Table of contents
intitle:admin login filetype:php
intitle:"index of " "shell.txt"
5. Google Hacking Grammar Collection Website
Six, small knowledge: web spider
1. Introduction
Use the Google search engine or other Google applications to find security vulnerabilities in website configuration or code through specific methods.
Google Hacking syntax can be used to search for web information, login background, specific files, vulnerability pages, error messages, etc.
2. Logical operators
-
+
Force a search for its last word.
-
-
Ignore a keyword.
-
~
Agree word recognition, search pages with agree words together.
-
.
Single wildcard.
-
*
Wildcards can represent multiple letters.
-
" "
Precise query, only complete and continuous keywords are queried, and the input keywords are not split.
-
|或OR
Only the results matching any one of the multiple keywords will be displayed.
3. Basic Grammar
-
intext:key
Search for pages with keywords within web pages.
-
allintext:key
The function is similar to intext, but multiple keywords can be connected.
-
intitle:key
Search pages with keywords in the title of the page.
-
allintitle:key
The function is similar to allintext, it can connect multiple keywords, but it cannot be used in conjunction with other keywords.
-
cache:url
View the snapshot of the specified URL.
-
file type:
Searches for files of the specified type.
-
info:
The summary information and other related information of the search input URL cannot be mixed with other keywords.
-
inurl:
Whether the search input characters exist in the URL can be combined with the site to find the background.
-
site:
Search for the specified website or subdomain name or c-segment address.
-
related:url
Search for similar pages related to the url.
4. Advanced case
-
intitle:admin login filetype:php
-
site:baidu.com
-
site:baidu.com intitle: login
-
intitle:"index of " "shell.txt"
-
site:baidu.com inurl:/login
-
site:36.110.213.*
5. Google Hacking Grammar Collection Website
There are many advanced usages of Google Hacking grammar in this website. If you are not proficient in using Google Hacking grammar, you can come to this website for reference and learning.
Google Hacking Database (GHDB) - Google Dorks, OSINT, Recon
Six, small knowledge: web spider
When the spider crawls, it will crawl the entire website, and all links in the website will be submitted to Google's database one by one.
So how do you completely hide sensitive information from a website?
From a developer's point of view, it is important to ensure that sensitive information is not referenced externally. If some sensitive directories are referenced in some externally exposed pages, then Google's spiders will follow the vines to find the address. At the same time, it is also necessary to ensure that the names of sensitive information are complex, otherwise the addresses may be scanned by attackers.
Google is not omnipotent, it can only query the webpages crawled by spiders, and spiders crawl according to the agreement of the robots. txt. Although this will not be crawled by spiders, attackers can directly access robots.txt.