Automated Google Hacking

Using Google To Your Advantage

Google is one of the biggest companies now a days. It provides you with so many services that no one could imagine the internet without it. Google’s search engine is what I am going to focus on in this article since that is what Google Hacking is about. The term actually refers to using Google’s search engine in an advanced way to find sensitive information. If you haven’t done any Google Hacking yet then take a look at this hacking article.

Automated Google Hacking

Since Google Hacking can be quite time consuming people from the Cult of the Dead Cow wrote a program which automates this task. It is a pretty cool tool but the bad part is that you can not send queries that often. So do NOT use the program too often or send to many queries since that may cause Google to ban you!

It is still worth taking a look at especially for administrators to scan whether their websites give away too much information. I’ve used Google Hacking myself several times and found some really really sensitive information so Google Hacking is not something you should underestimate.

Bookmark and Share


Google hacking – use Google to find passwords, usernames …

Google now a days is the most popular search engine there is on the internet. This is because it is so good at what it is doing. Because of that you can use it to find sensitive information. Google hacking is therefore nothing else than using complex Google queries to find information related to computer security.

Use Google to find what you are looking for
There are several tricks you have to know to use Google to find sensitive information. First take a look at the Google operators and the cheatsheet. There are the several operators described which you can use to form complex queries.

Important operators

  • filetype — is used to specify what kind of file the acessed file should be, e.g. filetype:php returns only php files
  • inurl — defines what should be included in the url of the accessed site, e.g. inurl:edu returns all pages that have edu in their url
  • intitle — defines what should be included in the title of the accessed site, e.g. intitle:”index of” returns all sites that have “index of” in their title

These are the operators you will often use, so get familiar with them. Play around a little bit, e.g. try: icq filetype:log and see what Google returns.

Google Hacking Database
Johnny Long, the person who made Google hacking famous, has a database on its website. Take a look at it. There are hundreds of queries which you can use to find relevant information.

Please do not abuse this and cause harm in any way, this article was written to make you understand what kind of security breaches are out there and therefore be able to fix them.

I hope this was helpful.

Bookmark and Share