As an ethical hackers, we can find that search engines will often do quite a lot of the work for us. They have perfected the art of crawling websites and thus can find things that we humans have a hard time finding.
Lucky for us, we can manipulate these search engines to display the exact results we are looking for, but of course we need to know what we are looking for ourselves before we can tell a robot how to help us.
Photo by
Fitore Fazliu on
UnsplashBaidu, China’s
most popular search engine.
Bing, a search engine owned and operated by Microsoft, and the second
most popular worldwide. Supports
advanced search keywords.
binsearch.info, a search engine for binary Usenet newsgroups.
Common Crawl, “an open repository of web crawl data that can be accessed and analyzed by anyone.”
DuckDuckGo, a privacy-focused search engine that compiles results from many different
sources. Supports
search syntax.
Google, which offers the world’s
most popular search engine, and uses a ranking system to attempt to return the most relevant results. Supports
search operators.
Internet Archive Wayback Machine, “building a digital library of Internet sites and other cultural artifacts in digital form.”
Startpage, a search engine that uses Google’s results without collecting personal information through trackers and logs. Supports
search operators.
Shodan, a service for searching Internet-connected devices and services. Usage options include a limited free plan as well as paid subscription plans.site: will limit the search to the provided domain.inurl: will only return results that include the keyword in the URL.intitle: will only return results that have the keyword in the page title.intext: or inbody: will only search for the keyword in the body of pages.filetype: will match only a specific filetype, i.e. png, or php.cache: Search the cacheOR,AND, -, *, IN( ) Group termsRelated: Find sites related to a given domain.FootholdsFiles containing usernamesSensitive DirectoriesWeb Server DetectionVulnerable FilesVulnerable ServersError MessagesFiles containing juicy infoFiles containing passwordsSensitive Online Shopping InfoNew subdomainsGoogle hacking database (
https://www.exploit-db.com/google-hacking-database)SANS Cheat sheet:
https://www.sans.org/security-resources/GoogleCheatSheet.pdfgbhackers:
https://gbhackers.com/latest-google-dorks-list/pentest-tools.com:
https://pentest-tools.com/information-gathering/google-hacking#https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/01-Information_Gathering/01-Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_LeakageSite:
google.comSite:
google.com -wwwSite:
google.com -www -blogSite:
google.com -www -blog -mail -maps….Go to GHDBFind dork that fits your targetsSite:
google.com filetype:pdfSite:
google.com filetype:csvSite:
google.com filetype:…Site:
google.com filetype:BAKGoogle Dork Query:
intitle:”index of” “backup.bak”site:google.com inurl:login | inurl:signin | intitle:Login | intitle:”sign in” | inurl:auth
site:google.com intitle:index.of
site:google.com ext:sql | ext:dbf | ext:mdb
site:google.com intext:”sql syntax near” | intext:”syntax error has occurred” | intext:”incorrect syntax near” | intext:”unexpected end of SQL command” | intext:”Warning: mysql_connect()” | intext:”Warning: mysql_query()” | intext:”Warning: pg_connect()”
site:google.com “PHP Parse error” | “PHP Warning” | “PHP Error”
site:google.com inurl:signup | inurl:register | intitle:Signup
Site:www.google.com -inurl:index.phpSite:www.google.com -inurl:index.php -inurl:login.php
https://github.com/tomnomnom/waybackurls
PDFDOCX, DOCXLSX, XLSPPT, PPTXBAKSQL,DBF,MDBCONFYAMLXMLLOG
.png)
2 years ago
183 
Bengali (Bangladesh) · 
English (United States) ·