Google hacking is an important part of footprinting. Google contains a lot of data and this data can be used to gather some information and can be used to find loopholes in web applications. At first glance, the word google hacking seems to be hacking google, right? But there is nothing like that. We call it Google hacking because we will be getting some desired result by typing some commands in google. Normally when we search anything on google it only shows filtered content. But when we attach some keywords with the query then it will give you a completely different result.
For instance, the intitle:”index of” filetype:sql query will list SQL files (
filetype:sql) available that have been indexed by Google on websites where directory listing is enabled (
If you open any link you will see parent directory which contains sql files.
here are other examples also.
- query– site:example.com. This query will limit the result to the specific domain name. For instance, if we replace example.com by facebook.com then we will see all the results related to facebook.
|site:||Limit the search query to a specific domain or web site.||
|filetype:||Limit the search to text found in a specific file type||
|link:||Search for pages that link to the requested URL||
|cache:||Search and display a version of a web page as it was shown when Google crawled it.||
|intitle:||Search for a string text within the title of a page.||
|inurl:||Search for a string within a URL||
There is one easy way to search file type in google. For example, if you want to download any book. This book can be of any extension like pdf, txt,zip,doc etc. You can download google hacking tool and can find any type of file from google. Here is screenshot
In the search bar, I typed ccna and selected type book. Then by clicking on search we get this result
Now just click on any link and you can download thousands of books. This is how hackers collect study material. You can try different file type also.
So this is all about google hacking. This is just intro but you can go into depth as much as you want. Try different queries and explore more new ways to collect data and find vulnerabilities in web applications. But keep in mind that always do legal work and the fun fact is you can earn money by finding loopholes in websites and once you find that you can inform the website owner. You will get a reward for your work.