Skip to McMaster Navigation Skip to Site Navigation Skip to main content
McMaster Logo McMaster logo

Google Hacking

Detecting Information Leakage Via Advanced Google Searching

Google’s search engine offers many different searching features including web, image, newsgroups, catalog and more. These features offer obvious benefits to even the most uninitiated web surfer, but these same features allow for malicious possibilities to other types of Internet users including hackers, computer criminals and identity thieves. It is important that web administrators and the campus IT security community gain awareness of the avenues of information leakage that can be available via this public search engine. Administrators should aim to have a firm grasp of these basic techniques in order to fully comprehend the more advanced uses possible and take effective advantage of them.

Here are some examples of typical searches that can be performed on a DNS domain:

Detecting website Contamination via URL Referrer or XSS

viagra *
allinurl:viagra *
viagra *
inurl:php intitle:viagra
inurl:php viagra|cialis|pills|levitra (will return indexed words that might be associated to malicious activity or website compromise)

Insecure FTP Configuration

intext:index of/ WS_FTP.ini
intext:index of/ filetype.ini

Administrative Files openly accesible on site

intitle:index.of inurl:admin

Search for documents of specific types on websites or domains

filetype:pdf pci steering
filetype:pdf policy mcmaster
PCI inanchor:uts or PCI inanchor:uts
filetype:txt (it is possible to drill down to folders)
filetype:pdf server* (PDF files with approximate Names on specific website/url)

List Apache servers with directory listing enabled

intitle:index.of Apache/ * Server at
intext:index of Parent Directory (open directory index sites)

Dangerous file types floating on sites/domains

filetype:sql (will return SQL scripts or sample scripts files that should not be present on production sites)
filetype:mp3 (copyrighted files floating on the domain)
filetype:bat (windows executable batch files)
filetype:jar (Java executable files)
filetype:ini (initialization files)

Dangerous strings leading to potential confidentiality issues

inurl:~password* (might return unencrypted password locations)
inurl:userlist (reveals lists of users on site)
allinurl:login http (login with no SSL on URL)
filetype:txt (will return text files that could contain unintended private/insecure information)

Search operators that work with the Google search engine

allinanchor:, allintext:, allintitle:, allinurl:, cache:, define:, filetype:, id:, inanchor:, info:, intext:, intitle:, inurl:, link:, related:, site: