Using Google to Gather Information

A hacker may also do a Google search or a Yahoo! People search to locate information about employees or the organization itself.
The Google search engine can be used in creative ways to perform information gathering. The use of the Google search engine to retrieve information has been termed Google hacking. Go to to search the Google newsgroups. The following commands can be used to have the Google search engine gather target information:
  • site Searches a specific website or domain. Supply the website you want to search after the colon.]
  • filetype Searches only within the text of a particular type of file. Supply the file type you want to search after the colon. Don't include a period before the file extension.
  • link Searches within hyperlinks for a search term and identifies linked pages.
  • cache Identifies the version of a web page. Supply the URL of the site after the colon.
  • intitle Searches for a term within the title of a document.
  • inurl Searches only within the URL (web address) of a document. The search term must follow the colon.
For example, a hacker could use the following command to locate certain types of vulnerable web applications:
INURL:["parameter="] with FILETYPE:[ext] and INURL:[scriptname]
Or a hacker could use the search string intitle:"BorderManager information alert" to look for Novell BorderManager proxy/firewall servers.
For more syntax on performing Google searches, visit
Blogs, newsgroups, and press releases are also good places to find information about the company or employees. Corporate job postings can provide information as to the type of servers or infrastructure devices a company may be using on its network.
Other information obtained may include identification of the Internet technologies being used, the operating system and hardware being used, active IP addresses, email addresses and phone numbers, and corporate policies and procedures.
Generally, a hacker spends 90 percent of the time profiling and gathering information on a target and 10 percent of the time launching the attack.


Popular Posts