8/3/2019 PCT1-30 - Google Hacks
1/157
03/07/2007GoSecure Inc.
8/3/2019 PCT1-30 - Google Hacks
2/157
03/07/2007GoSecure Inc.
Hacking with Google for fun andprofit!
October 2004
Robert Masse & Jian Hui Wang
8/3/2019 PCT1-30 - Google Hacks
3/157
03/07/2007GoSecure Inc.2
Google Introduction & Features Google Search Technique
Google Basic Operators
Google Advanced Operators
Google Hacking Digging for vulnerability gold
Identifying operating systems
Vulnerability scanning Proxying
Protect your information from Google
8/3/2019 PCT1-30 - Google Hacks
4/157
03/07/2007GoSecure Inc.3
Google Search Technique Just put the word and run the search
You need to audit your Internet presence One database, Google almost has it all!
One of the most powerful databases in the world Consolidate a lot of info
Usage: Student
Business
AlQaeda
One stop shop for attack, maps, addresses, photos, technical information
8/3/2019 PCT1-30 - Google Hacks
5/157
03/07/2007GoSecure Inc.4
8/3/2019 PCT1-30 - Google Hacks
6/157
03/07/2007GoSecure Inc.5
Google Advance Search A little more sophisticated
8/3/2019 PCT1-30 - Google Hacks
7/15703/07/2007GoSecure Inc.
6
8/3/2019 PCT1-30 - Google Hacks
8/15703/07/2007GoSecure Inc.
7
Google Operators: Operators are used to refine the results and to maximize
the search value. They are your tools as well as hackersweapons
Basic Operators: +, -, ~ , ., *, , |, OR
Advanced Operators: allintext:, allintitle:, allinurl:, bphonebook:, cache:,
define:, filetype:, info:, intext:, intitle:, inurl:, link:,phonebook:, related:, rphonebook:, site:, numrange:,daterange
8/3/2019 PCT1-30 - Google Hacks
9/15703/07/2007GoSecure Inc.
8
Basic Operators (+) force inclusion of something common
Google ignores common words (where, how, digit, singleletters) by default:Example: StarStar Wars Episode +I
(-) exclude a search term
Example: apple red () use quotes around a search term to search exact
phrases:
Example: Robert Masse Robert masse without has the 309,000 results, but
robert masse only has 927 results. Reduce the 99%irrelevant results
8/3/2019 PCT1-30 - Google Hacks
10/15703/07/2007GoSecure Inc.
9
Basic Operators (~) search synonym:
Example: ~food
Return the results about food as well as recipe, nutrition
and cooking information ( . ) a single-character wildcard:
Example: m.trix
Return the results of M@trix, matrix, metrix.
( * ) any word wildcard
8/3/2019 PCT1-30 - Google Hacks
11/15703/07/2007GoSecure Inc.
10
Advanced Operators: Site: Site: Domain_name Find Web pages only on the specified domain. If we
search a specific site, usually we get the Web structureof the domain
Examples:site:ca
site:gosecure.ca
site:www.gosecure.ca
8/3/2019 PCT1-30 - Google Hacks
12/157
03/07/2007GoSecure Inc.11
8/3/2019 PCT1-30 - Google Hacks
13/157
03/07/2007GoSecure Inc.12
Advanced Operators: Filetype: Filetype: extension_type
Find documents with specified extensions
The supported extensions are:
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt)- Adobe Portable Document Format (pdf) - Microsoft Word (doc)
- Adobe PostScript (ps) - Microsoft Works (wks, wps, wdb)
- Lotus 1-2-3 - Microsoft Excel (xls)
(wk1, wk2, wk3, wk4, wk5, wki, wks, wku) - Microsoft Write (wri)
- Lotus WordPro (lwp) - Rich Text Format (rtf)
- MacWrite (mw) - Shockwave Flash (swf)- Text (ans, txt)
Note: We actually can search asp, php and cgi, pl filesas long as it is text-compatible.Example: Budget filetype: xls
8/3/2019 PCT1-30 - Google Hacks
14/157
03/07/2007GoSecure Inc.13
Advanced Operators A budget file we found .
8/3/2019 PCT1-30 - Google Hacks
15/157
03/07/2007GoSecure Inc.14
8/3/2019 PCT1-30 - Google Hacks
16/157
03/07/2007GoSecure Inc.15
Advanced Operators Intitle: Intitle: search_term
Find search term within the title of a Webpage
Allintitle: search_term1 search_term2 search_term3
Find multiple search terms in the Web pages with thetitle that includes all these words
These operators are specifically useful to find thedirectory lists
Example:Find directory list:
Intitle: Index.of parent directory
8/3/2019 PCT1-30 - Google Hacks
17/157
03/07/2007GoSecure Inc.16
8/3/2019 PCT1-30 - Google Hacks
18/157
03/07/2007GoSecure Inc.17
Advanced Operators Inurl: Inurl: search_term
Find search term in a Web address
Allinurl: search_term1 search_term2 search_term3
Find multiple search terms in a Web address
Examples:
Inurl: cgi-bin
Allinurl: cgi-bin password
8/3/2019 PCT1-30 - Google Hacks
19/157
03/07/2007GoSecure Inc.18
8/3/2019 PCT1-30 - Google Hacks
20/157
03/07/2007GoSecure Inc.19
Advanced Operators Intext; Intext: search_term Find search term in the text body of a document.
Allintext: search_term1 search_term2 search_term3 Find multiple search terms in the text body of a
document. Examples:
Intext: Administrator login
Allintext: Administrator login
8/3/2019 PCT1-30 - Google Hacks
21/157
03/07/2007GoSecure Inc.20
8/3/2019 PCT1-30 - Google Hacks
22/157
03/07/2007GoSecure Inc.21
Advanced Operators: Cache: Cache: URL
Find the old version of Website in Google cache
Sometimes, even the site has already been updated, the
old information might be found in cache Examples:
Cache: www.gosecure.com
8/3/2019 PCT1-30 - Google Hacks
23/157
03/07/2007GoSecure Inc.22
8/3/2019 PCT1-30 - Google Hacks
24/157
03/07/2007GoSecure Inc.23
Advanced Operators ..
Conduct a number range search by specifying twonumbers, separated by two periods, with no spaces. Besure to specify a unit of measure or some other indicatorof what the number range represents
Examples:
Computer $500..1000
DVD player $250..350
8/3/2019 PCT1-30 - Google Hacks
25/157
03/07/2007GoSecure Inc.24
8/3/2019 PCT1-30 - Google Hacks
26/157
03/07/2007GoSecure Inc.25
Advanced Operators: Daterange: Daterange: -
Find the Web pages between start date and end date
Note: start_date and end date use the Julian date
The Julian date is calculated by the number of dayssince January 1, 4713 BC. For example, the Juliandate for August 1, 2001 is 2452122
Examples:
2004.07.10=24531962004.08.10=2453258
Vulnerabilities date range: 2453196-2453258
8/3/2019 PCT1-30 - Google Hacks
27/157
03/07/2007GoSecure Inc.26
8/3/2019 PCT1-30 - Google Hacks
28/157
03/07/2007GoSecure Inc.27
Advanced Operators Link: Link: URL Find the Web pages having a link to the specified URL
Related: URL
Find the Web pages that are similar to the specified Web page
info: URL Present some information that Google has about that Web page
Define: search_term
Provide a definition of the words gathered from various onlinesources
Examples:
Link: gosecure.ca
Related: gosecure.ca
Info: gosecure.ca
8/3/2019 PCT1-30 - Google Hacks
29/157
03/07/2007GoSecure Inc.28
8/3/2019 PCT1-30 - Google Hacks
30/157
03/07/2007GoSecure Inc. 29
8/3/2019 PCT1-30 - Google Hacks
31/157
03/07/2007GoSecure Inc. 30
8/3/2019 PCT1-30 - Google Hacks
32/157
03/07/2007GoSecure Inc. 31
8/3/2019 PCT1-30 - Google Hacks
33/157
03/07/2007GoSecure Inc. 32
Advanced Operators phonebook: Phonebook Search the entire Google phonebook rphonebook
Search residential listings only
bphonebook Search business listings only Examples:
Phonebook: robert las vegas (robert in Las Vegas)
Phonebook: (702) 944-2001 (reverse search, not always work)The phonebook is quite limited to U.S.A
8/3/2019 PCT1-30 - Google Hacks
34/157
03/07/2007GoSecure Inc. 33
8/3/2019 PCT1-30 - Google Hacks
35/157
03/07/2007GoSecure Inc. 34
8/3/2019 PCT1-30 - Google Hacks
36/157
03/07/2007GoSecure Inc. 35
Google, Friend or Enemy? Google is everyones best friend (yours or hackers) Information gathering and vulnerability identification
are the tasks in the first phase of a typical hackingscenario
Passitive, stealth and huge data collection Google can do more than search Have you used Google to audit your organization
today?
8/3/2019 PCT1-30 - Google Hacks
37/157
03/07/2007GoSecure Inc. 36
What can Google can do for a hacker? Search sensitive information like payroll, SIN, eventhe personal email box
Vulnerabilities scanner
Transparent proxy
8/3/2019 PCT1-30 - Google Hacks
38/157
03/07/2007GoSecure Inc. 37
Salary Salary filetype: xls site: edu
8/3/2019 PCT1-30 - Google Hacks
39/157
03/07/2007GoSecure Inc. 38
8/3/2019 PCT1-30 - Google Hacks
40/157
03/07/2007GoSecure Inc. 39
Security social insurance numberIntitle: Payroll intext: ssn filetype: xls site: edu
8/3/2019 PCT1-30 - Google Hacks
41/157
03/07/2007GoSecure Inc. 40
8/3/2019 PCT1-30 - Google Hacks
42/157
03/07/2007GoSecure Inc. 41
Security Social Insurance Number Payroll intext: Employee intext: ssn iletype: xls
8/3/2019 PCT1-30 - Google Hacks
43/157
03/07/2007GoSecure Inc. 42
8/3/2019 PCT1-30 - Google Hacks
44/157
03/07/2007GoSecure Inc. 43
Financial Information Filetype: xls checking account credit card -intext: Application -intext: Form (only 39 results)
8/3/2019 PCT1-30 - Google Hacks
45/157
03/07/2007GoSecure Inc. 44
8/3/2019 PCT1-30 - Google Hacks
46/157
03/07/2007GoSecure Inc. 45
Financial Information Intitle: Index of finances.xls (9)
8/3/2019 PCT1-30 - Google Hacks
47/157
03/07/2007GoSecure Inc. 46
8/3/2019 PCT1-30 - Google Hacks
48/157
03/07/2007GoSecure Inc. 47
Personal Mailbox Intitle: Index.of inurl: Inbox (456) (mit mailbox)
8/3/2019 PCT1-30 - Google Hacks
49/157
03/07/2007GoSecure Inc. 48
8/3/2019 PCT1-30 - Google Hacks
50/157
03/07/2007GoSecure Inc. 49
Personal Mailbox After several clicks , got the private emailmessages
8/3/2019 PCT1-30 - Google Hacks
51/157
03/07/2007GoSecure Inc. 50
8/3/2019 PCT1-30 - Google Hacks
52/157
03/07/2007GoSecure Inc. 51
Personal Mailbox Intitle: Index.of inurl: Inbox (inurl: User ORinurl: Mail) (220)
8/3/2019 PCT1-30 - Google Hacks
53/157
03/07/2007GoSecure Inc. 52
8/3/2019 PCT1-30 - Google Hacks
54/157
03/07/2007GoSecure Inc. 53
Confidential Files not for distribution confidential (1,760)
8/3/2019 PCT1-30 - Google Hacks
55/157
03/07/2007GoSecure Inc.54
8/3/2019 PCT1-30 - Google Hacks
56/157
03/07/2007GoSecure Inc.55
Confidential Files not for distribution confidential filetype: pdf(marketing info) (456)
8/3/2019 PCT1-30 - Google Hacks
57/157
03/07/2007GoSecure Inc.56
8/3/2019 PCT1-30 - Google Hacks
58/157
03/07/2007GoSecure Inc.57
OS Detection Use the keywords of the default installation page
of a Web server to search.
Use the title to search
Use the footer in a directory index page
8/3/2019 PCT1-30 - Google Hacks
59/157
03/07/2007GoSecure Inc.58
OS Detection-Windows Microsoft-IIS/5.0 server at
8/3/2019 PCT1-30 - Google Hacks
60/157
03/07/2007GoSecure Inc.59
8/3/2019 PCT1-30 - Google Hacks
61/157
03/07/2007GoSecure Inc.60
OS Detection - Windows Default web page? Intitle: Welcome to Windows 2000 Internet Services
8/3/2019 PCT1-30 - Google Hacks
62/157
03/07/2007GoSecure Inc.61
8/3/2019 PCT1-30 - Google Hacks
63/157
03/07/2007GoSecure Inc.62
OS Detection Apache 1.3.11-1.3.26 Intitle: Test.Page.for.Apache seeing.this.instead
8/3/2019 PCT1-30 - Google Hacks
64/157
03/07/2007GoSecure Inc.63
8/3/2019 PCT1-30 - Google Hacks
65/157
03/07/2007GoSecure Inc.64
OS Detection-Apache SSL enable Intitle: Test.page SSL/TLS-aware (127)
8/3/2019 PCT1-30 - Google Hacks
66/157
03/07/2007GoSecure Inc.65
8/3/2019 PCT1-30 - Google Hacks
67/157
03/07/2007GoSecure Inc.66
Search Passwords Search the well known password filenames in URL
Search the database connection files orconfiguration files to find a password and username
Search specific username file for a specific product
8/3/2019 PCT1-30 - Google Hacks
68/157
03/07/2007GoSecure Inc.67
Search Passwords Inurl: etc inurl: passwd
8/3/2019 PCT1-30 - Google Hacks
69/157
03/07/2007GoSecure Inc.68
8/3/2019 PCT1-30 - Google Hacks
70/157
03/07/2007GoSecure Inc.69
8/3/2019 PCT1-30 - Google Hacks
71/157
03/07/2007GoSecure Inc.70
Search Passwords Intitle: Index of..etc passwd
8/3/2019 PCT1-30 - Google Hacks
72/157
03/07/2007GoSecure Inc.71
8/3/2019 PCT1-30 - Google Hacks
73/157
03/07/2007GoSecure Inc.72
Search Passwords "# -FrontPage-" inurl: service.pwd (then crack it)
8/3/2019 PCT1-30 - Google Hacks
74/157
03/07/2007GoSecure Inc.73
8/3/2019 PCT1-30 - Google Hacks
75/157
03/07/2007GoSecure Inc.74
Search Passwords Inurl: admin.pwd filetype: pwd
8/3/2019 PCT1-30 - Google Hacks
76/157
03/07/2007GoSecure Inc.
75
8/3/2019 PCT1-30 - Google Hacks
77/157
03/07/2007GoSecure Inc.
76
Search Passwords Filetype: inc dbconn
8/3/2019 PCT1-30 - Google Hacks
78/157
03/07/2007GoSecure Inc.
77
8/3/2019 PCT1-30 - Google Hacks
79/157
03/07/2007GoSecure Inc.
78
Search Passwords Filetype: inc intext: mysql_connect
8/3/2019 PCT1-30 - Google Hacks
80/157
03/07/2007GoSecure Inc.
79
8/3/2019 PCT1-30 - Google Hacks
81/157
03/07/2007GoSecure Inc.
80
Search Passwords Filetype: ini +ws_ftp +pwd (get the encrypted
passwords)
8/3/2019 PCT1-30 - Google Hacks
82/157
03/07/2007GoSecure Inc.
81
8/3/2019 PCT1-30 - Google Hacks
83/157
03/07/2007GoSecure Inc.
82
Search Passwords Filetype: log inurl: password.log
8/3/2019 PCT1-30 - Google Hacks
84/157
03/07/2007GoSecure Inc.
83
8/3/2019 PCT1-30 - Google Hacks
85/157
03/07/2007GoSecure Inc.
84
Search Username +intext: "webalizer" +intext: Total Usernames +intext:
Usage Statistics for
8/3/2019 PCT1-30 - Google Hacks
86/157
03/07/2007GoSecure Inc.
85
8/3/2019 PCT1-30 - Google Hacks
87/157
03/07/2007GoSecure Inc.
86
License Key Filetype: lic lic intext: key (33) (license key)
8/3/2019 PCT1-30 - Google Hacks
88/157
03/07/2007GoSecure Inc.
87
8/3/2019 PCT1-30 - Google Hacks
89/157
03/07/2007GoSecure Inc.
88
Cookies Syntax Filetype: inc inc intext: setcookie -cvs -examples -
sourceforge -site: php.net (120) (cookie schema)
8/3/2019 PCT1-30 - Google Hacks
90/157
03/07/2007GoSecure Inc.
89
8/3/2019 PCT1-30 - Google Hacks
91/157
03/07/2007GoSecure Inc.
90
Sensitive Directories Listing Powerful buzz word: Index of
Search the well known vulnerable directories names
8/3/2019 PCT1-30 - Google Hacks
92/157
03/07/2007GoSecure Inc.
91
Sensitive Directories Listing index of cgi-bin (3590)
8/3/2019 PCT1-30 - Google Hacks
93/157
03/07/2007GoSecure Inc.
92
8/3/2019 PCT1-30 - Google Hacks
94/157
03/07/2007GoSecure Inc.
93
Sensitive Directories Listing Intitle: Index of cfide (coldfusion directory)
8/3/2019 PCT1-30 - Google Hacks
95/157
03/07/2007GoSecure Inc.
94
8/3/2019 PCT1-30 - Google Hacks
96/157
03/07/2007GoSecure Inc.
95
Sensitive Directories Listing Intitle: index.of.winnt
8/3/2019 PCT1-30 - Google Hacks
97/157
03/07/2007GoSecure Inc.
96
8/3/2019 PCT1-30 - Google Hacks
98/157
03/07/2007GoSecure Inc.
97
Sensitive Directories Listing Intitle: index of iissamples (dangeous iissamples)
(32)
8/3/2019 PCT1-30 - Google Hacks
99/157
03/07/2007GoSecure Inc.
98
8/3/2019 PCT1-30 - Google Hacks
100/157
03/07/2007GoSecure Inc.
99
Sensitive Directories Listing Inurl: iissamples (1080)
8/3/2019 PCT1-30 - Google Hacks
101/157
03/07/2007GoSecure Inc.
100
8/3/2019 PCT1-30 - Google Hacks
102/157
03/07/2007GoSecure Inc.
101
Database Manipulation Different database applications leave different signatures
on the database files
8/3/2019 PCT1-30 - Google Hacks
103/157
03/07/2007GoSecure Inc.
102
Database Manipulation Welcome to phpMyAdmin AND Create new
database -intext: No Priviledge (find a page thatmight have privilege to update mysql)
8/3/2019 PCT1-30 - Google Hacks
104/157
03/07/2007GoSecure Inc.
103
8/3/2019 PCT1-30 - Google Hacks
105/157
03/07/2007GoSecure Inc.
104
Database Manipulation Welcome to phpMyAdmin AND Create new
database (after several hits, we got this)
8/3/2019 PCT1-30 - Google Hacks
106/157
03/07/2007GoSecure Inc.
105
8/3/2019 PCT1-30 - Google Hacks
107/157
03/07/2007GoSecure Inc.
106
Database Manipulation Select a database to view intitle: filemaker
pro (94) Filemaker
8/3/2019 PCT1-30 - Google Hacks
108/157
03/07/2007GoSecure Inc.
107
8/3/2019 PCT1-30 - Google Hacks
109/157
03/07/2007GoSecure Inc.
108
Database Manipulation After several clicks and you can query the table
8/3/2019 PCT1-30 - Google Hacks
110/157
03/07/2007GoSecure Inc.
109
8/3/2019 PCT1-30 - Google Hacks
111/157
03/07/2007GoSecure Inc.
110
Database Manipulation # Dumping data for table (username|user|users|
password) -site: mysql.com cvs (289) (backup dataof mysqldump)
8/3/2019 PCT1-30 - Google Hacks
112/157
03/07/2007GoSecure Inc.
111
8/3/2019 PCT1-30 - Google Hacks
113/157
03/07/2007GoSecure Inc.
112
Database Manipulation # Dumping data for table (username|user|users|
password) site: mysql.com -cvs
8/3/2019 PCT1-30 - Google Hacks
114/157
03/07/2007GoSecure Inc.
113
8/3/2019 PCT1-30 - Google Hacks
115/157
03/07/2007GoSecure Inc.
114
Database Manipulation # Dumping data for table (username|user|users|
password) -site: mysql.com cvs
8/3/2019 PCT1-30 - Google Hacks
116/157
03/07/2007GoSecure Inc.
115
8/3/2019 PCT1-30 - Google Hacks
117/157
03/07/2007GoSecure Inc.
116
Sensitive System Information Network security reports have lists of vulnerabilities for
your system
Configuration files often contain the applicationparameters inventory
8/3/2019 PCT1-30 - Google Hacks
118/157
03/07/2007GoSecure Inc.
117
Network Security Report (ISS) Network Host Assessment Report Internet
Scanner (iss report) (13)
8/3/2019 PCT1-30 - Google Hacks
119/157
03/07/2007GoSecure Inc.
118
8/3/2019 PCT1-30 - Google Hacks
120/157
03/07/2007GoSecure Inc.
119
Network Security Report (ISS) Host Vulnerability Summary Report (ISS report) (25)
8/3/2019 PCT1-30 - Google Hacks
121/157
03/07/2007GoSecure Inc.
120
8/3/2019 PCT1-30 - Google Hacks
122/157
03/07/2007GoSecure Inc.
121
Network Security Report (nessus) This file was generated by Nessus || intitle:Nessus
Scan Report -site:nessus.org (185)
8/3/2019 PCT1-30 - Google Hacks
123/157
03/07/2007GoSecure Inc.
122
8/3/2019 PCT1-30 - Google Hacks
124/157
03/07/2007GoSecure Inc.
123
Network Scanner Report (Snort) SnortSnarf alert page (15,500)
8/3/2019 PCT1-30 - Google Hacks
125/157
03/07/2007GoSecure Inc.
124
8/3/2019 PCT1-30 - Google Hacks
126/157
03/07/2007GoSecure Inc.
125
Network Security Report (Snort) Intitle: Analysis Console for Intrusion Databases
+intext:by Roman Danyliw inurl:acid/acid_main.php (13 results, acid alert database)
8/3/2019 PCT1-30 - Google Hacks
127/157
03/07/2007GoSecure Inc.
126
8/3/2019 PCT1-30 - Google Hacks
128/157
03/07/2007GoSecure Inc.
127
Configuration Files (robots.txt)
(inurl: robot.txt | inurl: robots.txt) intext:disallowfiletype:txt
Robots.txt means to protect you privacy from crawlers
But allows you to determine the file system architecture
8/3/2019 PCT1-30 - Google Hacks
129/157
03/07/2007GoSecure Inc.
128
8/3/2019 PCT1-30 - Google Hacks
130/157
03/07/2007GoSecure Inc.
129
A vulnerable targets scanning example
Get the new vulnerabilities from advisory
Find the signature from vendor Website
Google search to find the targets
Perform further malicious actions
8/3/2019 PCT1-30 - Google Hacks
131/157
03/07/2007GoSecure Inc.
130
An advisory looks like
8/3/2019 PCT1-30 - Google Hacks
132/157
03/07/2007GoSecure Inc.
131
8/3/2019 PCT1-30 - Google Hacks
133/157
03/07/2007GoSecure Inc.
132
Vendor Website Information
8/3/2019 PCT1-30 - Google Hacks
134/157
03/07/2007GoSecure Inc.
133
8/3/2019 PCT1-30 - Google Hacks
135/157
03/07/2007GoSecure Inc.
134
Google search
Inurl: smartguestbook.asp
8/3/2019 PCT1-30 - Google Hacks
136/157
03/07/2007GoSecure Inc.
135
8/3/2019 PCT1-30 - Google Hacks
137/157
03/07/2007GoSecure Inc.
136
The victims Website
8/3/2019 PCT1-30 - Google Hacks
138/157
03/07/2007GoSecure Inc.
137
8/3/2019 PCT1-30 - Google Hacks
139/157
03/07/2007GoSecure Inc.
138
Download the database Game over
8/3/2019 PCT1-30 - Google Hacks
140/157
03/07/2007GoSecure Inc.
139
8/3/2019 PCT1-30 - Google Hacks
141/157
03/07/2007GoSecure Inc.
140
Transparent Proxy
Normal surfing on www.myip.nu
8/3/2019 PCT1-30 - Google Hacks
142/157
03/07/2007GoSecure Inc.
141
8/3/2019 PCT1-30 - Google Hacks
143/157
03/07/2007GoSecure Inc.
142
Transparent Proxy
When we use Google translation tool to surfwww.myip.nu
8/3/2019 PCT1-30 - Google Hacks
144/157
03/07/2007GoSecure Inc.
143
8/3/2019 PCT1-30 - Google Hacks
145/157
03/07/2007GoSecure Inc.
144
Google Automated Scanning
Google doesnt like the idea about automating Googlescan. They issue a free licence limited to 1000 queries/day to Google
Gooscan
Gooscan is a UNIX (Linux/BSD/Mac OS X) tool thatautomates queries against Google search appliances,which helps to do the external vulnerability assessment.For more information about this tool, including theethical implications of its use. See: http://
johnny.ihackstuff.com
http://johnny.ihackstuff.com/http://johnny.ihackstuff.com/http://johnny.ihackstuff.com/http://johnny.ihackstuff.com/http://johnny.ihackstuff.com/http://johnny.ihackstuff.com/8/3/2019 PCT1-30 - Google Hacks
146/157
03/07/2007GoSecure Inc.
145
Google Automated Tools
SiteDigger
SiteDigger searches Googles cache to look forvulnerabilities, errors, configuration issues, proprietaryinformation, and interesting security nuggets on Web
sites. See: http://www.foundstone.com
http://www.foundstone.com/http://www.foundstone.com/8/3/2019 PCT1-30 - Google Hacks
147/157
03/07/2007GoSecure Inc.
146
8/3/2019 PCT1-30 - Google Hacks
148/157
03/07/2007GoSecure Inc.
147
Google Automated Tools
Athena
Another Google query tool. It supports an open XMLconfiguration format to support multiple search engines(not just Google)
8/3/2019 PCT1-30 - Google Hacks
149/157
03/07/2007GoSecure Inc.
148
8/3/2019 PCT1-30 - Google Hacks
150/157
03/07/2007GoSecure Inc.
149
Google Materials
Googledorks The famous Google Hack Website, it has many different
examples of unbelievable things: http://johnny.ihackstuff.com.
http://johnny.ihackstuff.com/http://johnny.ihackstuff.com/http://johnny.ihackstuff.com/http://johnny.ihackstuff.com/8/3/2019 PCT1-30 - Google Hacks
151/157
03/07/2007GoSecure Inc.
150
8/3/2019 PCT1-30 - Google Hacks
152/157
03/07/2007GoSecure Inc.
151
8/3/2019 PCT1-30 - Google Hacks
153/157
03/07/2007GoSecure Inc.152
Google Materials
Freshgoo
Search Google for the page published on today, yesterday,within the last seven days or last 30 days:http://www.freshgoo.com/index.php
http://www.freshgoo.com/index.phphttp://www.freshgoo.com/index.phphttp://www.freshgoo.com/index.phphttp://www.freshgoo.com/index.php8/3/2019 PCT1-30 - Google Hacks
154/157
03/07/2007GoSecure Inc.153
8/3/2019 PCT1-30 - Google Hacks
155/157
03/07/2007GoSecure Inc.154
Protect Your Data
Keep patching your systems and applications Keep your sensitive data off the Web apply authentication
(RSA, Clienless VPN)
Disable directory browsing
Google hack your Website
Consider removing your site from Google's index:
http://www.google.com/remove.html.
Use a robots.txt file to against Web crawlers:
http://www.robotstxt.org.
http://www.robotstxt.org/http://www.google.com/remove.htmlhttp://www.robotstxt.org/http://www.robotstxt.org/http://www.google.com/remove.htmlhttp://www.google.com/remove.html8/3/2019 PCT1-30 - Google Hacks
156/157
03/07/2007GoSecure Inc.155
Google APIS:
www.google.com/apisRemove:http://www.google.com/remove.htmlGoogledorks:http://johnny.ihackstuff.com/
Oreilly Google Hack:http://www.oreilly.com/catalog/googlehks/Google Hack Presentation, Jonhnny Long:http://johnny.ihackstuff.com/modules.php?op=modload&name=ownloads&file=index&req=viewdownload&cid=1
Autism: Using google to hack:www.smart-dev.com/texts/google.txtGoogle: Net Hacker Tool du Jour:htt ://www.wired.com/news/infostructure/0 1377 57897 00.html
http://www.wired.com/news/infostructure/0,1377,57897,00.htmlhttp://www.smart-dev.com/texts/google.txthttp://johnny.ihackstuff.com/modules.php?op=modload&name=Downloads&file=index&req=viewdownload&cid=1http://johnny.ihackstuff.com/modules.php?op=modload&name=Downloads&file=index&req=viewdownload&cid=1http://www.oreilly.com/catalog/googlehks/http://johnny.ihackstuff.com/http://www.google.com/remove.htmlhttp://www.google.com/apishttp://www.wired.com/news/infostructure/0,1377,57897,00.htmlhttp://www.wired.com/news/infostructure/0,1377,57897,00.htmlhttp://www.smart-dev.com/texts/google.txthttp://www.smart-dev.com/texts/google.txthttp://johnny.ihackstuff.com/modules.php?op=modload&name=Downloads&file=index&req=viewdownload&cid=1http://johnny.ihackstuff.com/modules.php?op=modload&name=Downloads&file=index&req=viewdownload&cid=1http://johnny.ihackstuff.com/modules.php?op=modload&name=Downloads&file=index&req=viewdownload&cid=1http://johnny.ihackstuff.com/modules.php?op=modload&name=Downloads&file=index&req=viewdownload&cid=1http://www.oreilly.com/catalog/googlehks/http://www.oreilly.com/catalog/googlehks/http://johnny.ihackstuff.com/http://johnny.ihackstuff.com/http://www.google.com/remove.htmlhttp://www.google.com/remove.htmlhttp://www.google.com/apishttp://www.google.com/apis8/3/2019 PCT1-30 - Google Hacks
157/157
Contact Information:
Robert [email protected]
407 McGill, suite 900Montral, Qubec, CanadaH2Y 2G2
514-287-7427