Search Basics and Advanced OperatorsDURATION 2 HOURS

Key Learning Objectives

1. Learn the value of keywords and how to use them

2. Understand different browser options, features, and trade-off’s

3. Know the different search engines and how geolocation affects results

4. How to leverage Google’s search basics, and features beyond the text box

5. Understand Boolean operators and wildcards work with Google

6. Learn how to use advanced search operators unique to Google to reduce the noise and improve the relativity of the results returned

2

Overview

Keywords

Browser Trade-Off’s

Search Engines

Google

Basics

Alerts

Tools

Boolean Operators

Wild Cards

Advanced Searching

3

KLO 1LEARN THE VALUE OF KEYWORDS AND HOW TO USE THEM

4

Keywords

https://keywordtool.io/

Search Volume = popularity, avg/month

Trend = +/- number of searches over the last 12 months

Used in websites to boost their “rank” in Google results

DISCUSSION:

How could this be used by criminals?

How can this help identify threats or hot topics/spots?

5

KLO 2UNDERSTAND BROWSER TRADE-OFFS

6

Browsers

Brave (brave.com) = privacy-minded, open source software

Firefox (mozilla.org) = open source software, granularity

Tor Browser = accessibility challenges

Google Chrome = patched quickly

Edge (formerly Internet Explorer (IE)) = best performer & improved security

7

KLO 3KNOW THE DIFFERENT SEARCH ENGINES AND HOW GEOLOCATION AFFECTS RESULTS

8

Search Engines

http://iseek.com/#/web (categorized and grouped results)

http://search.carrot2.org/ (categorized and grouped results)

https://millionshort.com/ (great for filtering out the top # sites (up to 1 million) results so you find the “lesser known” results)

https://duckduckgo.com/ (privacy-minded and can be added to Chrome and FireFox)

https://www.startpage.com/ (privacy-minded)

https://yandex.com/ (International)

9

KLO 4HOW TO LEVERAGE GOOGLE’S SEARCH BASICS, AND FEATURES BEYOND THE TEXT BOX

10

Google Basics

All the words in the box are searched, no matter the order

Google’s wildcard, the asterisk (*), represents a single word or character in a search phrase

Google limits searches up to 32 words (wildcards not included)

11

Google Search Basics

Social media: @ in front of a word

Price: $ in front of a number

Hashtags: # in front of a word

Exact match: enclose it in double quotes " “

Exclude words: minus sign - in front of a word

Range of numbers: use two periods .. between two numbers

NOTE: DuckDuckGo (as of Oct 2019) only supports + (plus sign), - (minus sign), and “stuff” double quotes

https://sup

port.g

oogle

.com/w

ebsearch/answ

er/2466

433

12

Google: Beyond the Search Box

www.google.com/language_tools (Language Tools)

www.google.com/advanced_search (Advanced Searching)

https://www.google.com/webhp?tbm=pts (patents)

http://google.com/advanced_patent_search (patents)

https://scholar.google.com/ (case law and “academic” articles)

www.google.com/preferences (Browser settings)

http://images.google.com (Images)

http://groups.google.com (Groups)

http://video.google.com (Video)

https://trends.google.com/trends/?geo=US

https://translate.google.com/

13

Google Alerts: listen all the time

https://www.google.com/alerts

How often

Sources

Language

Region

How many results

Delivery email **be careful what you give Google**

14

Google Search Tools 15

Google Search Tools

All Results vs Verbatim: use verbatim to get rid of “fluff”

Anytime

Specific date? Use same date twice in Custom Range

Custom Range

Date indexed by Google, not the date “written”

In URL as Julian dates

Not the same as as_qdr, which is the date last updated

16

Google Reverse Image Search

http://images.google.com (Images)

https://www.google.com/advanced_image_search

17

Using Chrome:1. Right-click a picture2. Click Search Google for image

Google Advanced Search 18

Google Advanced Search: languagelr <> hl

https://www.google.com/search?hl=en&as_q=mannheim&as_epq=&as_oq=&as_eq=&as_nlo=&as_nhi=&lr=lang_de&cr=&as_qdr=all&as_sitesearch=&as_occt=any&safe=images&as_filetype=&as_rights=

19

KLO 5UNDERSTAND BOOLEAN OPERATORS AND WILDCARDS WORK WITH GOOGLE

20

Bool – e –who? Boolean Operators

The plus symbol (+) forces the inclusion of the word that follows it (or you can just put it in double quotes). Do not put a space after the symbol. FYI, everything is “anded” by default. It’s equivalent to:

AND

& (also the same as &&)

The minus symbol (-) forces the removal of results with the word that follows it. Do not put a space after the symbol. It’s equivalent to:

NOT

<>

!=

21

Bool – e –who?Boolean Operators

The pipe symbol | is the same as saying “any one of these” it is equivalent to:

OR

|| (double pipe)

Same page and within X sentences of each other

“?? /#” without the quotes and replace the pound sign with a number to indicate the number of sentences allowed for the two words to appear within each other

EXAMPLE: noriega ?? /4 president

22

https://w

ww

.quora.com

/How

-do-I-typ

e-the

-log

ical-OR

-op

erator-on-a-keyboard

https://ccm

.net/faq/56

156-how

-to-enter-a-vertical-bar-

on-mac

23

Spanish keyboard

KLO 6LEARN HOW TO USE ADVANCED SEARCH OPERATORS UNIQUE TO GOOGLE TO REDUCE THE NOISE AND IMPROVE THE RELATIVITY OF THE RESULTS RETURNED

24

Advanced Operator Format

operator:termoperator:”the phrase”operator:”the phrase” term1 term2

No space after the colonDo not capitalize the operator

25

Advanced Operatorsintitle, inurl, allintitle, allinurl

intitle: text that is found within the TITLE tags of a Hypertext Markup Language (HTML). The title is the text that appears at the top of the Web page, and you can use “intitle” to locate text in that spot

inurl: leave off the protocol ({protocol}://); leave out special characters

More headache than they are worth:

allintitle: tells Google that every single word or phrase that follows is to be found in the title of the page

allinurl: results contain all of the text that follows this operator, it does not play well with others so use it by itself

DuckDuckGo also supports intitle: and inurl:

26

Advanced Operators: link & inanchor

link: To properly use the link operator, you must provide a full URL (including protocol, server, directory, and file). It finds pages that link to other pages. cannot be used with other operators or search terms.

inanchor: searches the text representation of a link, not the actual URL Think of it as when you see “click here” and there's an actual full link programed behind the blue highlighted word here. inanchor accepts a word or phrase as an argument, such as inanchor:here.

27

Advanced Operatorsfiletype, allintext, site

filetype: ext: www.filext.org explains thousands of different file extensions and other information such as the use of specific file types. A search for filetype:pdf or ext:pdf should yield the same results. Boolean logic applied to this operator is usually flaky, so beware.

allintext: please never use this

site: Google reads Web server names from right to left. So site:army.mil finds everything .mil first, then narrows by army. And it doesn't care what's left, it'll be included in your results, so stuff.moarstuff.army.mil is a valid result even though you didn't include stuff or moarstuff in your search

DuckDuckGo also supports site: and filetype: although with fewer extensions

28

Advanced Operatorsdaterange, cache

daterange: must always be expressed as a range, in the form of two Julian dates separated by a dash. You can also choose “Tools” then set a date range from “Custom Range” in the “Any Time” drop down.

Google designed the as_qdr field to help you locate pages that have been updated within a certain time frame. daterange is not the advanced-operator equivalent for as_qdr

cache: supply a complete URL, you'll get the latest Google cached version of the page. Can be used with other operators and terms, although the results are somewhat unpredictable

29

Advanced Operatorsnumrange, info

numrange: Google ignores symbols such as currency markers and commas. Can be written as numrange:100000-150000 or without specifying numrange as 1000000..150000

info: shows the summary information for a site and provides links to other Google searches that might pertain to that site. The parameter to this operator must be a valid URL or site name. You can achieve the same functionality by supplying a site name or URL as a search query. Cannot be used with other operators or search terms.

30

Advanced Operatorsrelated, stocks, define, phonebook related: must use a valid URL or site name (leave off {protocol}://).

Cannot be used with other operators or search terms.

stocks: must be a valid stock abbreviation. Cannot be used with other operators or search terms.

define returns definitions for a search term.

phonebook: returns both residential and business, uses ALL the words that come after it, add a 2-letter state abbreviation at minimum with the name

rphonebook: (residential only)

bphonebook: (business only)

31

Credits & Resources

OSINT resource aggregations:

https://start.me/p/m6XQ08/osint

https://start.me/p/b5Aow7/asint_collection

https://osintframework.com/

https://300m.com/osint/

http://www.googleguide.com/advanced_operators_reference.html

https://developers.google.com/custom-search/v1/cse/list

https://searchengineland.com/google-power-user-tips-query-operators-48126

https://searchengineland.com/library

https://en.wikipedia.org/wiki/Google_hacking

32

OSINT resource aggregations:

https://start.me/p/m6XQ08/osint

https://start.me/p/b5Aow7/asint_collection

https://osintframework.com/

Books:

Google Hacking (volumes 1 & 2)

Open Source Intelligence Techniques (https://inteltechniques.com/books.html)

33