 |
|
|
|
 |
|
 |
|||||
Become a fan
9
Basics
2
www.hakin9.org
hakin9 4/2005
Dangerous Google
- Searching for Secrets
Micha. Piotrowski
Information which should be
protected is very often publicly
available, revealed by careless
or ignorant users. The result is
that lots of confidential data is
freely available on the Internet
- just Google for it.
Google serves some 80 percent of all
search queries on the Internet, making
it by far the most popular search
engine. Its popularity is due not only to excellent
search effectiveness, but also extensive
querying capabilities. However, we should
also remember that the Internet is a highly
dynamic medium, so the results presented
by Google are not always up-to-date - some
search results might be stale, while other
relevant resources might not yet have been
visited by Googlebot (the automatic script
that browses and indexes Web resources for
Google).
Table 1 presents a summary of the most
important and most useful query operators
along with their descriptions, while Figure 1
shows document locations referred to by the
operators when applied to Web searches. Of
course, this is just a handful of examples - skilful
Google querying can lead to much more
interesting results.
Hunting for Prey
Google makes it possible to reach not just
publicly available Internet resources, but also
some that should never have been revealed.
What You Will Learn...
. how to use Google to find sources of personal
information and other confidential data,
. how to find information about vulnerable systems
and Web services,
. how to locate publicly available network devices
using Google.
What You Should Know...
. how to use a Web browser,
. basic rules of operation of the HTTP protocol.
About the Author
Micha. Piotrowski holds an MA in IT and has
many years' experience in network and system
administration. For over three years he has
been a security inspector and is currently working
as computer network security expert at one
of the largest Polish financial institutions. His
free time is occupied by programming, cryptography
and contributing to the open source
community.
Google hacking
3
hakin9 4/2005
www.hakin9.org
Table 1. Google query operators
Operator
Description
Sample query
site
restricts results to sites within the
specified domain
site:google.com fox will find all sites containing the
word fox, located within the *.google.com domain
intitle
restricts results to documents whose
title contains the specified phrase
intitle:fox fire will find all sites with the word fox in the
title and fire in the text
allintitle
restricts results to documents
whose title contains all the specified
phrases
allintitle:fox fire will find all sites with the words fox
and fire in the title, so it's equivalent to intitle:fox
intitle:fire
inurl
restricts results to sites whose URL
contains the specified phrase
inurl:fox fire will find all sites containing the word fire
in the text and fox in the URL
allinurl
restricts results to sites whose URL
contains all the specified phrases
allinurl:fox fire will find all sites with the words fox
and fire in the URL, so it's equivalent to inurl:fox
inurl:fire
filetype, ext
restricts results to documents of the
specified type
filetype:pdf fire will return PDFs containing the word
fire, while filetype:xls fox will return Excel spreadsheets
with the word fox
numrange
restricts results to documents containing
a number from the specified
range
numrange:1-100 fire will return sites containing a number
from 1 to 100 and the word fire. The same result can be
achieved with 1..100 fire
link
restricts results to sites containing
links to the specified location
link:www.google.com will return documents containing
one or more links to www.google.com
inanchor
restricts results to sites containing
links with the specified phrase in
their descriptions
inanchor:fire will return documents with links whose
description contains the word fire (that's the actual link
text, not the URL indicated by the link)
allintext
restricts results to documents containing
the specified phrase in the
text, but not in the title, link descriptions
or URLs
allintext:"fire fox" will return documents which contain
2
www.hakin9.org
hakin9 4/2005
Dangerous Google
- Searching for Secrets
Micha. Piotrowski
Information which should be
protected is very often publicly
available, revealed by careless
or ignorant users. The result is
that lots of confidential data is
freely available on the Internet
- just Google for it.
Google serves some 80 percent of all
search queries on the Internet, making
it by far the most popular search
engine. Its popularity is due not only to excellent
search effectiveness, but also extensive
querying capabilities. However, we should
also remember that the Internet is a highly
dynamic medium, so the results presented
by Google are not always up-to-date - some
search results might be stale, while other
relevant resources might not yet have been
visited by Googlebot (the automatic script
that browses and indexes Web resources for
Google).
Table 1 presents a summary of the most
important and most useful query operators
along with their descriptions, while Figure 1
shows document locations referred to by the
operators when applied to Web searches. Of
course, this is just a handful of examples - skilful
Google querying can lead to much more
interesting results.
Hunting for Prey
Google makes it possible to reach not just
publicly available Internet resources, but also
some that should never have been revealed.
What You Will Learn...
. how to use Google to find sources of personal
information and other confidential data,
. how to find information about vulnerable systems
and Web services,
. how to locate publicly available network devices
using Google.
What You Should Know...
. how to use a Web browser,
. basic rules of operation of the HTTP protocol.
About the Author
Micha. Piotrowski holds an MA in IT and has
many years' experience in network and system
administration. For over three years he has
been a security inspector and is currently working
as computer network security expert at one
of the largest Polish financial institutions. His
free time is occupied by programming, cryptography
and contributing to the open source
community.
Google hacking
3
hakin9 4/2005
www.hakin9.org
Table 1. Google query operators
Operator
Description
Sample query
site
restricts results to sites within the
specified domain
site:google.com fox will find all sites containing the
word fox, located within the *.google.com domain
intitle
restricts results to documents whose
title contains the specified phrase
intitle:fox fire will find all sites with the word fox in the
title and fire in the text
allintitle
restricts results to documents
whose title contains all the specified
phrases
allintitle:fox fire will find all sites with the words fox
and fire in the title, so it's equivalent to intitle:fox
intitle:fire
inurl
restricts results to sites whose URL
contains the specified phrase
inurl:fox fire will find all sites containing the word fire
in the text and fox in the URL
allinurl
restricts results to sites whose URL
contains all the specified phrases
allinurl:fox fire will find all sites with the words fox
and fire in the URL, so it's equivalent to inurl:fox
inurl:fire
filetype, ext
restricts results to documents of the
specified type
filetype:pdf fire will return PDFs containing the word
fire, while filetype:xls fox will return Excel spreadsheets
with the word fox
numrange
restricts results to documents containing
a number from the specified
range
numrange:1-100 fire will return sites containing a number
from 1 to 100 and the word fire. The same result can be
achieved with 1..100 fire
link
restricts results to sites containing
links to the specified location
link:www.google.com will return documents containing
one or more links to www.google.com
inanchor
restricts results to sites containing
links with the specified phrase in
their descriptions
inanchor:fire will return documents with links whose
description contains the word fire (that's the actual link
text, not the URL indicated by the link)
allintext
restricts results to documents containing
the specified phrase in the
text, but not in the title, link descriptions
or URLs
allintext:"fire fox" will return documents which contain
Comments & Reviews ^topBe the first to comment on this! |
|
Recommended55 Ways to Have Fun With Google A night to remember, a day to forget. 20 Great Google Secrets How to Google MP3's The Google Story DANGEROUS MISSIONS AND DANGEROUS MEN Google Search Tips |
© WP Technology Inc. 2009
User-posted content is subject to its own terms.
User-posted content is subject to its own terms.
