Using Google to Gather Information

Using Google to Gather Information

A hacker may also do a Google search or a Yahoo! People search to locate information

about employees or the organization itself.

The Google search engine can be used in creative ways to perform information gathering. The use of the Google search engine to retrieve information has been termed Google

hacking. Go to http://groups.google.com to search the Google newsgroups. The following commands can be used to have the Google search engine gather target information:

site Searches a specific website or domain. Supply the website you want to search after

the colon.

filetype Searches only within the text of a particular type of file. Supply the file type you

want to search after the colon. Don’t include a period before the file extension.

link Searches within hyperlinks for a search term and identifies linked pages.

cache Identifies the version of a web page. Supply the URL of the site after the colon.

intitle Searches for a term within the title of a document.

inurl Searches only within the URL (web address) of a document. The search term must

follow the colon.

For example, a hacker could use the following command to locate certain types of vulnerable web applications:

INURL:[“parameter=”] with FILETYPE:[ext] and INURL:[scriptname]

Or a hacker could use the search string intitle: “BorderManager information alert”

to look for Novell BorderManager proxy/firewall servers.


COPIED