Google Hacking Cheat Sheet - Summary
Google hacking is a powerful technique that employs advanced operators in the Google search engine to uncover specific sections of text on websites, often pointing out security vulnerabilities. With Google hacking search queries, you can spot potential security risks in web applications, gather information about targets, and reveal error messages that could disclose sensitive details—like files containing credentials and other crucial data.
For instance, a search query like `title:admbook intitle:Fversion filetype:php` helps find PHP web pages that include both “admbook” and “Fversion” in their titles. This suggests the existence of the PHP-based guestbook Admbook, known for its code injection vulnerability. It’s common for default setups of applications to display their running version on every page. For example, “Powered by XOOPS 2.2.3 Final” can be an indicator to discover websites using outdated and vulnerable versions.
Useful Google Hacking Techniques
Google Hacking Cheat Sheet
- “inurl: domain/” “additional dorks”
- inurl = the URL of a site you want to query
- domain = the domain for the site
- dorks = the sub-fields and parameters that a hacker wants to scan
- link = Find other pages indexed by Google that reference this link
- quote” = Find an exact phrase (though results may include related words)
- +word = Show results with this word exactly. Do not include similar words.
You can download the Google Hacking Cheat Sheet PDF using the link given below.