Google Search Hacking

1) Google Search:- "Active Webcam Page" inurl:8080
Description- Active WebCam is a shareware program for capturing and sharing the video streams from a lot of video devices. Known bugs: directory traversal and cross site scripting.



2) Google Search:- "phone * * *" "address *" "e-mail" intitle:"curriculum vitae"
Description- This search gives hundreds of existing curriculum vitae with names and address. An attacker could steal identity if there is an SSN in the document.


3) Google Search:- intitle:"index of" finance.xls
Description- Secret financial spreadsheets 'finance.xls' or 'finances.xls' of companies may revealed by this query.

4) Google Search:- intitle:"index.of" robots.txt
Description- The robots.txt file contains "rules" about where web spiders are allowed (and NOT allowed) to look in a website's directory structure. Without over-complicating things, this means that the robots.txt file gives a mini-roadmap of what's somewhat public and what's considered more private on a web site. Have a look at the robots.txt file itself, it contains interesting stuff. However, don't forget to check out the other files in these directories since they are usually at the top directory level of the web server!

5) Google Search:- intitle:index.of.admin
Description- Locate "admin" directories that are accessible from directory listings.

6) Google Search:- inurl:"nph-proxy.cgi" "start browsing"
Description- Returns lots of proxy servers that protects your identity online

Google’s Advance Search Query Syntaxes

Below discussed are various Google’s special commands and I shall be explaining each command in brief and will show how it can be used for critical information digging.

Google Search:-[ intitle: ]

The “intitle:” syntax helps Google restrict the search results to pages containing that word in the title. For example, “intitle: login password” (without quotes) will return links to those pages that has the word "login" in their title, and the word "password" anywhere in the page.

Similarly, if one has to query for more than one word in the page title then in that case “allintitle:” can be used instead of “intitle” to get the list of pages containing all those words in its title. For example using “intitle: login intitle: password” is same as querying “allintitle: login password”.


Google Search:-[ inurl: ]

The “inurl:” syntax restricts the search results to those URLs containing the search keyword. For example: “inurl: passwd” (without quotes) will return only links to those pages that have "passwd" in the URL.

Similarly, if one has to query for more than one word in an URL then in that case “allinurl:” can be used instead of “inurl” to get the list of URLs containing all those search keywords in it. For example: “allinurl: etc/passwd“ will look for the URLs containing “etc” and “passwd”. The slash (“/”) between the words will be ignored by Google.


Google Search:-[ site: ]

The “site:” syntax restricts Google to query for certain keywords in a particular site or domain. For example: “exploits site:hackingspirits.com” (without quotes) will look for the keyword “exploits” in those pages present in all the links of the domain “hackingspirits.com”. There should not be any space between “site:” and the “domain name”.


Google Search:-[ filetype: ]

This “filetype:” syntax restricts Google search for files on internet with particular extensions (i.e. doc, pdf or ppt etc). For example: “filetype:doc site:gov confidential” (without quotes) will look for files with “.doc” extension in all government domains with “.gov” extension and containing the word “confidential” either in the pages or in the “.doc” file. i.e. the result will contain the links to all confidential word document files on the government sites.


Google Search:-[ link: ]

“link:” syntax will list down webpages that have links to the specified webpage. For Example: “link:www.securityfocus.com” will list webpages that have links pointing to the SecurityFocus homepage. Note there can be no space between the "link:" and the web page url.



Google Search:-[ related: ]

The “related:” will list web pages that are "similar" to a specified web page. For Example: “related:www.securityfocus.com” will list web pages that are similar to the Securityfocus homepage. Note there can be no space between the "related:" and the web page url.


Google Search:-[ cache: ]

The query “cache:” will show the version of the web page that Google has in its cache. For Example: “cache:www.hackingspirits.com” will show Google's cache of the Google homepage. Note there can be no space between the "cache:" and the web page url.

If you include other words in the query, Google will highlight those words within the cached document. For Example: “cache:www.hackingspirits.com guest” will show the cached content with the word "guest" highlighted.


Google Search:-[ intext: ]

The “intext:” syntax searches for words in a particular website. It ignores links or URLs and page titles. For example: “intext:exploits” (without quotes) will return only links to those web pages that has the search keyword "exploits" in its webpage.


Google Search:-[ phonebook: ]

“phonebook” searches for U.S. street address and phone number information. For Example: “phonebook:Lisa+CA” will list down all names of person having “Lisa” in their names and located in “California (CA)”. This can be used as a great tool for hackers incase someone want to do dig personal information for social engineering.