Google now a days is the most popular search engine there is on the internet. This is because it is so good at what it is doing. Because of that you can use it to find sensitive information. Google hacking is therefore nothing else than using complex Google queries to find information related to computer security.
Use Google to find what you are looking for
There are several tricks you have to know to use Google to find sensitive information. First take a look at the Google operators and the cheatsheet. There are the several operators described which you can use to form complex queries.
- filetype — is used to specify what kind of file the acessed file should be, e.g. filetype:php returns only php files
- inurl — defines what should be included in the url of the accessed site, e.g. inurl:edu returns all pages that have edu in their url
- intitle — defines what should be included in the title of the accessed site, e.g. intitle:”index of” returns all sites that have “index of” in their title
These are the operators you will often use, so get familiar with them. Play around a little bit, e.g. try: icq filetype:log and see what Google returns.
Google Hacking Database
Johnny Long, the person who made Google hacking famous, has a database on its website. Take a look at it. There are hundreds of queries which you can use to find relevant information.
Please do not abuse this and cause harm in any way, this article was written to make you understand what kind of security breaches are out there and therefore be able to fix them.