Search Engine Hacking
Created On 21. Jan 2020
Updated: 2021-05-01 23:44:12.542730000 +0000
Created By: acidghost
Google Hacking is a very useful skill, not just for bad and good hackers, but all of us.
It allows to look for exact files and extensions you need, research subdomains of a website, and much more.
Some examples:
site:microsoft.com
- will show everything only from this domain
intitle:tomatoes
- what you see in a part of the title of the website
inurl:
- what should be contained in the whole URL of the search.
intext:
- this indicates the part of the text that you are looking for.
ext:pdf
- will show you results that contain the extension pdf.
" "
- only, for example "duck can fly", will show you results which contain only this phrasing.
subdomain enumeration example:
site:microsoft.com inurl:*.microsoft.com -inurl:www*
enumerate all subdomains without the 'www' at the beginning. Further specify that we are looking for any subdomain on Microsoft.com with the wildcard "*", which means 'take all'. Prepending it to take all within our URL, will output us all Microsoft.com subdomains.
Get a book on hacking like this:
Inurl: hacking ext:pdf
More reference:
- www.exploit-db.com/google-dork/ - database with exposed google vulnerabilities
- Google Hacking by Stach & Liu - great book to get started
- http://www.mrjoeyjohnson.com/Google.Hacking.Filters.pdf -another cool book
- https://www.blackhat.com/presentations/bh-usa-05/bh-us-05-long.pdf - and another one
- https://exposingtheinvisible.org/guides/google-dorking/ - info on google dorking
- https://gist.github.com/heiswayi/641201f3bac04168108a - Reference google on hacking syntax
- https://habr.com/ru/post/283210/ - dorking from Ural Uni. The actual doc https://github.com/USSCltd/dorks
Tools
Metagoofil
Uses google to gather metadata information within files on a website. It is not installed by default, so you will need to type in
$ sudo apt-install metagoofil
Then execute it
#$ metagoofil
As an example try to run against a target domain:
$ ./metagoofil.py -d targetdomain -l 10 -f all -o test.html -t test
This will collect information from all files, and limit to 10 the download of each type. Everything will be saved in a test.html file under a test folder.
goorecon
Goorecon is a tool for subdomain and email enumeration written in Ruby. It uses Google to obtain all the information. It seems the last available version was back in Backtrack 4 and cannot be directly obtained anymore in Kali. In case you still like playing with the old version you can start it like this:
$ ./goorecon.rb -s target-domain
To obtain a list of subdomains
$ ./goorecon.rb -e targetdomain
Will give you a list of emails from the respective target domain.
Theharvester
The theharvester tool is an e-mail accounts, username, and hostname/subdomains gathering tool. It collects the information from various public sources. As of version 3.0 the public sources supported are:
• Google
• Bing
• PGP
• Linkedin
• Yahoo
• Twitter
• Netcraft and others.
Fire:
$ the harvester -d microsoft.com -l 5 -b google
This will Output 6 Microsoft hosts given by the google engine.
Goofile
This is a very simple file enumeration tool that looks for files on domains with the google engine.
Type:
$ goofile -d microsoft.com -f pdf
And you will get all pdf files from microsoft.com
Check out later articles for more tools that gather information on our networks.
Section: Web
Back