Google hacking

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 84.20.17.84 (talk) at 11:29, 21 February 2007 (Code search. format. links). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Google hacking is a term that refers to the art of creating complex search engine queries in order to filter through large amounts of search results for information related to computer security. In its malicious format it can be used to detect websites that are vulnerable to numerous exploits and vulnerabilities as well as locate private, sensitive information about others, such as credit card numbers, social security numbers, and passwords. This filtering is performed by using advanced Google operators [1], [2]. While Google was the original tool of the Google hackers, many of the tactics and operators can be used on other search engines, such as MSN Search and Yahoo.

Basics

Google Hacking involves using Google operators to locate specific strings of text within search results. Some of the more popular examples are using Google to find specific versions of vulnerable Web applications. The following search query would locate all web pages that have that particular text contained within them. It is normal for default installations of applications to include their running version in every page they serve, e.g. "Powered by XOOPS 2.2.3 Final"

The following search query will locate all websites that have the words "admbook" and "version" in the title of the website. It also checks to ensure that the web page being accessed is a PHP file. 

intitle:admbook intitle:version filetype:php

Another technique is searching for insecure coding practices in the public code indexed by Google Code Search or other source code search engines.

Google hacking publicity

Google hacking has spread due to the widespread publicity of presentations and instructional guides, such as those conceived by Johnny Long. Long, who goes by the aliases of j0hnny and Johnny Hax, maintains the Google Hacking Database in which many known Google Hack strings are stored for public perusal. Long is also the author of Google Hacking for Penetration Testers [3] and has presented numerous presentations on Google Hacking at DEF CON, the Black Hat Briefings, and ShmooCon.

Stub icon

This computing article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Google_hacking&oldid=109791743"