Google Hacking is the method to access information that’s publicly available, but not intended for public distribution. Using certain intelligent search techniques, one can land unexpected results on Google search page. Here, we’ve compiled a list of the most popular Google Hacking techniques mentioned in NSA’s hacking eBook. These methods include the use of file types, stock phrases, numrange etc. in the search process.
Inthe past, we have told you about many Google search tricks and tips to up your game and find content effectively on the web. The government cyber spies and hackers also use these search engines to extract useful information.
Obviously, these search tricks are a little bit more advanced. Back in 2013, the National Security Agency released an eBook, uncovering new methods to search the intelligence information on the web.
Named Untangling the Web: A Guide to Internet Research, this 643-page guide is full of useful advice regarding how to use the Internet Archive, search engines, public websites etc. The most interesting part of this book is titled “Google Hacking”.
What is Google Hacking? How does it work?
The NSA’s guide describes Google ( or any search engine) Hacking as follows:
“Google hacking” involves using publicly available search engines to access publicly available information that almost certainly was not intended for public distribution.”
It’s basically a clever and legal method of finding information that’s not available on the public internet.
If you want to understand how Google Hacking works, you need to read how search engines work. Thanks to its spiders, a search engine like Google can access and index all the parts of a website if a “door” is open. With the help of aRobot.txt file, webmasters have the power to restrict the search engine spiders.
Very often a webmaster fails to configure the Robot.txt file properly. This situation worsened a couple of years ago when Google started indexing file types like PDF, Word, Excel, Access, Excel etc.
Many of the organizations still don’t prevent their sensitive data and files. Thus, tons of useful information is bound to appear in Google’s database.
The information accessed using Google Hacking:
What if I tell you that you can get your hands on a plenty of shocking information using Google hacking? This data usually falls under these categories:
Common Google Hacking techniques:
These techniques are an excellent and unconventional method to discover sensitive information. Let’s tell you about some of the most common ones.
Many websites and organizations store their financial, personnel, etc., data in Microsoft Excel format. So, here’s how you need to look for some sensitive information of a South African company. Don’t forget to include keywords like Confidential, Budget etc.
Use stock words and phrases:
Along with file types like Excel, Word, or PowerPoint, you are also advised to use stock words and phrases like do not distribute, confidential, proprietary, not for distribution, etc.
Look for files containing login information:
You need to search for files containing login, password, and userid information. It’s interesting to note that even foreign websites usually use these terms in English. So a search for a spreadsheet file might look like:
Misconfigured web servers:
Very often Google contains directories that are not intended to be on the web. In Google Hacking, these servers provide a rich set of information. To exploit this error, one should use this format:
NSA describes Numrange search as one of the “scariest searches available through Google. It uses 2 number separated by 2 dots and no spaces. A user can use it with search keywords and other search options. For example:
For more detailed information on these searches, you read the Google Hacking chapter in NSA’s eBook.
Google Hack to search inside websites requiring registration:
Very often some websites ask you to register to view its contents. For that, you can use Google hacking to view contents without registration. You can try these queries or something similar:
Search in the native language:
With more and more people on the internet, people are becoming lesser dependent on English. Now millions of websites don’t use languages written in the Latin alphabet. So, a search made in native language has the more probability of returning the expected result.
The NSA eBook explains more techniques that could be applied to any search engine. You can find the eBook here and learn some new Google Hacking tricks.
Love Hacking And Pentesting? Get Started Here
Did you find this article interesting? Don’t forget to drop your feedback in the comments section below.
FROM AROUND THE WEB
Sit back, relax and watch the 30-foot wolf and 1,000-pound gorilla wreck Chicago as the 1986 arcade game comes to life. (adsbygoog
In the week leading up to Thanksgiving, I talk to many patients about how to approach the big day in a way that balances their two competing prioritie
Senators Mark Warner (Va.) and Amy Klobuchar (Minn.) created a Facebook page for a fictional political group — Americans for Disclosure Solution
he newest, most outrageous, “super extreme” idea from Lamborghini is a box. Well, metaphorically. The Italian supercar giant unveiled a
Apple plans to give developers more freedom over the introductory pricing levels of in-app subscriptions. As referenced in the iOS 11.2 beta release n
After many years of fighting in the courts, Apple has finally claimed victory over Samsung to the count of $120 million. The case revolved aro