Google is world’s most popular and powerful search engine which has the ability to accept pre-defined commands as inputs and produce unbelievable results. This enables malicious users like hackers, crackers, and script kiddies etc to use Google search engine extensively to gather confidential or sensitive information which are not visible through common searches.
In this paper I shall cover the below given points that an administrators or security professionals must take into account to prevent such information disclosures: - Google’s Advance Search Query Syntaxes
- Querying for vulnerable sites or servers using Google’s Advance syntaxes
- Securing servers or sites from Google’s invasion
Google’s Advance Search Query Syntaxes
Below discussed are various Google’s special commands and I shall be explaining each command in
Brief and will show how it can be used for critical information digging.
[ intitle: ]
The “ intitle: ” syntax helps Google restrict the search results to pages containing that word in the title. For example, “intitle: login password ” (without quotes) will return link s to those pages that has the word “login " in their title, and the word " password " anywhere in the page.
Similarly, if one has to query for more than one word in the page title then in that case “ allintitle:” can be used instead of “ intitle ” to get the list of pages containing all those words in its title. For example using
“ intitle: login intitle: password ” is same as querying “ allintitle: login password ”.
inurl: [ ]
The “ inurl: ” syntax restricts the search results to those URLs containing the search keyword. For example: “ inurl: passwd” (without quotes) will return only links to those pages that have " passwd " in the URL.
Similarly, if one has to query for more than one word in an URL then in that case “ allinurl: ” can be used instead of “ inurl ” to get the list of URLs containing all those search keywords in it. For ex ample: “
allinurl: etc/passwd “ will look for the URLs containing “ etc ” and “ passwd ”. The slash (“/”) between the words will be ignored by Google.
[ site: ]
The “ site: ” syntax restricts Google to query for certain keywords in a particular site or domain. For example: “ exploits site: innobuzz.in ” (without quotes) will look for the keyword “ exploits ” in those pages present in all the links of the domain “ innobuzz.in” . There should not be any space between “site:” and the “domain name”.
[ filetype: ]
This “ filetype: ” syntax restricts Google search for files on internet with particular extensions (i.e. doc, pdf or ppt etc). For example: “ filetype: doc site: gov confidential ” (without quotes) will look for files with “.doc” extension in all government domains with “ .gov ” extension and containing the word “confidential” either in the pages or in the “.doc” file. i.e. the result will contain the links to all confidential word document files on the government sites.
[ link: ]…