Google Hacking for PenTester
Google Hacking the meaning of the original use of Google Google search engine to search for information technology and behavior, now refers to the use of various search engines to search for information technology and behavior.Google Hacking is not really anything new, in fact A few years ago I have seen in some foreign sites related to the introduction, but because at that time did not attach importance to this technology, that is only used to find the most unnamed mdb or others left the webshell or something, not too Big practical use.But some time ago carefully nibbled some information to suddenly find Google Hacking is not so simple.
[all]inurl
[all]intext
[all]intitle
site
ext,filetype
symbol: – . * |
boolean Epression: and or not
lang:”c++” define
Privacy Information
1. The user name and password
“create table” insert into” “pass|passwd|password” (ext:sql | ext:dump | ext:txt)
“your password * is” (ext:csv | ext.doc | ext:txt)
2. Key
“index of” slave_datatrans OR from_master
3. Privacy Password
“Begin (DSA | RSA)” ext:key
“index of” “secring.gpg”
-“public | pubring | pubkeysignature | pgp | and | or |release” ext:gpg
-intext:”and” (ext:enc | ext:axx)
“ciphervalue” ext:xml
5. Chat Logs
“session start” “session ident” thomas ext:txt
“index of” inbox.dbx
“To parent directory” inurl:”Identities”
7. Confidential files and directories
“index of” (private | secure | geheim | gizli)
“robots.txt” “User-agent” ext:txt
“this document is private | confidential | secret” ext:doc | ext:pdf | ext:xls
intitle:”index of” “jpg | png | bmp” inurl”personal | inurl:private
8. Online Webcam
intitle:”live View/ -AXIS” | inurl:view/view.shtml
inurl:”ViewFrame?Mode=”
inurl:”MultiCameraFrame?Mode=”
inturl:”axis-cgi/mjpg”
intext:”MOBOTIX M1″
intext:”Open Menu”
inurl:”view/index.shtml”
9. Description Identification private information
- allintext: name email phone address intext:”thomas fischer” ext:pdf
- Twiki inurl:”View/Main” “thomas fischer”
- intitle:CV OR intitle:Lebenslauf “thomas fischer”
- intitle:CV OR intitle:Lebenslauf ext:pdf OR ext:doc
10. username
ntitle:”usage Statistics for” intext:”Total Unique Usernames”
11. Unreliable procedures to disclose information
“php version” intitle:phpinfo inurl:info.php
12. SQL injection vulnerabilities and weak opening path
- “advanced guestbook * powered” inurl:addentry.php
- intitle:”View img” inurl:viewimg.php
13. Security Scan Report
“Assessment report” “nessus” filetype:pdf
14. Database program and error files
- “Welcome to phpmyadmin ***” “running on * as root@*” intitle:phpmyadmin
- “mysql error with query”
15. find records of these sites robots.txt screening
- “robots.txt” “disallow:” filetype:txt
16. Use this search string, you can get a lot of passwords and login account, search for these files password and account have not had encrypted
nurl:_vti_pvt “service.pwd”
17. VNC user info
- “vnc desktop” inurl:5800
18. View public network shared printer, you can check their status, set up, you can use some of them to print their own stuff
nurl:”port_255″ -htm
19. php admin access
- intitle:phpMyAdmin “Welcome to phpMyAdmin ***” running on * as root@*”
Some search engine parameter on Google
intext
This is the text content of the web page in the search conditions such as a character in google, enter: intext: Mobility will return all of the body of the page with “Mobility” website .allintext:. Use and intext similar.
intitle
And that almost intext search page title if there is we’re looking for character, for example search above: intitle:Safety Angel, will return all the page title contains the “Security Angels” website empathy allintitle: Similar with intitle
cache
search google cache in on something, and sometimes may be able to find some good things
define
The definition of a word search, search for: define: hacker, the hacker’s definition of return.
filetype
I recommend this to focus on, whether it is net attacks or behind us to say collect information on specific targets need to use this type of search for the specified input file, for example: filetype:. doc will return all doc ending file URL. of course, if you find .bak, .mdb, or .inc is also possible, the information obtained may be richer 🙂
info
Find some basic information about the specified site.
inurl
We search the specified character exists in the URL, for example, enter: inurl: admin. allinurl with similar inurl, you can specify more than one character.
site
This is also useful, for example: site: kali-linux.co returns all URL .
You can view video demo
https://www.youtube.com/watch?v=SaPGOLFy_F8
How to countermeasure Google hacking
- Use automatic tools to check your system(e.g. gooscan,sitedigger,goolink)
- Install and manage Google Honeypot
