Google Hacking/en

De FdIwiki ELP
Revisión a fecha de 16:39 25 ene 2017; PablolyonsD (Discusión | contribuciones)

(dif) ← Revisión anterior | Revisión actual (dif) | Revisión siguiente → (dif)
Saltar a: navegación, buscar

Introduction

Google is a tool that allows us to index information located on servers. Multiple commands exist to refine "Google searching". The term Google Hacking refers to the use of these operands or advanced commands available to use on Google, that will allow us to narrow dowqn the results in order to obtain greater quality information, by excluding the links that do not correspond with our search options. In order to obtain said functionality, Google Search box accepts a series of filters, also called commands or advanced operators, that will be included with any standard search conducted, by this we mean any search using google.

The correct use of these filters, is even able to narrow down the result to ONE option. This potential makes google a commonly used tool in the security area in order to obtain public information.

Basic Concepts

Google holds by an important rule, "all words are relevant". This implies that each search term introduced into the search box when googling, has the same importance towards processing the results. There are some exceptions to this rule. The most remarkable exception consists of the following: Usually, Google tends to ignore word conectors, some symbols & special characters, even isolated numbers. This is done in order to speed up the search process as this exceptions do not render an affordable improvement as to take them into consideration. Besides its usual functioning, that uses the previously mentioned exception, you can consider two types of operators or commands that we can use to narrow/refine the search results.

The first one is based on modifying a text chain by granting it some properties; a simple example is "". The second uses the syntax "operand:term" where the operand consists on the command we want to calibrate; the term consists of the value that we want to give to that command in order to adjust the search; an example would be using the command filetype that allows us to filter the format of the method that will index our search. In this way, if we introduce "Google Hacking" filetype:pdf we will obtain the results that contain this text string.

These two types of operators can be combined with each other together with Google's usual search that consist only of text strings. This will allow us to form successions of filters powerful enough to obtain the desired information.

Basic Operators

These simple operators exclude large amounts of irrelevant information from the searches we want to conduct in a simple manner.

  • Double Quotation marks “” = By sorrounding a text we want to search for with quotation marks, we will force google to search for that specific string of text, on the other hand if we don't include this command, google will add to the results any partial string of the initial string that we typed into the search box. Google will also look for synonyms of our words in the string in order to provide more results which can sometimes be overhwelming. Using this command "text" allows us stop this generic search algorithm & use our filters/rules instead, searching only for what we have actually typed .
  • “+” Symbol = As we have xplained in the basic concepts, Google ingores certain words, numbers, etc… The symbol “+” in front of one of these numbers/words, forces the search engine to take it into account. If we are lookin for the Horror film “The ring”, we type [ the ring ] & we will obtain 117.000.000 search results. However, if we instead type [ +the ring ] 159.000 resuls will be thrown at us, we are forcing Google to include the word "the" into the search.
  • “-“ Symbol = Similarly to “+”, it's utility is to exclude a term, es decir, if we include “-“ before a term, we will be forcing the search engine to exclude all the web pages obtained from the search results that contain said term.
  • “*” Symbol = * Symbol is used as a wild card, by forcing the search engine to interpret said character as any word it sees fit for conducting its searches.Generally, it is useful to combine it with the dopuble quotation marks ("").
  • filetype:extension = Shows the search results that contain the specified file extension. Some of the usual extensions we can see on the table to the right.
    Extensiones habituales
  • intitle:term = Shows pages who's title contains the term searched for. It can be combined with "" to search for a phrase instead.
  • inurl:term: Shows the pages containing the term included in the search.
  • site:URL: Searches for a specific page.
  • define:term: Returns the definition of the term searched for..
  • related:URL = Shows related pages to the URL selected.
  • cache:url : Will present us with the caché version stored by Google that was created by their robots/trawlers/spiders.
  • info:url : Google wil present us with information about the web page corresponding to the url.
  • OR = This operator allos us to specify one or various words, which when presented with the results, only one of them will be taken into consideration. For example [Conciertos 2014 OR 2015] will render results of concerts that took place in 2014 OR 2015.


External Links