Millions of Google searches happen daily as it is one of the main players in the search engine arena. More and more users have gravitated to use Google’s services and hackers have tagged along. According to Acunetix.com, Google hacking is the term that is used when a hacker tries to find exploitable targets and sensitive data by using search engines. Then using the Google Hacking Database (GHDB) the hacker will attempt to identify sensitive data that can be exploited. The Google Hacking Database is used for querying the wide reach of the Google search engine. In this database you can find search terms for files containing usernames, vulnerable servers, and even files containing passwords.

Now you might be thinking that Google hacking is something for the professional hackers and that this Google hacking technique does no good for the average end user. But that is far from the truth, in fact, these techniques that will be discussed can be used by anybody and everybody and can be very beneficial in being able to get the most out of the powerful search engine that Google is.

Now you must know, there are entire books dedicated to Google searching and Google hacking and if this area sparks an interest for you I recommend checking out Johnny Long’s book, Google Hacking for Penetration Testers or Michael Bazzell’s book, Open Source Intelligence Techniques. Now let’s dig in by starting with advanced operators.

Advanced Operators
• Advanced operators help to refine searches.
• Advanced operators are included as part of a standard Google query.
• They use a syntax such as: site:searchterm or linkto:searchterm
(remember: there is no space between the operator, the colon, and the search term. Search term meaning the item of interest that you are searching for.)

Google (and other search engines such as Bing) will use these operators within a search string to perform a specific function and increase the effectiveness of a search. This operator is text that is added to the search. Now, there are many different operators that can be used and this picture provided by Blackhat.com does a great job of listing possible operators, their purpose, and more. We will focus on the site, filetype, and inurl operators.

Site Operator
The ‘site’ operator will only provide results of pages located on a specific domain and it will provide all of the results containing the search terms on that domain. So by using the site operator you are then able to find every page that is part of a specific domain. This can be very beneficial because it eliminates the time barring process of attempting to navigate an entire site and the error prone process of clicking around within the entire website. It might also result in finding some of the pages on a website that the author considers private but are actually public if the author ever linked to them from a public page. You can also use the site operator to search a given domain that includes a reference to a specific person, place, thing, etc. So this search would look like the following example:
site:givendomain.com Joe Johnson

Filetype Operator
The ‘filetype’ operator can identify any file by the file type within any website. You can even combine the filetype operator with the site operator to find all files of any type on a single domain. So for example, check out the following in which you are searching givendomain.com for all PDF files. These files could then be downloaded and archived.
site:givendomain.com filetype:pdf

The following includes common document file types and the associate file extensions that you can search for.
Microsoft Excel – XLS, XLSX, CSV
Microsoft Word – DOC, DOCX
Microsoft PowerPoint – PPT, PPTX
Adobe Acrobat – PDF
Text File – TXT, RTF
Open Office – ODT, ODS, ODG, ODP
Word Perfect – WPD

InURL Operator
Finally, the ‘inurl’ operator will allow us to focus on the data within the URL or address of the website. Using this operator combined with another can produce a very powerful search. Check out the following example that would be used to find File Transfer Protocol (FTP) servers that allow anonymous connections. This example would be used to identify any FTP servers that possess PDF files that contain the term cybersecurity within the file.
Inurl:ftp -inurl:(http|https) filetype:pdf cybersecurity

Now let’s break this down, step by step:
1. Inurl:ftp – This will tell Google to only display addresses that contain “ftp” in the URL.
2. -inurl:(http|https) – This instructs Google to ignore any addresses that contain either http or https in the URL.
3. Filetype:pdf – This tells Google to only display PDF documents.
4. Cybersecurity – This instructs Google to look for that exact term (cybersecurity) within the content of the results.

Article Written By: Chad Gutschenritter

www.offensive-security.com
www.acunetix.com
www.blackhat.com
Open Source Intelligence Techniques by Michael Bazzell
Google Hacking for Penetration Testers by Johnny Long