Google Hacking Cheat Sheet - Summary
Google hacking is a powerful technique that uses advanced operators in the Google search engine to find specific sections of text on websites, often highlighting security vulnerabilities. For example, it can locate specific versions of vulnerable web applications. By utilizing Google hacking search queries, you can identify potential security risks in web applications, collect information about targets, and uncover error messages that may reveal sensitive information, such as files containing credentials and other critical data.
A search query like `title:admbook intitle:Fversion filetype:php` helps to find PHP web pages containing both “admbook” and “Fversion” in their titles. This indicates the presence of the PHP-based guestbook Admbook, which is known to have a code injection vulnerability. It’s common for default installations of applications to display their running version on every page, such as “Powered by XOOPS 2.2.3 Final,” which can be beneficial for discovering websites that are using outdated and vulnerable versions.
Useful Google Hacking Techniques
Google Hacking Cheat Sheet
- “inurl: domain/” “additional dorks”
- inurl = the URL of a site you want to query
- domain = the domain for the site
- dorks = the sub-fields and parameters that a hacker wants to scan
- link = Find other pages indexed by Google that reference this link
- quote” = Find an exact phrase (though results may include related words)
- +word = Show results with this word exactly. Do not include similar words.
You can download the Google Hacking Cheat Sheet PDF using the link given below.