Google search is an indispensable tool, so much so that it has become synonymous with search. Now we say, “Google it!” rather than “Search for it on the net”, and quite rightly so. With billions of sites and trillions of…
Google search is an indispensable tool, so much so that it has become synonymous with search. Now we say, “Google it!” rather than “Search for it on the net”, and quite rightly so. With billions of sites and trillions of crawled pages, Google is a gold mine of information.
If Google stumbles across data that may expose sensitive information about your organization, Google will not hesitate to index it. The search engine does not discriminate against data it indexes. This veritable knowledgebase can be used for many intents, black, white or various shades in between. Black Hats normally use it for foot-printing their prey. For the uninitiated, Footprinting is the technique to gather all the possible public information to initiate an attack. Now we can use the same techniques to identify and plug holes in our IT environment so that these people with malafide intentions have to work a little bit harder to get to you.
Below is a table which lists some of advanced operators that can be used to find vulnerable websites.
Operator |
Description |
Example |
site: |
This operator instructs Google to limit the search query to a specific domain or web site. |
site:bqurious.com |
filetype: |
This operator instructs Google to restrict the search to text found in a specific file type. |
password filetype:sql |
link: |
This operator will search for pages that link to the requested URL. Moreover, this operator will tell Google to search for a search string within hyperlinks. |
link:www.bqurious.com |
cache: |
This operator instructs Google to search and display a version of a desired web page as it was shown when Google crawled/indexed it. |
cache:testphp.vulnweb.com |
intitle: |
This operator is used when searching of a string text within the title of a page. |
intitle:index.of |
inurl: |
This operator will tell Google to run the search within the given URI. |
inurl:passwords.txt |
Lets see how these operators are leveraged to find vulnerabilities on your site.
Directory Listings
Webservers often server directory listings when a default page like index.html is not presents. Sometimes people store sensitive information in these directories which can be easily compromised if directory listing is enabled.
For example, typing the below query in google search will give you a list of sites that have htpasswd file visible to the world:
intitle:”Index of” .htpasswd
At last count, I got over 2000 results.
For people using wordpress or such frameworks, it is important to ensure there are no sql files left lying around.
intitle:”index of” filetype:sql site:bqurious.com
A quick search with the above query, reveals