Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
an enterprise's vulnerable servers and files, password logs, open directories, Web-based device-management panels, remote desktop protocol clients or administration interfaces for routers and switches. You want to discover the sensitive security information that's exposed on the Internet before a black hat does. The trick is to use advanced operators, special searching techniques offered by Google that enable advanced queries. Here is a sampling of advanced operators that you can combine with a search term against your company's domain:
intitle, allintitle -- searches for terms in Web page or Google group title inurl, allinurl -- searches for terms in URLs filetype -- searches URLs that end in a particular file extension allintext -- searches for a string within text of a page site -- searches only for pages hosted on a specific server or domain link -- searches for pages that link to other pages inanchor -- searches text representation of a link in an HTML anchor daterange -- searches for pages indexed by Google within certain date ranges cache -- searches for cached versions of pages info -- searches summary information of a site related -- displays sites related to a site phonebook -- searches for business or residential phone listings rphonebook -- searches for residential phone listings only bphonebook -- searches for business phone listings only author -- searches for authors of newsgroup posts group -- searches title of Google Groups posts for search terms msgid -- searches for Google Groups message identifiers, strings that identify newsgroup posts insubject -- searches Google Groups for subject lines stocks -- searches for stock market information about a company define -- returns definitions for a search term Source: "Google Hacking for Penetration Testers" by Johnny Long
|
||||
- SiteDigger -- Automated and Windows-based Uses Google API and requires Google license key. Download at www.foundstone.com/resources/proddesc/sitedigger.htm
- Witko -- Requires Google license key; compatible with Google Hacking Database. Available http://www.sensepost.com/research/wikto/
- Athena -- Windows-based, Performs only one search at a time. Download at http://snakeoillabs.com*
- Gooscan -- Linux-based; does bulk searches. Download at http://johnny.ihackstuff.com/*
Source: "Google Hacking for Penetration Testers" by Johnny Long.
About the author
Michael S. Mimoso is Senior Editor of Information Security magazine.
This was first published in March 2006