Google Hacking
Google crawls the public websites and caches it. It can sometimes caches sensitive information too. Google hacking literally doesn't mean hacking the Google servers. It simply means harvesting the information by making the smart use of Google. The various dorks and operators that can be used to harvest information Google are like site, intitle, inurl, filetype, link as well as +, -, “ ”, * and .
A person Johnny Long aka grandfather of Google hacking has made a huge database to intelligently make use of the power of Google. He has a website as http://www.hackersforcharity.org/ ghdb.
Fig. Hackers For Charity website logo
As well as tons of tools like FOCA, Gooscan, siteDigger, Wikto, Firefox Add-ons like AdvanceDork and PassiveRecon can be used.
Deliverables:
We can use following Google dorks or operators while searching on
the Google.
1. To search only specific types of file
Ex. --> hacking filetype:pdf
2. To search web page title
Ex. --> intitle:index of master passwd
3. To search specific URL
Ex.--> inurl:etc/passwd
4. To search specific website
Ex. --> india site:gov budget
5. To search links to the pages
Ex. --> link: www.somaiya.edu
6. Phrase search
Ex. --> “Ethical Hacking”
7. Operator search
Ex. --> ethical + hacking