The concept of Google hacking is not actually hacking into Google's network infrastructure or systems, but rather using advanced search parameters within the Google search engine. We can use Google to help us find vulnerable systems, hidden information, and resources on the internet by simply inserting special search operators in the Google search bar.
Let's imagine that you would like to use the Google search engine to look for various websites, but you don't want to see results that contain certain keywords or phrases. We can use the <string of text here> -<keyword> syntax to do this. The keyword is the phrase or text that you want to exclude.
Let's look at the following example:
In our example, we are searching for penetration testing tools. At the same time, we are telling the Google search algorithm to not display any results that contain the word kali. Additionally, we can use the <string of text here> "keyword" syntax to view results that do contain the keyword.
The following table is a brief list of Google search operators, also known as Google dorks, that can help you find sensitive information on the internet:
Furthermore, the team at Offensive Security (www.offensive-security.com) maintains the Exploit Database (www.exploit-db.com), which has a dedicated section known as the Google Hacking Database (GHD) (https://www.exploit-db.com/google-hacking-database). The GHD is constantly updated by community members and contains search parameters in many categories, as shown in the following screenshot:
Each search parameter can be copied and pasted into Google Search, and the results will be displayed accordingly. Each entry within the GHD contains a brief description of the search operator.
The following is a search parameter that's used to discover the Cisco Adaptive Security Appliance (ASA), which has a publicly available login page:
Such sensitive information and hidden directories can be a hacker's playground; similarly, for a penetration tester, it's a gold mine just waiting to be exploited.
We have completed our discussion of Google hacking. In the next section, we'll take a took at copying websites locally using Kali Linux.