VERY IMPORTANT : GOOGLE HACKING AND SEARCHING

Introduction
lGoogle Search Technique
–Just put the word and run the search
lYou need to audit your Internet presence
–One database, Google almost has it all!
lOne of the most powerful databases in the world
lConsolidate a lot of info
lUsage:
–Student …
–Business …
–Al’Qaeda …
And Man Moreeeee.............


Google Operators:
–Operators are used to refine the results and to maximize the search value. They are your tools as well as hackers’ weapons
lBasic Operators:
+, -, ~ , ., *, “”, |, OR
lAdvanced Operators:
–allintext:, allintitle:, allinurl:, bphonebook:, cache:, define:, filetype:, info:, intext:, intitle:, inurl:, link:, phonebook:, related:, rphonebook:, site:, numrange:, daterange

BASIC OPERATORS
 Basic Operators
– (+) force inclusion of something common
– Google ignores common words (where, how, digit, single letters) by default:
Example: StarStar Wars Episode +I
– (-) exclude a search term
Example: apple –red
– (“) use quotes around a search term to search exact phrases:
Example: “Robert Masse”
– Robert masse without “” has the 309,000 results, but “robert masse” only has 927 results. Reduce the 99% irrelevant results
 Basic Operators
– (~) search synonym:
Example: ~food
– Return the results about food as well as recipe, nutrition and cooking information
– ( . ) a single-character wildcard:
Example: m.trix
– Return the results of M@trix, matrix, metrix…….
– ( * ) any word wildcard
– Advanced Operators: “Site:”
– Site: Domain_name
– Find Web pages only on the specified domain. If we search a specific site, usually we get the Web structure of the domain
– Examples:
site:ca
site:gosecure.ca
site:www.gosecure.ca

ADVANCE OPERATORS 1.“Intitle:”


– Intitle: search_term
– Find search term within the title of a Webpage
– Allintitle: search_term1 search_term2 search_term3
– Find multiple search terms in the Web pages with the title that includes all these words
– These operators are specifically useful to find the directory lists
– Example:
Find directory list:
Intitle: Index.of “parent directory”

ADVANCE OPERATORS 1.“Intitle:”


– Intitle: search_term
– Find search term within the title of a Webpage
– Allintitle: search_term1 search_term2 search_term3
– Find multiple search terms in the Web pages with the title that includes all these words
– These operators are specifically useful to find the directory lists
– Example:
Find directory list:
Intitle: Index.of “parent directory”

“Inurl:”
Advanced Operators “Inurl:”
– Inurl: search_term
– Find search term in a Web address
– Allinurl: search_term1 search_term2 search_term3
– Find multiple search terms in a Web address
– Examples:
Inurl: cgi-bin
Allinurl: cgi-bin password

“Intext;”
Advanced Operators “Intext;”
– Intext: search_term
– Find search term in the text body of a document.
– Allintext: search_term1 search_term2 search_term3
– Find multiple search terms in the text body of a document.
– Examples:
Intext: Administrator login
Allintext: Administrator login

“Cache:”
Advanced Operators: “Cache:”
– Cache: URL
– Find the old version of Website in Google cache
– Sometimes, even the site has already been updated, the old information might be found in cache
– Examples:
Cache: www.gosecure.com

“Daterange:”
 Advanced Operators: “Daterange:”
– Daterange: -
– Find the Web pages between start date and end date
– Note: start_date and end date use the Julian date
– The Julian date is calculated by the number of days since January 1, 4713 BC. For example, the Julian date for August 1, 2001 is 2452122
– Examples:
2004.07.10=2453196
2004.08.10=2453258
– Vulnerabilities date range: 2453196-2453258

“Link:”
Advanced Operators “Link:”
– Link: URL
– Find the Web pages having a link to the specified URL
– Related: URL
– Find the Web pages that are “similar” to the specified Web page
– info: URL
– Present some information that Google has about that Web page
– Define: search_term
– Provide a definition of the words gathered from various online sources
– Examples:
Link: gosecure.ca
Related: gosecure.ca
Info: gosecure.ca
Define: Network security

“phonebook:”
Advanced Operators “phonebook:”
– Phonebook
– Search the entire Google phonebook
– rphonebook
– Search residential listings only
– bphonebook
– Search business listings only
– Examples:
Phonebook: robert las vegas (robert in Las Vegas)
Phonebook: (702) 944-2001 (reverse search, not always work)
The phonebook is quite limited to U.S.A

Google, Friend or Enemy?
Google, Friend or Enemy?
– Google is everyone’s best friend (yours or hackers)
– Information gathering and vulnerability identification are the tasks in the first phase of a typical hacking scenario
– Passitive, stealth and huge data collection
– Google can do more than search
– Have you used Google to audit your organization today?
 What can Google can do for a hacker?
– Search sensitive information like payroll, SIN, even the personal email box
– Vulnerabilities scanner
– Transparent proxy
 Salary
– Salary filetype: xls site: edu
 Security social insurance number
– Intitle: Payroll intext: ssn filetype: xls site: edu
 Financial Information
– Filetype: xls “checking account” “credit card” - intext: Application -intext: Form
 Personal Mailbox
– Intitle: Index.of inurl: Inbox
 Confidential Files
– “not for distribution” confidential



Google Hacking

Usually it takes a very long time to find something on google search, but isn’t it wonderful if you directly find the same whatever you want just by adding few more characters.

1. If you making a project for your school or for your collage then it will really very helpful if you got few e-books on the same topic. Say, if you are making a project over the topic ‘Networking’. Then go to google search and type networking filetype:pdf

2. If you are looking for your project materials in Doc file then use networking filetype:doc

3. If you are looking for any presentation on the topic networking then use networking filetype:ppt

4. And if you are a music freak and don’t want to waste time on surfing the whole internet just for your favorite song then try using this ?intitle:index.of? mp3 enrique . This search will show you all mp3 songs of Enrique all together and free of cost.

5. If you are a little bit computer conscious and want disc images of various operating systems and of games then try this inurl:vista filetype:iso . This search will give you download link of images of windows Vista.




GOOGLE HACKING REFERENCES
Google APIS:
www.google.com/apis
Remove:
http://www.google.com/remove.html
Googledorks:
http://johnny.ihackstuff.com/
O’reilly Google Hack:
http://www.oreilly.com/catalog/googlehks/
Google Hack Presentation, Jonhnny Long:
http://johnny.ihackstuff.com/modules.php?op=modload&name= ownloads&file=index&req=viewdownload&cid=1
“Autism: Using google to hack:
www.smart-dev.com/texts/google.txt
“Google: Net Hacker Tool du Jour:
http://www.wired.com/news/infostructure/0,1377,57897,00.html