Google Hacking/en
Introduction
Google is a tool that allows us to index information located on servers. Multiple commands exist to refine "Google searching". The term Google Hacking refers to the use of these operands or advanced commands available to use on Google, that will allow us to narrow dowqn the results in order to obtain greater quality information, by excluding the links that do not correspond with our search options. In order to obtain said functionality, Google Search box accepts a series of filters, also called commands or advanced operators, that will be included with any standard search conducted, by this we mean any search using google.
The correct use of these filters, is even able to narrow down the result to ONE option. This potential makes google a commonly used tool in the security area in order to obtain public information.
Basic Concepts
Google holds by an important rule, "all words are relevant". This implies that each search term introduced into the search box when googling, has the same importance towards processing the results. There are some exceptions to this rule. The most remarkable exception consists of the following: Usually, Google tends to ignore word conectors, some symbols & special characters, even isolated numbers. This is done in order to speed up the search process as this exceptions do not render an affordable improvement as to take them into consideration. Besides its usual functioning, that uses the previously mentioned exception, you can consider two types of operators or commands that we can use to narrow/refine the search results.
The first one is based on modifying a text chain by granting it some properties; a simple example is "". The second uses the syntax "operand:term" where the operand consists on the command we want to calibrate; the term consists of the value that we want to give to that command in order to adjust the search; an example would be using the command filetype that allows us to filter the format of the method that will index our search. In this way, if we introduce "Google Hacking" filetype:pdf we will obtain the results that contain this text string.
These two types of operators can be combined with each other together with Google's usual search that consist only of text strings. This will allow us to form successions of filters powerful enough to obtain the desired information.
Basic Operators
These simple operators exclude large amounts of irrelevant information from the searches we want to conduct in a simple manner.
- Double Quotation marks “” = By sorrounding a text we want to search for with quotation marks, we will force google to search for that specific string of text, on the other hand if we don't include this command, google will add to the results any partial string of the initial string that we typed into the search box. Google will also look for synonyms of our words in the string in order to provide more results which can sometimes be overhwelming. Using this command "text" allows us stop this generic search algorithm & use our filters/rules instead, searching only for what we have actually typed .
- “+” Symbol = As we have xplained in the basic concepts, Google ingores certain words, numbers, etc… The symbol “+” in front of one of these numbers/words, forces the search engine to take it into account. If we are lookin for the Horror film “The ring”, we type [ the ring ] & we will obtain 117.000.000 search results. However, if we instead type [ +the ring ] 159.000 resuls will be thrown at us, we are forcing Google to include the word "the" into the search.
- “-“ Symbol = Similarly to “+”, it's utility is to exclude a term, es decir, if we include “-“ before a term, we will be forcing the search engine to exclude all the web pages obtained from the search results that contain said term.
- “*” Symbol = * Symbol is used as a wild card, by forcing the search engine to interpret said character as any word it sees fit for conducting its searches.Generally, it is useful to combine it with the dopuble quotation marks ("").
- filetype:extensión = Muestra todos los resultados de una búsqueda con una extensión de fichero específica. Algunas extensiones las podemos ver en la tabla.
Extensiones habituales
- intitle:término = Muestra páginas en cuyo título esté el término elegido. Se puede combinar con las comillas dobles para que el término haga referencia a una frase.
- inurl:término: Muestra páginas en cuya url esté el término elegido.
- site:URL: Busca en una página específica.
- define:término: Devuelve la definición del literal buscado.
- related:URL = Muestra páginas semejantes a la URL elegida.
- cache:url : Se mostrará la versión de la página definida por url que Google tiene en su memoria, es decir, la copia que hizo el robot de Google la última vez que pasó por dicha página.
- info:url : Google presentará información sobre la página web que corresponde con la url
- OR = Éste operador nos permite especificar una o varias palabras haciendo que, a la hora de arrojar cada resultado por separado, se tomen en cuenta sólo una de ellas. Por ejemplo [Conciertos 2014 OR 2015] arrojará resultados de los conciertos que tuevieron lugar en 2014 o en 2015.
