of the pages which have admin/index.php in there URL.

Other famous Operators:

  • Allintext

 Finds provided terms in the text of a page

 Pure evil so don’t use it

 Forget that you ever heard about allintext

  • Site

 Restricts our search to a particular site or domain

 Works well with other operators

 Can be used alone

 Best to use with Groups, web and Image searches

  • Link

Searches for links to a URL or site

 Does not work with other search terms or operators

 Best to use with Web searches

  • Inanchor

 Finds text in the text of a links

 works well with other operators and search terms

 Best to use for Web, Image, and News searches

  • Daterange

 Locates pages indexed within a specific date range

 Requires a search term

 works well with other operators and search terms

 Best to use with Web searches

  • Numrange

 Finds a number in a particular range

 works well with other operators and search terms

 Best to use with Web searches

 Synonymous with ext.

  • Cache

 Displays Google’s cached copy of a page

 Does not work with other operators or search terms

 Best to use with Web searches

  • Info

 Displays summary information about a page

 Does not work with other operators or search terms

 Best to use with Web searches

  • Related

 Shows sites that are related to provided URL or site

 Does not work with other operators or search terms

 Best to use with Web searches

error: Content is protected by Cyberops !!