You are on page 1of 2

Google Hacking :Basic Operators:1) And (+) :- This operator is used to include multiple terms in a query which i s to be searched

in google. example:- if we type "hacker+yahoo+science" in google search box and click searc h, it will reveal the results something which are related to all the three words simultaneously i.e. hacker, yahoo and science. 2 ) OR (|) :- The OR operator, represented by symbol( | ) or simply the word OR in uppercase letters, instructs google to locate either one term or another term in a query. 3) NOT :- It is opposite of AND operator, a NOT operator excludes a word from se arch. example:- If we want to search websites containing the terms google and hacking but not security then we enter the query like "google+hacking" NOT "security". Advanced Operators:1) Intitle :- This operator searches within the title tags. examples:- intitle:hacking returns all pages that have the string "hacking" in t heir title. intitle:"index of" returns all pages that have string "index of" in their title. Companion operator:- "allintitle". 2) Inurl :- Returns all matches, where url of the pages contains given word. example:- inurl:admin returns all matches, where url of searched pages must cont ains the word "admin". Companion operator:- "allinurl". 3) Site :- This operator narrows search to specific website. It will search resu lts only from given domain. Can be used to carry out information gathering on sp ecific domain. example:- site:www.microsoft.com will find results only from the domain www.micr osoft.com 4) Link :- This operator allows you to search for pages that links to given webs ite. example:- link:www.microsoft.com Here, each of the searched result contains asp links to www.microsoft.com 5) Info :- This operator shows summary information for a site and provides links to other google searches that might pertain to that site. example:- info:www.yahoo.com 6) Define :- This operator shows definition for any term. example:- define:security It gives various definitions for the word "security" in different manner from al l over the world. 7) Filetype :- This operator allows us to search specific files on the internet. The supported file types can be pdf, xls, ppt, doc, txt, asp, swf, rtf, etc.. example:- If you want to search for all text documents presented on domain www.m icrosoft.com then we enter the query something like following. "inurl:www.microsoft.com filetype:txt" POPULAR SEARCH:

Google Search :- "Active Webcam Page" inurl:8080 Description- Active WebCam is a shareware program for capturing and sharing the video streams from a lot of video devices. Known bugs: directory traversal and c ross site scripting. Google Search :- "delete entries" inurl:admin/delete.asp Description- AspJar contains a flaw that may allow a malicious user to delete ar bitrary messages. The issue is triggered when the authentication method is bypas sed and /admin/delete.asp is accessed directly. It is possible that the flaw may allow a malicious user to delete messages resulting in a loss of integrity. Google Search :- "phone * * *" "address *" "e-mail" intitle:"curriculum vitae" Description- This search gives hundreds of existing curriculum vitae with names and address. An attacker could steal identity if there is an SSN in the document . Google Search :- inurl:*.exe ext:exe inurl:/*cgi*/ Description- a cgi-bin executables xss/asp injection miscellanea: some examples: inurl:keycgi.exe ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-bin/keyc gi.exe? cmd=download&product=">[XSS HERE] inurl:wa.exe ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-bin/wa.exe?SUBED1=">[XSS HERE] inurl:mqinterconnect.e xe ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-bin/mqinterconnect.exe? poi1iconid=11111&poi1streetaddress=">[XSS HERE] &poi1city=city&poi1state=OK Google Search :- intitle:"index of" finance.xls Description- Secret financial spreadsheets 'finance.xls' or 'finances.xls' of co mpanies may revealed by this query. Google Search :- intitle:"index.of" robots.txt Description- The robots.txt file contains "rules" about where web spiders are al lowed (and NOT allowed) to look in a website's directory structure. Without over -complicating things, this means that the robots.txt file gives a mini-roadmap o f what's somewhat public and what's considered more private on a web site. Have a look at the robots.txt file itself, it contains interesting stuff. However, do n't forget to check out the other files in these directories since they are usua lly at the top directory level of the web server! Google Search :- intitle:index.of.admin Description- Locate "admin" directories that are accessible from directory listi ngs. Google Search :- inurl:"nph-proxy.cgi" "start browsing" Description- Returns lots of proxy servers that protects your identity online.