Theme images by MichaelJay. Powered by Blogger.

Followers

Subscribe Via Email

Sign up for our newsletter, and well send you news and tutorials on web design, coding, business, and more! You'll also receive these great gifts:

AD (728x60)

Follow on Google+

Recent Posts

Popular Posts

Pages

Follow on Facebook

Flickr Images

A Theme For

Follow Me on Facebook.com

Flickr Photos

Featured Post (TOP)

Like Us

Popular Posts

Monday, 23 March 2015

Google Dorks Part 1

 


USING “GOOGLE DORKS”  For reconnaissance
Part-1

Google hacking is indeed the best way for passive reconnaissance. The best part is you cannot be traced! Those who are new to the phase “Google Dorks” let me give you an introduction to Google search engine and Google dorks.
Google is the most used search engine in this world because of it’s most efficient response. Google has some bots which crawl all over the net and copy almost all content available on databases to Google’s database. Therefore, it gives you the response when you type a word on Google search, it just checks its database and gives the response as you desire!


Hackers that desire to use the Google search engine for reconnaissance purpose need to know Google Basics such as modifiers and operators.
Principal search modifiers are:
Modifier
Description
+
Requires a term to match exactly
-
Avoid results that match the term
*
Wildcard
“”
Search for a specific phase

While then principal search operators are:
Search Operators
Description
Allintext
If you start your query with allintext:,Google restricts results to those containing all the query terms you specify in the text of the page. 
Allintitle
If you start your query with allintitle:, Google restricts results to those containing all the query terms you specify in the title.
Allinurl
If you start your query with allinurl:, Google restricts results to those containing all the query terms you specify in the URL.
Filetype
If you include filetype:suffix in your query, Google will restrict the results to pages whose names end in suffix. For example, [user guide filetype:pdf ] will return Adobe Acrobat pdf files that match the terms “user” “guide” . filetype is very useful for finding “hidden” documents and commonly exploited file types. Typical searches for vulnerabilities (eg. Searching for vulnerable scripts and files) include suffixes php, cgi, jsp, swf and asp.
Intext
The query intext:term restricts results to documents containing term in the text. Intext allows to find pages containing known phrases.
Intitle
The query intitle:term restricts results to documents containing term in the title. Using intitle it is possible to find pages with common titles (e.g. “Administrator”).
Inurl
If you include inurl: in your query, Google will restrict the results to documents containing that word in the URL.
Site
If you include site: in your query, Google will restrict your search results to the site or domain you specify. For example, [ privacy: www.nsa.gov ] will show privacy information from NSA site and [ privacy: gov ] will find pages about peace within the .gov domain.  The site: operator is useful to locate files within a specific domain and allows also to search all its indexed. During the attack phase site: is useful to map all services provided by the target.

Combining the above operators and modifier it is possible to execute complex queries, let’s think to be interested to search for email applications present on the website to submit a communication to site management. Analyzing the following table it is possible to note the improvement in the quality of the research obtained combining the Google operators.

Searched string
Number Results
[formmail.cgi]
232.000 results
[inurl:formmail.cgi]
3.940 results
[inurl:formmail.cgi filetype:cgi]
5.920 results
[inurl:formmail.cgi filetype:cgi]
56 results


You would see an amazing  use of these dorks in my next post "USING “GOOGLE DORKS”-FOR RECONNAISSANCE
PART-2" 


Hope it would have been informative for you,and I would like to thank you for visiting.



Disclaimer:
 All the information provided on this site are for educational purposes only. The site is no way responsible for any misuse of the information.Please read the Disclaimer before using this Information anywhere.

Author:Vivek Yadav

No comments:
Write comments

Interested for our works and services?
Get more of our update !