2022 Penetration Testing - Browser Search Skills - The Use of Google Hacking for Information Collection

Enterprise 2022-09-04 10:48:43 views: null

Table of contents

Introduction to Google Hacking

Basic usage of Google Hacking

The specific application of Google Hacking

Google Hacking Repository

Introduction to Google Hacking

Use Google search engine or other Google applications to find security holes in website configuration or code with specific syntax. The characteristics are: fast - the search engine prepares a large amount of processed information in advance for retrieval; accurate - the search engine performs various filtering measures such as relevance and importance; concealment - searches and queries are carried out through the database of the search engine ;cache - holds sensitive information that no longer actually exists.

Basic usage of Google Hacking

1.inurl: Used to search for URLs contained on web pages. This syntax is useful for finding searches on the web, help, etc.

2.intitle: Limit the title of the web page you search for.

3.intext: Search the text content contained in the web page (that is, ignoring the title, URL and other text).

4.site: The domain name that limits your search scope.

5.allintitle: Search all the web pages whose keywords form the title.

6.link: Search all the web pages whose keywords form the title.

7.filetype: The suffix or extension of the search file.

The specific application of Google Hacking

1. Search for websites that contain admin characters in their URLs: inurl:admin

 2. Search for websites that contain login characters in their URLs: inurl:login

3. Search for websites that contain the characters site:eu.cn inurl:admin: site:edu.cn inurl:admin

 4. Search for websites that contain pdf documents in the URL: site:offcn.com filetype:pdf

 5. Search for websites that must contain "Shanghai" in the title: intitle:Shanghai

6. inurl: Login admin   will return the web page with Login and admin in the url 

 7. Go back to all pages that contain links to www.baidu.com. link:www.baidu.com 

8. Return to a website with a similar layout to the website page. related:www.offcn.com

 9. Query the website that may have SQL injection. Search for sites with php?id= characters in the URL: inurl:php?id=

 Google Hacking Repository

https://www.exploit-db.com/google-hacking-database

Guess you like

Origin blog.csdn.net/qq_38612882/article/details/123002078
Recommended
The sixth meeting of openKylin Community Ecology Committee was successfully held
Alibaba Cloud officially releases Tongyi Qianwen 2.5
Python 3.13 releases first Beta: experimental free-threading mode and JIT, improved interactive interpreter
Stack Overflow used my code to train large AI models and banned my account.
Pop!_OS’s COSMIC desktop completes App Store listing
Report: Django is still the first choice for 74% of developers
"Internet Investment and Financing Operation in the First Quarter of 2024" Research Report
15 years ago, he was on the "FFmpeg pillar of shame", and today he still has to thank us - Tencent QQPlayer avenges its shame?
Ranking
Python handwritten digit recognition, the corresponding mathematical formulas and Detailed procedures
Der M-Chip-Mac implementiert mehrere Android-Emulatoren
CentOS 명령줄 모드에서 화면이 항상 켜져 있도록 설정 ---- 예상한 효과를 얻지 못했습니다.
Teach you step by step how to use GDB to debug programs: a comprehensive guide from entry to mastery
python3 pip ipython installation
A lot of python crawler source code sharing -- talk about the little thing about python crawler
Agile Sprint in Alpha Stage (7)
Access URL in Unity
FunctoinDemo form
MS SQL common SQL statements (6): create, modify, delete triggers and other operations sq
Daily
More
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)

Code World

© 2018 codetd.com