What is google hacking? Ultimate guide to footprinting

Google hacking is an important part of footprinting. Google contains a lot of data and this data can be used to gather some information and can be used to find loopholes in web applications.  At first glance, the word google hacking seems to be hacking google, right? But there is nothing like that. We call it Google hacking because we will be getting some desired result by typing some commands in google. Normally when we search anything on google it only shows filtered content. But when we attach some keywords with the query then it will give you a completely different result.

For instance, the intitle:”index of” filetype:sql query will list SQL files (filetype:sql) available that have been indexed by Google on websites where directory listing is enabled (intitle:"index of").

techyunk

If you open any link you will see parent directory which contains sql files.

here are other examples also.

  1.  query– site:example.com. This query will limit the result to the specific domain name. For instance, if we replace example.com by facebook.com then we will see all the results related to facebook.

techyunk

More queries

Advanced Operator Description Examples
site: Limit the search query to a specific domain or web site.
  • site:example.com
filetype: Limit the search to text found in a specific file type
  • mysqldump filetype:sql
link: Search for pages that link to the requested URL
  • link:www.example.com
cache: Search and display a version of a web page as it was shown when Google crawled it.
  • cache:example.com
intitle: Search for a string text within the title of a page.
  • intitle:”index of”
inurl: Search for a string within a URL
  • inurl:passwords.txt

There is one easy way to search file type in google. For example, if you want to download any book. This book can be of any extension like pdf, txt,zip,doc etc. You can download google hacking tool and can find any type of file from google. Here is screenshot

techyunk

In the search bar, I typed ccna and selected type book. Then by clicking on search we get this result

techyunk

Now just click on any link and you can download thousands of books. This is how hackers collect study material. You can try different file type also.

Summary

So this is all about google hacking. This is just intro but you can go into depth as much as you want. Try different queries and explore more new ways to collect data and find vulnerabilities in web applications. But keep in mind that always do legal work and the fun fact is you can earn money by finding loopholes in websites and once you find that you can inform the website owner. You will get a reward for your work.

Leave a Reply

Your email address will not be published. Required fields are marked *