With Google Hacking, as with search engines in general, it is all about gathering information. Sometimes there is also talk of Google Dorking. This technique is used by attackers to use the sophisticated search technology of Google.
Sophisticated search queries present security holes, error messages, sensitive information and data leaks directly in the search engine interface.
Attackers extend search queries for targeted victims and applications
As is often the case, you get thousands of results. To further narrow down the search, attackers also use information to reduce the number of people affected. This often includes the version number of the system they are looking for.
But the search engine can also search for specific file types. With a simple search query, for example, all sql file types can be listed
filetype:sql
If you know the advanced search operators, you can also display other files. If you are looking for SMS logs, you need the following query:
intitle: "Index of" "sms.log"
Logical operators and symbols become power in Google.
As for the operators typical in computer science, you can also use Google and other search engines. Here AND, NOT and OR as well as operators like …. The following table contains additional information on these operators or possible combinations
Logischer Operator | Beschreibung | Beispiel |
---|---|---|
AND oder + | Wird benutzt um Wörter zu inkludieren. Alle Wörter, vor denen der Operator steht, müssen enthalten sein | web AND application AND security |
Not oder - | Wird benutzt um Wörter auzuschließen. | web application NOT security |
OR oder | | Wird benutzt um entweder das eine ODER das andere zu finden. | web application OR security |
Tilde (~) | Wird verwendet um Synonyme oder ähnliche Wörter zu finden | Wep Application ~security |
Anführungszeichen (") | Das in den Anführungszeichen stehende muss genau so gefunden werden | "wep application security" |
Punkt (.) | Wird als Wildcard für einzelne Zeichen benutzt | .eb application security |
Sternchen (*) | Wird als Wildcard für Wörter benutzt | web * security |
Advanced search operators for Google Hacking
If you know the classical operators, you should take a look at the extended ones. These give the user another possibility to refine or filter the results. First, Google Search triggers the logical operators and then carries out the extended ones or further limits the result. With the search query
intitle:"index of" filetype:sql
the search engine will first look for
"index of"
in the title. The result is then narrowed down – only according to the file type sql. You can look up other operators and their purpose in the following table:
Erweiterter Suchoperator | Beschreibung | Beispiel |
---|---|---|
site: | Beschränkt die Suche auf die angegeben Website | site:aware7.de |
filetype: | Schränkt die Suche auf den gesuchten Dateityp ein | mysqldump filetype:sql |
link: | Grenze nach Seiten ein, die auf folgende URL verlinken | link:aware7.de |
cache: | Suche und stelle eine Version der Website dar, die Google gecrawlt und gespeichert hat | cache:example.com |
intitle: | Suche nach Text der im Titel der Website auftaucht | intitle:"index of" |
inurl: | Suche nach Inhalt, der in der URL steht | inurl:passwords.txt |
Can Google Hacking be prevented?
Basically Google Hacking is nothing else than (targeted) information gathering. By testing web applications and websites these misconfigurations are detected. The main aim of a pentest is to prevent the exploitation of the vulnerability by discovering the vulnerability beforehand. In the best case, the listing in search engines is also prevented or the correct configuration is provided. By the way, in our Live Hacking we show many user-friendly Google Hackings.