pen testing the web with firefox: google hacking
TRANSCRIPT
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
1/61
Pen Testing the Web
with Firefox: GoogleHacking
Michael theprez98 Schearer
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
2/61
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
3/61
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
4/61
4
Google hacking
n Complex search engine queries to filter throughlarge amounts of search results for information
n Combination of advanced operators and specificsearch terms
n Possibly locate private, sensitive information aboutothers, such as credit card numbers, site
vulnerabilities, usernames and passwords
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
5/61
5
General search basics
n Every word matters
n Searches are case-insensitive
n Punctuation is generally ignored
n Think how the page you are looking for will be written
n Describe what you need in as few terms as possible
n Choose descriptive words
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
6/61
Special search characters
n ( this text ) Phrase search; proper names
n ( + ) Force inclusion of certain words
n ( - ) Find results without certain words
n ( ~ ) Find synonyms
n ( | ) boolean OR
n ( .. ) Find results in a specific number range
n
( * ) Fill in the blanks (whole word wildcard)
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
7/61
7
Google advanced operators
n Query words that have special meaning toGoogle
n These operators modify the search insome way, or tell Google to do a totallydifferent type of search
n Not all of Googles advanced operatorsare documented
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
8/61
inanchor:
n Restricts the results to pages containingthe query terms you specify in the
anchor text or links to the page
allinanchor:
nRestricts results to pages containing allquery terms you specify in the anchor text
on links to the page
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
9/61
intext:
n Restricts results to documents containingthe search term in the text
allintext:
Restricts results to those containing allthequery terms you specify in the text of the
page
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
10/61
intitle:
n Restricts results to documents containingthe search term in the title
allintitle:
Restricts results to those with allof thequery words in the title
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
11/61
inurl:
n Restricts results to documents containingthat word in the url
allinurl:
Restricts results to those with allof thequery words in the url
i titl lli titl
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
12/61
inurl, allinurl
intitle, allintitle
intext, allintext
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
13/61
inanchor, allinanchor
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
14/61
author:
n Restrict your Google Groups results toinclude newsgroup articles by the author
you specifyn can be a full or partial name or email
address
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
15/61
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
16/61
cache:
n Display Googles cached version of a webpage instead of the current version of
the pagen Google will highlight terms in your query
that appear after the cache: search
operator
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
17/61
images loaded
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
18/61
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
19/61
no images
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
20/61
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
21/61
Greasemonkey
n Allows you to customize the way awebpage displays using small bits of
JavaScriptn Thousands of installable scripts are
located at userscripts.org
n
Google Cache Continue Redux insertscache links on Google cache pages
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
22/61
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
23/61
define:
n Shows definitions from pages on the webfor the term that follows
n Useful for finding definitions of words,phrases, and acronyms
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
24/61
filetype:
n Restrict the results to pages whose namesend in the extension you specify
n ext: is the same as filetype:
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
25/61
group:
n Restrict your Google Groups results tonewsgroup articles from certain groups
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
26/61
info:
n Presents information about thecorresponding web page
n id: is the same as info:
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
27/61
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
28/61
insubject:
n restrict articles in Google Groups to thosethat contain the terms you specify in the
subject
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
29/61
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
30/61
link:
n Shows pages that point to the specified url
n You cannot combine a link: search with a
regular keyword search
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
31/61
location:
n Specific to Google News
n Returns only articles from the location you
specify
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
32/61
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
33/61
movie:
n Find movie-related information
n Entering a location will provide showtimes
and theater locations
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
34/61
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
35/61
phonebook:
n Shows all public U.S. residence telephonelistings (name, address, phone number)
for the person you specify
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
36/61
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
37/61
related:
n lists web pages that are similar to the webpage you specify
n Do not include a space between therelated: and the web page url
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
38/61
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
39/61
site:
n Restricts results to those websites in agiven domain
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
40/61
source:
n Specific to Google News
n restrict your search to articles from the
news source with the ID you specifyn
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
41/61
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
42/61
weather
n Returns the current weather and forecastwhen followed by a city, location name,
or ZIP code
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
43/61
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
44/61
Advanced Dork
n Gives quick access to Google's Advanced Operators directlyfrom the context menu
n Right click anywhere on the page with no text selected to beprovided with the active pages HTML title for use with
Google's intitle Operator, and the active pages HTML ALTtags for use with Google's allintext Operatorn Right click on a link and choose from site: links domain, link:
this link, and cache: this linkn Right click the URL Bar and choose from site, inurl, link, and
cache; inurl works with the highlighted portion of text onlyn Selecting an option will open the relevant Google search in a
new tab
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
45/61
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
46/61
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
47/61
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
48/61
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
49/61
Google Hacking Database
n The Google Hacking Database is acollection of saved searches using
Google Advanced Operators that locateprivate information including usernames,passwords and other sensitive data
n Johnny Longs GHDB is the most(in)famous, but not the only one
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
50/61
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
51/61
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
52/61
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
53/61
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
54/61
nacnac06
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
55/61
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
56/61
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
57/61
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
58/61
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
59/61
Authors and add-ons
n Nancy Blachman (www.googleguide.com)
n Johnny Longs Google Hacking Database (
www.hackersforcharity.com/ghdb/)n CP (Advanced Dork)
n Anthony Lieuallen, Aaron Boodman, JohanSundstrm (Greasemonkey)
n Jeffery To (Google Cache Continue Redux)
http://www.googleguide.com/http://www.hackersforcharity.com/ghdb/http://www.hackersforcharity.com/ghdb/http://www.googleguide.com/ -
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
60/61
Questions?
-
8/14/2019 Pen Testing the Web with Firefox: Google Hacking
61/61
Try these searches
n google chuck norris -> Im Feeling Lucky
n Google Suggest:
why is theregoogle is
i want
chuck norris cannorway is