Google is world’s most popular and powerful search engine which has the ability to accept pre-defined commands as inputs and produce unbelievable results.
This enables malicious users like hackers, crackers, and script kiddies etc. to use Google search engine extensively to gather confidential or sensitive information which are not visible through common searches.
Here I will cover how we use Google o find exploiting security vulnerabilities within websites and how the security professionals must take into account to prevent such information disclosures.
1. Using Advance Search Query:
- site : restricts results to sites within the specified domain
Ex: site:google.com Hackillusion will find all sites containing the word Hackillusion, located within the *.google.com domain
- intitle : restricts results to documents whose title contains the specified phrase
Ex: intitle:Hack illusion will find all sites with the word Hack in the title and illusion in the text
- allintitle : restricts results to documents whose title contains all the specified phrases
Ex: allintitle:hack illusion will find all sites with the words hack and illusion in the title.
- inurl : restricts results to sites whose URL contains the specified phrase
Ex: inurl:hack illusion will find all sites containing the word hack in the text and illusion in the URL
- allinurl : restricts results to sites whose URL contains all the specified phrases
Ex: allinurl:hack illusion will find all sites with the words hack and illusion in the URL.
- filetype, ext : restricts results to documents of the specified type
Ex: filetype:pdf hacking will return PDFs containing the word hacking,
- numrange : restricts results to documents containing a number from the specified range
Ex: numrange:1-100 joke will return sites containing a number from 1 to 100 and the word joke. The same result can be achieved with 1..100 joke.
- link : restricts results to sites containing links to the specified location
Ex: link:www.google.com will return documents containing one or more links to www.google.com
- inanchor : restricts results to sites containing links with the specified phrase in their descriptions
Ex: inanchor:Hacking will return documents with links whose description contains the word Hacking(that’s the actual link text, not the URL indicated by the link)
- allintext : restricts results to documents containing the specified phrase in the text, but not in the title, link descriptions or URLs
Ex: allintext:”hack illusion” will return documents which contain the phrase hack illusion in their text only
- + : specifies that a phrase should occur frequently in results
Ex: +hacking will order results by the number of occurrences of the word hacking.
- - : specifies that a phrase must not occur in results
Ex: -hacking will return documents that don’t contain the word hacking
- “” : delimiters for entire search phrases (not single words)
Ex: “Hack Illusion” will return documents containing the phrase Hack Illusion
- | : logical OR “hack illusion” | hackillusion will return documents containing the phrase hack illusion or the word hackillusion.
2. For Hacking Security Camera:
There are many camera or security camera which are monitored for any illegal activity are connected to an Internet, through Google we can search the camera and watch live video.
intitle:”Live View / – AXIS”
3. Access Personal Details (email, mobile etc.):
Many of us are uploaded resume or cv on internet. so through Google we access those cv or resume to find any personal details.
intitle:”curriculum vitae” “phone *” “address *” “e-mail”
4. Using “Index of ” syntax to find sites enabled with Index browsing:
A webserver with Index browsing enabled means anyone can browse the webserver directories like ordinary local directories. Here I shall discuss how one can use “index of” syntax to get a list links to webserver which has got directory browsing enabled. This becomes an easy source for information gathering for a hacker. Imagine if the get hold of password files or others
sensitive files which are not normally visible to the internet. Below given are few examples using which one can get access to many sensitive information much easily.
Index of /admin
Index of /password
Index of /mail
“Index of /” +passwd
“Index of /” +password.txt
“Index of /” +.htaccess
5. To search for sites vulnerable to Cross-Sites Scripting (XSS) attacks:
We can search the vulnerable for application-layer web attacks.
6.To search for sites vulnerable to SQL Injection attacks:
Through google we find the vulnerable site for sql injection attack.
7. Other similar search using “intitle:” or “allintitle:” combined with other syntaxs:
intitle:”Index of” .sh_history
intitle:”Index of” .bash_history
intitle:”index of” passwd
intitle:”index of” people.lst
intitle:”index of” pwd.db
intitle:”index of” etc/shadow
intitle:”index of” spwd
intitle:”index of” master.passwd
intitle:”index of” htpasswd
intitle:”index of” members OR accounts
intitle:”index of” user_carts OR user_cart
allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov