πŸ‘¨β€πŸ’»
Jawad's Notes
  • πŸ‘¨β€πŸ«INFOSEC
    • πŸ•ΈοΈWeb
      • Burp Suite: Setting Foxyproxy
      • XSS
      • Wappalyzer
      • Directory Traversal
      • LFI
        • PHP Wrappers
        • RFI
      • Reverse Shell
        • Command Injection Quick Tips
      • File Upload
      • WPScan
      • SQL Injection
        • Schemas
        • SQLmap
        • MSSQL
        • MySQL
        • PostgreSQL
    • πŸ”§Tools
      • Whois
      • DNSRecon
      • DNSenum
      • nslookup
      • Netcat
        • Powercat
      • Nmap
        • Nmap Scripting Engine
        • Test-NetConnection
        • Grep
      • Server Message Block (SMB)
      • SNMP
      • SMTP
      • ExifTool
      • Search Engine Hacking
      • Source Control Hacking
      • Nessus
      • Canarytokens
      • Qualys SSL Server Test
      • Security Headers
      • theHarvester
      • Shodan
      • Gobuster
        • Dirb
      • Searchsploit
      • Password Cracking
        • Hashcat
        • John The Ripper
        • Hydra
        • hashID
        • CPU vs GPU
    • 🐧Linux
      • Symbols
      • cat
      • curl
      • openvpn
      • tcpdump
      • Remote Desktop
      • SmbShare
      • Tmux
      • Convert Windows-style line endings (CRLF) to Unix-style (LF)
      • SSH
    • πŸ–₯️Macros in Office
    • 🍎Enhancing Your MacOS Terminal Experience
    • 🚩CTF
      • SQL Injection
        • WHERE clause allowing retrieval of hidden data
        • Allowing login bypass
        • UNION attack, determining the number of columns returned by the query
        • UNION attack, finding a column containing text
        • UNION attack, retrieving data from other tables
        • UNION attack, retrieving multiple values in a single column
        • Querying the database type and version on Oracle
Powered by GitBook
On this page
  1. INFOSEC
  2. Tools

Search Engine Hacking

Search Engine hacking also known as Google Hacking or Google Dorks; involves using advanced search operators in Google to find specific information or vulnerabilities on websites.

Commands:

  • intitle: Search for words in the title of a webpage.

  • inurl: Search for words in the URL.

  • filetype: Search for a specific file type.

  • site: Search within a specific site or domain.

Examples:

  1. Search for Specific File Types:

    • Command: filetype:

    • Example: filetype:pdf site:example.com (Finds PDF files on the specified site)

  2. Explore Directory Listings:

    • Command: intitle:"index of"

    • Example: intitle:"index of" /secret (Finds directories named "secret")

  3. Find Login Pages:

    • Example: intitle:"login" site:example.com (Locates login pages on the specified site)

  4. Search for Vulnerabilities:

    • Example: site:example.com ext:php intitle:"Index of" "db"

  5. Locate Exposed Documents:

    • Example: filetype:doc site:example.com (Finds Microsoft Word documents on the specified site)

  6. Search for Backup Files:

    • Example: filetype:bkf intitle:"index of" site:example.com (Finds backup files on the specified site)

  7. Explore Subdomains:

    • Example: site:*.example.com (Lists subdomains of example.com)

  8. Search for Passwords:

    • Example: filetype:log inurl:"password.log" (Looks for log files containing passwords)

  9. Find Apache Default Pages:

    • Example: intitle:"Apache2 Debian Default Page" (Finds Apache default pages on Debian)

Remember to use these commands responsibly and ethically, respecting privacy and legal boundaries. Misuse of Google Dorking can be viewed as hacking in some countries.

Exercise: Try using a Google dork to find information about a specific topic or website. For example:

site:example.com intitle:"index of" filetype:pdf

Useful resources:

PreviousExifToolNextSource Control Hacking

Last updated 1 year ago

πŸ‘¨β€πŸ«
πŸ”§
https://dorksearch.com
https://www.exploit-db.com/google-hacking-database