It is a common fact that search engines contain information that we want to look for. But did you know that search engines such as Google can be used for hacking? The term that is used for this is called Google Hacking.
Google Hacking is a method that uses Google.com to search for anything that is left behind by the developer or the administrator, but it is not meant for public consumption.
Here are just some of the commands that we can use in google hacking:
The inurl: command is used to find files and documents that contain the term that is inputted in the URL.
For example, I want to know which documents have the term “hacking”. I should input the term like so:
inurl:"hacking"
The results should come out like this:
As you can see from the image above, it shows the URLs that contain the word “hacking” in it.
The next command I will demonstrate is the intitle: command. It is used for finding the results that contain the term that is inputted in the title of the website.
For example, I want to find out which websites have the word “ethical” in their title. I just simply input the command like this:
intitle:"ethical"
The results will show like this:
The site: command shows the results but only from the specific domain inputted, like so:
site:.go.id
The results shown will be like this:
The cache: command shows the archived versions of the website that is inputted, like so:
cache:domain.com
The results will come out like this:
The text above the website tells us that it is the cached version of the website, that is taken as of a specific date.
The link: command shows pages that redirects us to the URL, like so:
link:domain.com
The results will come out like this:
The filetype: command lets us find out the results with that specific file type. For example, I want to narrow down my search results into .pdf files only from a specific term. I can do it like so:
ethical hacking filetype:pdf
The results will be shown like this:
As you can see from above, the search results only show the ones that are .pdf files from the term “ethical hacking”.
We can also combine these together, for example:
site:.co.id intitle:"jakarta"
And it will show something like this:
As seen the results above, it will only shows the results in which the word “Jakarta” is in the title, and its sites are domains that end with .co.id.
The next command I will demonstrate is using the index of term. The index of term shows a list of directory results of the term.
For example, I want to find out the directory of images in a certain domain. I can type the command like so:
site:.go.id intitle:index.of"images"
The results will come out like this:
The results shown above are directories of images that are in .go.id websites.
Or I want to find the directory of passwords from websites that have a certain domain like so:
inurl:.go.id intitle:index.of"/passwd"
And the results will be like this:
It shows the list of passwords from websites with the domain .go.id.
Google Hacking is another way that we can use to gather information about our targets. We can use these commands and type in what we want to know about the target, and it can return sufficient information that we needed.
References:
http://www.googleguide.com/advanced_operators_reference.html