Protect your business from a Google hack

intitle, allintitle -- searches for terms in Web page or Google group title

inurl, allinurl -- searches for terms in URLs

filetype -- searches URLs that end in a particular file extension

allintext -- searches for a string within text of a page

site -- searches only for pages hosted on a specific server or domain

link -- searches for pages that link to other pages

inanchor -- searches text representation of a link in an HTML anchor

daterange -- searches for pages indexed by Google within certain date ranges

cache -- searches for cached versions of pages

info -- searches summary information of a site

related -- displays sites related to a site

phonebook -- searches for business or residential phone listings

rphonebook -- searches for residential phone listings only

bphonebook -- searches for business phone listings only

author -- searches for authors of newsgroup posts

group -- searches title of Google Groups posts for search terms

msgid -- searches for Google Groups message identifiers, strings that identify newsgroup posts

insubject -- searches Google Groups for subject lines

stocks -- searches for stock market information about a company

define -- returns definitions for a search term

Source: "Google Hacking for Penetration Testers" by Johnny Long

More on Google hacking Read our glossary definition of Google hacking and learn tips for preventing this attack.

• SiteDigger -- Automated and Windows-based Uses Google API and requires Google license key. Download at www.foundstone.com/resources/proddesc/sitedigger.htm

• Witko -- Requires Google license key; compatible with Google Hacking Database. Available http://www.sensepost.com/research/wikto/

• Athena -- Windows-based, Performs only one search at a time. Download at http://snakeoillabs.com*

• Gooscan -- Linux-based; does bulk searches. Download at http://johnny.ihackstuff.com/*

Source: "Google Hacking for Penetration Testers" by Johnny Long.

About the author
Michael S. Mimoso is Senior Editor of Information Security magazine.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Threat Monitor,   Application and Platform Security,   Security Testing and Ethical Hacking,   Enterprise Vulnerability Management,   Enterprise Data Protection,   Enterprise Data Governance,   Emerging Information Security Threats,   Information Security Threats,   Data Loss Prevention,   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Threat Monitor Server Message Block Version 2 security in question: Disable or patch? Preparing for future security threats, evolving malware Best practices for (small) botnets Cut down on calls to help desk with cybersecurity awareness training How to detect software tampering How to prevent phishing attacks with social engineering tests An enterprise strategy for Web application security threats How SSL-encrypted Web connections are intercepted How a corporate Twitter policy can combat social network threats Cyberwarfare and the enterprise: Is the threat real? Security Testing and Ethical Hacking Attackers zero in on Web application vulnerabilities What to do with network penetration test results Information security book excerpts and reviews H.D. Moore speaks about Metasploit Project deal, Release 3.3 Could Metasploit popularity erode? Metasploit Project acquired by vulnerability management firm Rapid7 Should management processes change based on a patch release schedule? Does an EULA make it truly illegal to decompile software? Screencast: BackTrack 4 offers an arsenal of penetration testing tools Security testing firm uncovers XML vulnerabilities Enterprise Data Governance How to protect distributed information flows Interpreting 'risk' in the Massachusetts data protection law Creating an enterprise data protection framework Analyst DLP study finds maturity, ranks top DLP vendors Voltage, RSA spar over tokenization, data protection Twitter gets condemned by CISOs at Forrester forum PCI DSS compliance requirements: Ensuring data integrity Trustwave acquires data loss prevention vendor Vericept Data has become too distributed to secure, Forrester says Cloud-based security services should start private RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Cyber Storm  (SearchSecurity.com) ethical hacker  (SearchSecurity.com) ethical worm  (SearchSecurity.com) gray hat  (SearchSecurity.com) honey pot  (SearchSecurity.com) honeynet  (SearchSecurity.com) war dialer  (SearchSecurity.com) white hat  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.