Using Google for hacking and GHDB

November 21, 2017

So the title of this post looks quite catchy? Isn’t it? But be assured because yes we will really hack Google “Search” not only for the sole purpose of helping us in penetration testing but also to learn how to make our searches fruitful. Actually, did you know that there are ways by which you can really advance search using Google? Did you think that the billions of search results can then be filtered out to a just thousand or even hundreds and how it will save you a huge amount of time?

What is this thing about Google advanced search?

Let’ see how Wikipedia defines Google Hacking:

“Google hacking, also named Google Dorking, is a computer hacking technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites use.
Google hacking involves using advanced operators in the Google search engine to locate specific strings of text within search results. Some of the more popular examples are finding specific versions of vulnerable Web applications”.

Let’s understand it step by step. All of us must have done Google search once at least unless you are a die-hard an of Bing or Yahoo(**sighs**). Most of the times for a single search query we get not only millions but billions of results. Let’s suppose we were only looking for a pdf file that we knew was on a particular site. In any case, you can’t think of an appropriate term for the search.
Now that’s where Google advanced search comes into play. It drastically reduces the search results. The billion search results can just be reduced to a mere hundred if you use certain “Operators” correctly.

Operators? New term?Hmmm

Let’s see what operators actually are. Google advanced operators help refine searches.
This is the syntax for using these operators:

operator:search_term

There is no space between the operator, colon and the search term, REMEMBER NO SPACE.

Example Time

There are different operators for different purposes. Let’s consider the previous example for that. Like how we were trying to find pdf files on a website. Let’s consider the target to be targetxyz.com. So this will be the query you will type in the Google search box:

filetype:pdf site:targetxyz.com

Now this query will list out all the pdf files on that site. Hope you understood this. Let’s improvise it a bit now. Suppose you want to narrow down the results even more. Let’s say you don’t want the pdf files from the domains sellers.targetxyz.com but from all the other domains of site target.com. The query now will look something like this:

filetype:pdf site:targetxyz.com -site:sellers.targetxyz.com

Now you will get even lesser and accurate results. Let’s go through the query once more. The filetype we need is pdf, the site we are targeting is target.com and the domain we are excluding is sellers.target.com. That’s why we are using the negative sign there.

Here is a screenshot of a chart taken from the book “Google hacking Filters”

Taken from “Google hacking Filters”

This chart shows all the different operators available and the purpose for each of them. Let’s go through the chart once.

Column 1: Operator
These are the name of the different operators you will be playing with for getting different pieces of information.

Column 2: Purpose
This column illustrates the purpose of each operator. Let’s take the first operator for example. So the purpose of the intitle operator is to search the page titles by the search_term it is provided. For example:
intitle:"Cashmoney"
Now this query will search the whole web for all the titles containing the term “Cashmoney” and give you the results after that.

Column 3: Mixes with other operators
This column shows if one operator can be mixed together with another operator to get more accurate results.
Let’s say for example you are searching for a page which has the title “Cashmoney” and the site’s domain is googletez.com< so you can construct a query like this:
intitle:"Cashmoney" site:googletez.com
and it will give you the expected results.
But remember there are operators like allintitle, allinurl, link which don’t play well with the others. That means they need to used alone instead of mixing with others.

Column 4: Can be used alone?
There are some operators like filteype and daterange that can’t be used alone. They need another operator to get a valid query. Excluding these two, all the others can work solitary.

Column 5: Does search work in?
Now when we search for anything on Google, we can see the search results for each type. Like the image related to that term or different results existing in the Groups or News tab.
Now don’t think that the advanced keywords are able to search seamlessly in all the result types. There are some operators which won’t do a search in Images and provide the results from the other three only Web, Groups and News and vice-versa. It just depends on your need.

As you can see, you can do a lot of fun stuff through this google dorks. Basic site crawling, port scanning(though it won’t be accurate like Nmap), dumping of SQL databases with usernames and passwords are just the tip of the iceberg.

This is not just for penetration testing purposes only. It is a fun thing to learn. You can download songs, games and what not with the proper use of these operators. They can save a lot of time instead of going through each and every link and going to the other if that didn’t serve the purpose.

There are many sensitive pieces of information still on the open web. Information like Credit card numbers(along with their expiry date and CVV number), administrative usernames and passwords for a firewall company, police department records, employees email id and passwords for a certain company and many more.
Google hacking has no bounds and people are trying different types of queries and getting different interesting results. Now if you want to see a list of different queries, people in Offensive Security has posted that out for the public. Check out the below link for that
Google Hacking Database

As for beginners, the best way to start learning it is to read this book Google Hacking for Penetration Testers and practice alongside it. It’s a thin book and you can learn many tips and tricks from there. You can get the pdf from here.

Also, don’t forget to check youtube as there are many small videos illustrating how to use Google Advanced Operators if you get stuck anywhere. So give this topic a try and some time. It will get perfect with time. In any case, if you face any problems or have any queries feel free to comment below.

Until then, Start Hacking and Keep Learning..:)