The concept of “Google Hacking” can be traced back to 2002, when Johnny Long started collecting extraordinary Google search queries that revealed vulnerable systems and/or sensitive information disclosures – branding them as googleDorks.The list of googleDorks grew into a dictionary of queries, which were eventually categorized into the Google Hacking Database (GHDB) in 2004.
In simple terms, it is a method of computer hacking that utilizes Google Search and other Google applications to locate security loopholes in the configurations that the websites use. The main action involves the use of hi-tech operators to locate specific strings of text within search results. The aim is to filter out all web pages that have that particular text contained within them.
Examples of Google Hacking :
- The following search query successfully locates all websites that have the words “wxyz” and “abcd” in the title of the website. It also checks to ensure that the web page being accessed is a PHP file.
<intitle:wxyz intitle:abcd
filetype:php>
- Another search type can fetch out all the similar file types on the servers –
<intitle:index.of mp3>
gives all the mp3 files available on various servers.
There are other advanced operators like :
allintitle , inurl , allinurl , filetype , allintext , site , link , inanchor , msgid etc.
However, the use of the file Robots.txt is one way save the privacy of your data; you can prevent Google from indexing your website thus.
We are soon launching with exciting courses on cyber security! Join the mailing list to stay updated!
