Google hacking for everyone

If you have ever needed an answer to a question, chances are you have been one of the trillions of searches that Google sees annually. But have you ever wondered if there is an easier way to find the answers to your questions? Have you ever wondered if there are hacks to search in a more effective way on Google?

Time to discover interesting things.

Advanced Operators

Google offers advanced operators help refine searches. It is not a new feature, they are included as part of a standard Google query and they use a syntax such as the following:

operator:searchTerm

Keep in mind there is no space between the operator, the colon, and the search term.

The list of Advanced Operators

Google offers a lot of advanced operators. We will deal just with some of them. There are plenty of resources in the web if you want to discover them all.

Search link anchor text

inanchor:searchTerm

Search the page title

inanchor:searchTerm

Search the page text

intext:searchTerm

Search the URL

inurl:searchTerm

Search specific files

filetype:searchTerm

Search specific site

site:searchTerm

Special Search Characters

We’ll use some special characters in our examples. These
characters have special meaning to Google. Always use these characters without surrounding spaces.

Force inclusion of something common: ( + )
Exclude a search term: ( - )
Use quotes around search phrases, exact search: ( " )
A single-character wildcard: ( . )
Any word: ( * )
boolean ‘OR’: ( | )
Parenthesis group queries: ("master card" | mastercard)

First examples

Imagine you want to discover all the pdfs files exposed by a huge company such as McDonalds.

site:mcdonalds.com filetype:pdf

How to exclude results from news.mcdonalds.com?
We have learnt how to exclude results using the - operator.

site:mcdonalds.com -site:news.mcdonalds.com filetype:pdf intext:executive

Very simple.

Going darker

But if we can restrict the google search to some specific result... what about searching for sensitive data? This is what Johnny Long thought in the beginning of the 2000s.

Try this example.

filetype:xls "username | password"

This search reveals usernames and/or passwords in xls documents.

If we want to search xls documents that contain the exact text "gmail.com" we have just to add intext:"@gmail.com".

filetype:xls "username | password" intext:"@gmail.com"

This kind of google query is also called 'google dork'. There is a place where great Google dorks are collected and this is the Google Hacking Database (GHDB).

Google Hacking Database (GHDB)

The Google Hacking Database (GHDB) was created by Johnny Long of Hackers for Charity. There you can find tons of amazing Google dorks. Play with responsibility.

Stay awesome and keep hacking,
nicola