SlideShare a Scribd company logo

Google Dorks

Download as PPTX, PDF
Adhoura Academy
Adhoura Academy

Google dorks, also known as Google hacking, involves using specific search operators and techniques on Google to find sensitive information on websites. Some key points made in the document include: - Google dorking uses operators like "site:", "filetype:", "intitle:", and "inurl:" to refine search results and maximize search value. This can be used to uncover private information, configurations, backups, and vulnerabilities. - Information found through Google hacking may remain exposed in Google's cache for months after being removed from websites. - Google indexes everything publicly available on the internet, making it a powerful tool for passive information gathering, which is an important first step for hackers. - The document encourages

Related slideshows

OSINT: Open Source Intelligence gathering
OSINT: Open Source Intelligence gatheringOSINT: Open Source Intelligence gathering
OSINT: Open Source Intelligence gathering
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
 
1 of 26
August 21,2014 Kaushal Kishore [ kaushal@osscube.com ] Lead Engineer OSSCube Google Dorks (Google Hacking)
Quick Survey
2 Quick Survey • How many people have heard of Google Dorks before this Meet up ? • How many people have tried Google Dorks? • How many people are using Google Dorks for hacking purpose ?
Google Dorks • “Using public sources openly and without resorting to illegal means, it is possible to gather at least 80 percent of all information required about the enemy” - Al Qaeda training manual
What is Google Dorks and Google Hacking ?
What is Google Hacking • It's not hacking into Google servers! • Google hacking is using different Google operators to effectively optimize search results. • It also involves using Google to identify vulnerabilities in websites. • Results are highly customizable. All Web site content is exposed to Google • Sensitive content might be available for months before the compromise is discovered • Even after sensitive pages are removed, they will be stored in Google Cache
Google Hacking • Google hacking is a term that refers to the art of creating complex search engine queries in order to filter through large amounts of search results for information related to computer security.
How it Works ? • Google Search indexes everything that is made public including “virtual notebooks” and the information stored within that notebook in their search results. • Google is one of the most powerful databases in the world
Information disclosure with Google • Private information • Remote Admin Interface • Configuration management • Error messages • Backup files • Public vulnerabilities • Technology Profile
How Google Works ?
How Google Works
Google Operators “Operators are used to refine the results and to maximize the search value. They are your tools as well as hackers’ weapons”
Google Operators • Basic Operators  +, -, ~ , ., *, “”, |, OR • Advanced Operators  allintext:, allintitle:, allinurl:, bphonebook:, cache:, define:, filetype:, info:, intext:, intitle:, inurl:, link:, phonebook:, related:, rphonebook:, site:, numrange:, daterange
Basic Operators • (+) force inclusion of something common – Google ignores common words (where, how, digit, single letters) by default: – Example: StarStarWars Episode +I • (-) exclude a search term – Example: apple –red • (“) use quotes around a search term to search exact phrases: – Example: “Robert Masse” – Robert masse without “” has the 309,000 results, but “robert masse” only has 927 results. Reduce the 99% irrelevant results • (~) search synonym: – Example: ~food – Return the results about food as well as recipe, nutrition and cooking information • ( . ) a single-character wildcard: – Example: m.trix – Return the results of M@trix, matrix, metrix……. • ( * ) any word wildcard
Advance Operators “Site” • Advance Operator : “Site” – Find Web pages only on the specified domain. If we search a specific site, usually we get the Web structure of the domain – Examples: • site:com • site:osscube.ca • site:www.osscube.ca
Advance Operators “Filetype” • Advanced Operators: “Filetype:” – Filetype: extension_type – Find documents with specified extensions – Example • filetype:pdf • filetype:xls • Site:osscube.com filetype:pdf • Site:osscube.com filetype:txt • Budget filetype: xls
Advance Operators “Intitle” • Advanced Operators “Intitle:” – Intitle: search_term – Find search term within the title of a Webpage – Allintitle: search_term1 search_term2 search_term3 – Find multiple search terms in the Web pages with the title that includes all these words – These operators are specifically useful to find the directory lists – Example: • Find directory list: • Intitle: Index.of “parent directory”
Advance Operators “Inurl” • Advanced Operators “Inurl:” – Inurl: search_term – Find search term in a Web address – Allinurl: search_term1 search_term2 search_term3 – Find multiple search terms in a Web address – Examples: • Inurl: cgi-bin • Allinurl: cgi-bin password
Advance Operators “Intext” • Advanced Operators “Intext;” – Intext: search_term – Find search term in the text body of a document. – Allintext: search_term1 search_term2 search_term3 – Find multiple search terms in the text body of a document. – Examples: • Intext: Administrator login • Allintext: Administrator login
Advance Operators “Cache” • Advanced Operators: “Cache:” – Cache: URL – Find the old version of Website in Google cache – Sometimes, even the site has already been updated, the old information might be found in cache – Examples: • Cache: www.osscube.com
Advance Operators “<number1>..<number2>” • Advanced Operators – <number1>..<number2> – Conduct a number range search by specifying two numbers, separated by two periods, with no spaces. Be sure to specify a unit of measure or some other indicator of what the number range represents – Examples: • Computer $500..1000 • DVD player $250..350
Advance Operators “Link” • Advanced Operators “Link:” – Link: URL • Find the Web pages having a link to the specified URL – Related: URL • Find the Web pages that are “similar” to the specified Web page – info: URL • Present some information that Google has about that Web page – Define: search_term • Provide a definition of the words gathered from various online sources – Examples: • Link: osscube.com • Related: osscube.com • Info: osscube.com • Define: Network security
References • http://www.googleguide.com/advanced_oper ators_reference.html • http://www.google.com/advanced_search • http://www.google.com/help/operators.html • http://www.exploit-db.com/google-dorks/ • http://www.hackersforcharity.org/ghdb/
Google “Friend or Enemy” • Google is everyone’s best friend (yours or hackers) • Information gathering and vulnerability identification are the tasks in the first phase of a typical hacking scenario • Passitive, stealth and huge data collection • Google can do more than search • Have you used Google to audit your organization today?
Questions ?
Thank you! Email : kaushal@osscube.com

More Related Content

Google Dorks

  • 1. August 21,2014 Kaushal Kishore [ kaushal@osscube.com ] Lead Engineer OSSCube Google Dorks (Google Hacking)
  • 3. 2 Quick Survey • How many people have heard of Google Dorks before this Meet up ? • How many people have tried Google Dorks? • How many people are using Google Dorks for hacking purpose ?
  • 4. Google Dorks • “Using public sources openly and without resorting to illegal means, it is possible to gather at least 80 percent of all information required about the enemy” - Al Qaeda training manual
  • 5. What is Google Dorks and Google Hacking ?
  • 6. What is Google Hacking • It's not hacking into Google servers! • Google hacking is using different Google operators to effectively optimize search results. • It also involves using Google to identify vulnerabilities in websites. • Results are highly customizable. All Web site content is exposed to Google • Sensitive content might be available for months before the compromise is discovered • Even after sensitive pages are removed, they will be stored in Google Cache
  • 7. Google Hacking • Google hacking is a term that refers to the art of creating complex search engine queries in order to filter through large amounts of search results for information related to computer security.
  • 8. How it Works ? • Google Search indexes everything that is made public including “virtual notebooks” and the information stored within that notebook in their search results. • Google is one of the most powerful databases in the world
  • 9. Information disclosure with Google • Private information • Remote Admin Interface • Configuration management • Error messages • Backup files • Public vulnerabilities • Technology Profile
  • 12. Google Operators “Operators are used to refine the results and to maximize the search value. They are your tools as well as hackers’ weapons”
  • 13. Google Operators • Basic Operators  +, -, ~ , ., *, “”, |, OR • Advanced Operators  allintext:, allintitle:, allinurl:, bphonebook:, cache:, define:, filetype:, info:, intext:, intitle:, inurl:, link:, phonebook:, related:, rphonebook:, site:, numrange:, daterange
  • 14. Basic Operators • (+) force inclusion of something common – Google ignores common words (where, how, digit, single letters) by default: – Example: StarStarWars Episode +I • (-) exclude a search term – Example: apple –red • (“) use quotes around a search term to search exact phrases: – Example: “Robert Masse” – Robert masse without “” has the 309,000 results, but “robert masse” only has 927 results. Reduce the 99% irrelevant results • (~) search synonym: – Example: ~food – Return the results about food as well as recipe, nutrition and cooking information • ( . ) a single-character wildcard: – Example: m.trix – Return the results of M@trix, matrix, metrix……. • ( * ) any word wildcard
  • 15. Advance Operators “Site” • Advance Operator : “Site” – Find Web pages only on the specified domain. If we search a specific site, usually we get the Web structure of the domain – Examples: • site:com • site:osscube.ca • site:www.osscube.ca
  • 16. Advance Operators “Filetype” • Advanced Operators: “Filetype:” – Filetype: extension_type – Find documents with specified extensions – Example • filetype:pdf • filetype:xls • Site:osscube.com filetype:pdf • Site:osscube.com filetype:txt • Budget filetype: xls
  • 17. Advance Operators “Intitle” • Advanced Operators “Intitle:” – Intitle: search_term – Find search term within the title of a Webpage – Allintitle: search_term1 search_term2 search_term3 – Find multiple search terms in the Web pages with the title that includes all these words – These operators are specifically useful to find the directory lists – Example: • Find directory list: • Intitle: Index.of “parent directory”
  • 18. Advance Operators “Inurl” • Advanced Operators “Inurl:” – Inurl: search_term – Find search term in a Web address – Allinurl: search_term1 search_term2 search_term3 – Find multiple search terms in a Web address – Examples: • Inurl: cgi-bin • Allinurl: cgi-bin password
  • 19. Advance Operators “Intext” • Advanced Operators “Intext;” – Intext: search_term – Find search term in the text body of a document. – Allintext: search_term1 search_term2 search_term3 – Find multiple search terms in the text body of a document. – Examples: • Intext: Administrator login • Allintext: Administrator login
  • 20. Advance Operators “Cache” • Advanced Operators: “Cache:” – Cache: URL – Find the old version of Website in Google cache – Sometimes, even the site has already been updated, the old information might be found in cache – Examples: • Cache: www.osscube.com
  • 21. Advance Operators “<number1>..<number2>” • Advanced Operators – <number1>..<number2> – Conduct a number range search by specifying two numbers, separated by two periods, with no spaces. Be sure to specify a unit of measure or some other indicator of what the number range represents – Examples: • Computer $500..1000 • DVD player $250..350
  • 22. Advance Operators “Link” • Advanced Operators “Link:” – Link: URL • Find the Web pages having a link to the specified URL – Related: URL • Find the Web pages that are “similar” to the specified Web page – info: URL • Present some information that Google has about that Web page – Define: search_term • Provide a definition of the words gathered from various online sources – Examples: • Link: osscube.com • Related: osscube.com • Info: osscube.com • Define: Network security
  • 23. References • http://www.googleguide.com/advanced_oper ators_reference.html • http://www.google.com/advanced_search • http://www.google.com/help/operators.html • http://www.exploit-db.com/google-dorks/ • http://www.hackersforcharity.org/ghdb/
  • 24. Google “Friend or Enemy” • Google is everyone’s best friend (yours or hackers) • Information gathering and vulnerability identification are the tasks in the first phase of a typical hacking scenario • Passitive, stealth and huge data collection • Google can do more than search • Have you used Google to audit your organization today?
  • 26. Thank you! Email : kaushal@osscube.com