Google hacking

Google Search Options
Specific file types: *.xls, *.doc, *.pdf *.ps *.ppt *.rtf
Google allows you to search for specific file types, so instead of getting html-files as a result (websites)
you get Microsoft excel files for example. The search string you would use would be this:
Filetype:xls (for excel files) or filetype:doc for word files.
But maybe more interesting would be searching for *.db files and *.mdb files. Google by the way
doesn’t tell you you can search for *.db and *mdb files. I wonder what other file types one can search
for. Things that come to mind are *.cfg files or *.pwd files, *.dat files, stuff like that. Try and think of
something that might get you some interesting results.
Inurl
Another useful search option is the inurl: option which allows one to search for a certain word one
would want to be in the url. This gives you the opportunity to search for specific directories/folders,
especially in combination with the “index of” option, about which I will talk later on.
An example would be inurl:admin which would give you results of website urls that have the word
“admin” in the url.
Index of
The index of option is another option that isn’t especially thought of by the creators of google, but
comes in very handy. If you use the “index of” string you will find directory listings of specific folders on
servers. An example could be:
‘index of” admin or index.of.admin
which would get you many directory listings of admin folders. (don’t forget to use the quotes in this
case since you are looking for the entire “index of” string, not just for “index” and “of”)
Site
The site option allows you to come up with results that only belong to a certain domain name
extension or to a specific site. For example one could search for .com sites or .box.sk sites or .nl sites,
but also for results from just one site, but more interesting might be to search for specific military or
government websites. An example of a search string would be:
Site:mil or site:gov
Site:neworder.box.sk “board”
Intitle
Intitle is another nice option. It allows you to search for html files that have a certain word or words in
the title. The format would be intitle:wordhere. You could check out what words appear in the title of
some online control panel or content management system and then search google for this word with
the intitle option, to find these control panel pages.
Link
The Link option allows you to check which sites link to a specific site. As described in Hacking
Exposed Third Edition, this could be useful:
These search engines provide a handy facility that allows you to search for all sites that have links
back to the target organization’s domain. This may not seem significant at first but let’s explore the
implications. Suppose someone in an organization decides to put up a rogue website at home or on
the target network’s site.“”[4]
Combining search options
The above mentioned search options might or might not be known to you, but even though they can
amount to some interesting results, it’s a fact that when you start combining them, that’s when
google’s magic starts to show. For example, one could try this search string:
inurl:nasa.gov filetype:xls "restricted" or this one: site:mil filetype:xls "password" or maybe
site:mil “index of” admin
(I’m just producing these from the top of my head, I don’t know whether they’d result in anything
interesting, that’s where you come in. You got to find a search string that gets the results you want.)