Introduction to Google Hacking syntax
GoogleHacking common syntax
1. intext: (only valid for Google) use a character in the body content of the webpage as the search condition 2. intitle: use a character in the webpage title as the search condition 3 , cache: search the search engine about Some content cache may find valuable information in the expired content 4 , filetype / ext: specify a format type file as the search object 5 , inurl: search for URLs containing specified characters 6 , site: in the specified ( Domain name) Site search related content
GoogleHacking other syntax
1 , quotes ' ' ' after the key marked with quotation marks, the quotation marks as part of the whole search 2 , or two or more simultaneous search keywords 3 , Link search for a website link link: baidu.com are returned to all URL 4 linked to baidu , info to find some basic information of the specified site
Google hacking grammar collection site
https://www.exploit-db.com/google-hacking-database/
GoogleHacking Classic Grammar
GoogleHacking typical usage
Manage background address
site: target.com intext: admin | background | background management | login | login | username | password | system | account | login | system site: target.com inurl: login | inurl: admin | inurl: manage | inurl: manager | inurl: admin_login | inurl: system | inurl: backend site: target.com intitle: admin | background | background management | login | login
Upload vulnerability address
site:target.com inurl:file
site:target.com inurl:upload
Inject page
site:target.com inurl:php?id=
Editor page
site: target.com inurl: ewebeditor
Directory traversal vulnerability
site:target.com intitle:index.of
SQL error
site:target.com intext:"sql syntax near" | intext:"syntax error has occurred" | intext:"incorrect syntax near" | intext:"unexpected end of SQL command" | intext:"Warning: mysql_connect()" | intext:”Warning: mysql_query()" | intext:”Warning: pg_connect()"
phpinfo()
site:target.com ext:php intitle:phpinfo "published by the PHP Group"
Configuration file leak
site:target.com ext:.xml | .conf | .cnf | .reg | .inf | .rdp | .cfg | .txt | .ora | .ini
Database file leak
site:target.com ext:.sql | .dbf | .mdb | .db
Log file leak
site:target.com ext:.log
Backup and historical file disclosure
site:target.com ext:.bkf | .bkp | .old | .backup | .bak | .swp | .rar | .txt | .zip | .7z | .sql | .tar.gz | .tgz | .tar
Public document disclosure
site:target.com filetype:.doc | .docx | .xls | .xlsx | .ppt | .pptx | .odt | .pdf | .rtf | .sxw | .psw | .csv
Email information
site:target.com intext:@target.com
site:target.com 邮件
site:target.com email
Social worker information
site: target.com intitle: account number | password | work number | student number | ID card