![]() ![]() Searches within the text of the web pages (the text possibly seen by regular users browsing the web pages) Inurl.ssh intitle:index.of authorized_keys Searches with the URL of the crawled web pages. Intitle:index.of inurl:wp-content intitle:index.of inurl:wp-content/uploads Searches in the title of the pages (the HTML element that is located in the element of the page's markup) no quotation marksįor example, by querying Google for site: filetype:pdf, we use two advanced operators – the site operator which will limit the results to only those originating from the given website and the filetype operator which will return results limited to a certain file type (in this case, pdf).īelow is a table containing some of the commonly used Google operators and symbols for Google hacking: To test this, you can try searching Google with a term like there is a lot of fish in the sea and retrying the search with the same term but encapsulated in quotation marks - "there is a lot of fish in the sea."įigure 1: Results from enclosing search words with quotation marks vs. Quotation marks serve the purpose of telling Google to search for an exact match. To use spaces, we would have to surround the phrase with quotation marks. There should be no space between the operator and the search term and the search term itself cannot contain spaces, or the query will fail. The former query would give results to all kinds of external websites that mention that domain while the latter would narrow the results down to those originating from the chosen domain.Īdvanced operators usually take the form of operator:search-term and are directly written in your query string. This can be easily illustrated by querying Google for a domain and compare that to querying with the site operator for the given domain. Advanced operators, however, make it possible to get a subset of the original results that match certain characteristics. If you simply use a Google search term, you will see all the results that match the given terms. For example, you can use advanced operators to get only files of a particular type or filter so that the results of your search are limited to a specific website. ![]() Most of the time, they allow you to view a list of the most relevant and useful results. Besides revealing flaws in web applications, Google Hacking allows you to find sensitive data, useful for the Reconnaissance stage of an attack, such as emails associated with a site, database dumps or other files with usernames and passwords, unprotected directories with sensitive files, URLs to login portals, different types of system logs such as firewall and access logs, unprotected pages that contain sensitive information such as web-connected printers or cameras with data about their usage, status, location and so on.Īdvanced operators allow you to get more specific search results from your queries. Google Hacking is a term that encapsulates a wide range of techniques for querying Google to reveal vulnerable Web applications and sometimes to pinpoint vulnerabilities within specific web applications. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |