Google hacking, also known as Google Dorking, is an information-gathering technique in which an attacker uses advanced Google searching strategies to obtain information. Hacking search searches on Google can be used to find security flaws in web applications.
assemble data for arbitrary or specific audiences Error messages containing sensitive information can be found. find files containing passwords and other critical information
An attacker might use an advanced search string to look for a vulnerable version of a web application or a certain file type (.pwd,.sql…) to narrow down the results.
The search can also be limited to certain pages on a website. Alternatively, it can search all websites for specified information. providing a list of websites where the information can be found
The following search query, for example, will return a list of SQL files. (filetype:sql) on websites with directory listing enabled that have been indexed by Google (intitle:”index of”).
intitle:”index of” filetype:sql
Similarly, the following search query will provide phpMyAdmin installations that are publicly available.
“phpMyAdmin” “running on” inurl:”main.php”
Logical operators and symbols in Google Search Attackers can use logical operators like AND to their advantage. Operators like – and *, as well as NOT and OR (case sensitive). Additional information on these operators can be found in the table below.
|AND or +||Used to include keywords. All the keywords need to be found.||web AND application AND securityweb +application +security|
|NOT or –||Used to exclude keywords. All the keywords need to be found.||web application NOT securityweb application –security|
|OR or |||Used to include keywords where either one keyword or another is matched. All the keywords need to be found.||web application OR securityweb application |security|
|Tilde (~)||Used to include synonyms and similar words.||web application ~security|
|Double quote (“)||Used to include exact matches.||“web application security”|
|Period (.)||Used to include single-character wildcards.||.eb application security|
|Asterisk (*)||Used to include single-word wildcards.||web * security|
|Parenthesis (())||Used to group queries||(“web security” | websecurity)|
Operators for advanced searches
The sophisticated Google operators help users refine their search results even more. Advanced operators have the following syntax.
The operator, the colon (:), and the intended keyword to be searched are all part of the syntax. Double quotations (“) can be used to insert spaces.
The above pattern is recognised by Google search, which limits the search based on the information provided. Take, for example, the previously described search query. intitle:”index of” filetype:sql.
Google will look for a string in a website’s title (the default title used by Apache HTTP Server for directory listings) and will limit the search to SQL files that Google has indexed.
The table below contains a list of sophisticated operators for locating insecure websites. See Google’s Advanced Search page for more search operators.
|site:||Limit the search query to a specific domain or website.||site:example.com|
|filetype:||Limit the search to the text found in a specific file type||mysqldump filetype:SQL|
|link:||Search for pages that link to the requested URL||link:www.example.com|
|cache:||Search and display a version of a web page as it was shown when Google crawled it.||cache:example.com|
|intitle:||Search for a string text within the title of a page.||intitle:”index of”|
|inurl:||Search for a string within a URL||inurl:passwords.txt|
Defending Against Google Hacking
Google hacking is merely a reconnaissance technique used by attackers to identify potential vulnerabilities and misconfigurations. As a result, you should evaluate websites and web apps for vulnerabilities and misconfigurations before fixing them. Not only does this eliminate the chance of enumeration, but it also eliminates the risk of exploitation.
Routine manual testing of vulnerabilities that can be found through a Google search is, of course, tedious and time-consuming. A complete automated web vulnerability scanner, on the other hand, excels at this type of activity.
The following is an example of a Google Hacking query to locate PHPinfo files that have been exposed.
“PHP Credits” “Configuration” “PHP Core” filetype:php inurl:info
In Acunetix, scanning a website with an exposed PHPinfo file would result in the following results.
However, in an ideal world, such files would be deleted. if these pages are necessary in any way. You should use HTTP Authentication, for example, to limit access to these pages.