pen testing the web with firefox: google hacking

8/14/2019 Pen Testing the Web with Firefox: Google Hacking

1/61

Pen Testing the Web

with Firefox: GoogleHacking

Michael theprez98 Schearer


2/61


3/61


4/61

4

Google hacking

n Complex search engine queries to filter throughlarge amounts of search results for information

n Combination of advanced operators and specificsearch terms

n Possibly locate private, sensitive information aboutothers, such as credit card numbers, site

vulnerabilities, usernames and passwords


5/61

5

General search basics

n Every word matters

n Searches are case-insensitive

n Punctuation is generally ignored

n Think how the page you are looking for will be written

n Describe what you need in as few terms as possible

n Choose descriptive words


6/61

Special search characters

n ( this text ) Phrase search; proper names

n ( + ) Force inclusion of certain words

n ( - ) Find results without certain words

n ( ~ ) Find synonyms

n ( | ) boolean OR

n ( .. ) Find results in a specific number range

n

( * ) Fill in the blanks (whole word wildcard)


7/61

7

Google advanced operators

n Query words that have special meaning toGoogle

n These operators modify the search insome way, or tell Google to do a totallydifferent type of search

n Not all of Googles advanced operatorsare documented


8/61

inanchor:

n Restricts the results to pages containingthe query terms you specify in the

anchor text or links to the page

allinanchor:

nRestricts results to pages containing allquery terms you specify in the anchor text

on links to the page


9/61

intext:

n Restricts results to documents containingthe search term in the text

allintext:

Restricts results to those containing allthequery terms you specify in the text of the

page


10/61

intitle:

n Restricts results to documents containingthe search term in the title

allintitle:

Restricts results to those with allof thequery words in the title


11/61

inurl:

n Restricts results to documents containingthat word in the url

allinurl:

Restricts results to those with allof thequery words in the url

i titl lli titl


12/61

inurl, allinurl

intitle, allintitle

intext, allintext


13/61

inanchor, allinanchor


14/61

author:

n Restrict your Google Groups results toinclude newsgroup articles by the author

you specifyn can be a full or partial name or email

address


15/61


16/61

cache:

n Display Googles cached version of a webpage instead of the current version of

the pagen Google will highlight terms in your query

that appear after the cache: search

operator


17/61

images loaded


18/61


19/61

no images


20/61


21/61

Greasemonkey

n Allows you to customize the way awebpage displays using small bits of

JavaScriptn Thousands of installable scripts are

located at userscripts.org

n

Google Cache Continue Redux insertscache links on Google cache pages


22/61


23/61

define:

n Shows definitions from pages on the webfor the term that follows

n Useful for finding definitions of words,phrases, and acronyms


24/61

filetype:

n Restrict the results to pages whose namesend in the extension you specify

n ext: is the same as filetype:


25/61

group:

n Restrict your Google Groups results tonewsgroup articles from certain groups


26/61

info:

n Presents information about thecorresponding web page

n id: is the same as info:


27/61


28/61

insubject:

n restrict articles in Google Groups to thosethat contain the terms you specify in the

subject


29/61


30/61

link:

n Shows pages that point to the specified url

n You cannot combine a link: search with a

regular keyword search


31/61

location:

n Specific to Google News

n Returns only articles from the location you

specify


32/61


33/61

movie:

n Find movie-related information

n Entering a location will provide showtimes

and theater locations


34/61


35/61

phonebook:

n Shows all public U.S. residence telephonelistings (name, address, phone number)

for the person you specify


36/61


37/61

related:

n lists web pages that are similar to the webpage you specify

n Do not include a space between therelated: and the web page url


38/61


39/61

site:

n Restricts results to those websites in agiven domain


40/61

source:

n Specific to Google News

n restrict your search to articles from the

news source with the ID you specifyn


41/61


42/61

weather

n Returns the current weather and forecastwhen followed by a city, location name,

or ZIP code


43/61


44/61

Advanced Dork

n Gives quick access to Google's Advanced Operators directlyfrom the context menu

n Right click anywhere on the page with no text selected to beprovided with the active pages HTML title for use with

Google's intitle Operator, and the active pages HTML ALTtags for use with Google's allintext Operatorn Right click on a link and choose from site: links domain, link:

this link, and cache: this linkn Right click the URL Bar and choose from site, inurl, link, and

cache; inurl works with the highlighted portion of text onlyn Selecting an option will open the relevant Google search in a

new tab


45/61


46/61


47/61


48/61


49/61

Google Hacking Database

n The Google Hacking Database is acollection of saved searches using

Google Advanced Operators that locateprivate information including usernames,passwords and other sensitive data

n Johnny Longs GHDB is the most(in)famous, but not the only one


50/61


51/61


52/61


53/61


54/61

nacnac06


55/61


56/61


57/61


58/61


59/61

Authors and add-ons

n Nancy Blachman (www.googleguide.com)

n Johnny Longs Google Hacking Database (

www.hackersforcharity.com/ghdb/)n CP (Advanced Dork)

n Anthony Lieuallen, Aaron Boodman, JohanSundstrm (Greasemonkey)

n Jeffery To (Google Cache Continue Redux)
http://www.googleguide.com/http://www.hackersforcharity.com/ghdb/http://www.hackersforcharity.com/ghdb/http://www.googleguide.com/


60/61

Questions?


61/61

Try these searches

n google chuck norris -> Im Feeling Lucky

n Google Suggest:

why is theregoogle is

i want

chuck norris cannorway is

pen testing the web with firefox: google hacking

Documents