Google hacking

Summary

Google hacking, also named Google dorking,[1][2] is a hacker technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites are using.[3] Google dorking could also be used for OSINT.

Basics

"Google hacking" involves using advanced operators in the Google search engine to locate specific errors of text within search results. Some of the more popular examples are finding specific versions of vulnerable Web applications. A search query with intitle:admbook intitle:Fversion filetype:php would locate all web pages that have that particular text contained within them. It is normal for default installations of applications to include their running version in every page they serve, for example, "Powered by XOOPS 2.2.3 Final".

Devices connected to the Internet can be found. A search string such as inurl:"ViewerFrame?Mode=" will find public web cameras.

Another useful search is following intitle:index.of followed by a search keyword. This can give a list of files on the servers. For example, intitle:index.of mp3 will give all the MP3 files available on various types of servers.

You can use symbols or words in your search to make your search results more precise.[4]

  • Google Search usually ignores punctuation that isn’t part of a search operator.[4]
  • Don’t put spaces between the symbol or word and your search term. A search for site:nytimes.com will work, but site: nytimes.com won’t.[4]

Advanced operators

Many similar advanced operators can be used to exploit insecure websites:

Operator Example Purpose Mixes with Other Operators? Can be used Alone? Web Images Groups News
site site:wikipedia.org Search specific site yes yes yes yes yes yes
related related:wikipedia.org Search for related sites yes yes
cache cache:wikipedia.org Search with Google's cached version of a site yes yes
intitle intitle:wikipedia Search page Title yes yes yes yes yes yes
allintitle[5] allintitle:wikipedia Search page title yes yes yes yes yes yes
subject Group subject search yes yes yes yes yes yes
inurl inurl:wikipedia Search URL yes yes yes yes yes yes
allinurl allinurl:wikipedia Search URL yes yes yes yes yes yes
filetype filetype:pdf Search results will only be of this file type yes yes yes yes yes
intext intext:wiki Search text of page only yes yes yes yes yes yes
allintext allintext:wiki Search text of page only no yes yes yes yes no
"" "Wikipedia" Search for exact word match yes yes
+ jaguar + car Search for more than one specific key yes yes
- jaguar speed -car Exclude words from your search yes yes
OR jaguar OR car Combines two searches yes yes
* how to * to Wikipedia Wildcard operator yes yes
link link:wikipedia Search for links to pages yes yes yes yes yes yes
inanchor inanchor:wikipedia[6] Search link anchor text yes yes yes yes yes yes
daterange Search in date range yes yes yes yes yes yes
author Group author search yes yes yes yes yes yes
group Group name search yes yes yes yes yes
msgid Group msgid search yes yes yes yes
imagesize imagesize:320x320 Image results will only be of this size yes yes no yes
@ @wikipedia Search Social Media yes yes
# #wiki Search for hashtags yes yes
$ camera $400 Search for a price yes yes
.. camera $50..$100 Search within a range of numbers yes yes

For a list of operators, refer to Google Search Help. To limit the misuse of the advanced google search feature, Google makes use of CAPTCHA after every few advanced searches which restricts bots from automating the process.

Google also provides a GUI version for Advanced Google searching available here which supports most common advanced search operators.

History

The concept of "Google hacking" dates back to 2002, when Johnny Long began to collect Google search queries that uncovered vulnerable systems and/or sensitive information disclosures – labeling them googleDorks.[7]

The list of Google Dorks grew into a large dictionary of queries, which were eventually organized into the original Google Hacking Database (GHDB) in 2004.[8][9]

Since its heyday[when?], the concepts explored in Google hacking (sometimes referred to as Google Dorking) have been extended to other search engines, such as Bing[10] and Shodan.[11] Automated attack tools[12] use custom search dictionaries to find vulnerable systems and sensitive information disclosures in public systems that have been indexed by search engines.[13]

Protection

Robots.txt is a well known file for search engine optimization and protection against Google dorking. It involves the use of robots.txt to disallow everything or specific endpoints (hackers can still search robots.txt for endpoints) which prevents google bots from crawling sensitive endpoints such as admin panels.

References

  1. ^ Term Of The Day: Google Dorking - Business Insider
  2. ^ Google dork query, techtarget.com
  3. ^ https://www.researchgate.net/publication/325763845_Study_on_Implementation_and_Impact_of_Google_Hacking_in_Internet_Security
  4. ^ a b c "Refine web searches - Google Search Help". support.google.com. Retrieved 2020-12-16.
  5. ^ Karch, Marziah. "Allintitle Definition". About.com. About.com. Retrieved 29 February 2020.
  6. ^ "Least Understood Google Operator". Boolean Strings. 2018-01-08. Retrieved 2021-04-22.
  7. ^ "googleDorks created by Johnny Long". Johnny Long. Archived from the original on 8 December 2002. Retrieved 8 December 2002.
  8. ^ "Google Hacking Database (GHDB) in 2004". Johnny Long. Archived from the original on 7 July 2007. Retrieved 5 October 2004.
  9. ^ Google Hacking for Penetration Testers, Volume 1. Johnny Long. 2005. ISBN 1931836361.
  10. ^ "Bing Hacking Database (BHDB) v2". Bishop Fox. 15 July 2013. Retrieved 27 August 2014.
  11. ^ "Shodan Hacking Database (SHDB) - Part of SearchDiggity tool suite". Bishop Fox. Retrieved 21 June 2013.
  12. ^ "SearchDiggity - Search Engine Attack Tool Suite". Bishop Fox. 15 July 2013. Retrieved 27 August 2014.
  13. ^ "Google Hacking History". Bishop Fox. 15 July 2013. Retrieved 27 August 2014.

External links

  • Google Hacking Diggity Project - Bishop Fox – a research and development initiative dedicated to investigating the latest techniques that leverage search engines (such as Google, Bing, and Shodan) to quickly identify vulnerable systems and sensitive data on public networks. An arsenal of free attack and defense tools related to search engine hacking are available for download.
  • Google Hacking Database (GHDB) - REBORN - 09Nov2010 – Exploit-db.com folks picked up the effort of maintaining and adding to the original GHDB JohnnyIHackStuff.com created by Johnny Long.
  • "Google Hacking: .pdf Document", boris-koch.de (printable, .pdf)
  • "Google Help: Cheat Sheet", Google (printable)
  • Google Hacking for Penetration - Using Google as a Security Testing Tool, Introduction by Johnny Long