Google Hacking | Footprinting Methods and Tools


A useful tactic in footprinting a target was popularized mainly in late 2004 by a guy named Johnny Long, who was part of an IT security team at his job. While performing pen tests and ethical hacking, he started paying attention to how the search strings worked in Google. The search engine has always had additional operators designed to allow you to fine-tune your search string. What Mr. Long did was simply apply that logic for a more nefarious purpose. 

Suppose, for example, instead of just looking for a web page on boat repair or searching for an image of a cartoon cat, you decided to tell the search engine, “Hey, do you think you can look for any systems that are using Remote Desktop Web Connection?” Or how about, “Can you please show me any MySQL history pages so I can try to lift a password or two?” Amazingly enough, search engines can do just that for you, and more. The term this practice has become known by is Google hacking. 

Google hacking involves manipulating a search string with additional specific operators to search for vulnerabilities. Table below describes advanced operators for Google hack search strings. 
Innumerable websites are available to help you with Google hack strings. For example, from the Google Hacking Database (a site operated by Mr. Johnny Long and Hackers for Charity, www.hackersforcharity.org/ghdb/), try this string from wherever you are right now:




Basically we’re telling Google to go look for web pages that have TSWEB in the URL (indicating a remote access connection page), and you want to see only those that are running the default HTML page (default installs are common in a host of different areas and usually make things a lot easier for an attacker). I think you may be surprised by the results—I even saw one page where an admin had edited the text to include the logon information.

And if Google hacking weren’t easy enough, there are a variety of tools to make it even more powerful. Tools such as SiteDigger (www.mcafee.com) use Google hack searches and other methods to dig up all sorts of information and vulnerabilities. MetaGoofil (www.edge-security.com) uses Google hacks and cache to find unbelievable amounts of information hidden in the meta tags of publicly available documents. Find the browser and search engine of your choice and look for “Google hack tools.” You’ll find more than a few available for play.

Another note on Google hacking: it’s not as easy to pull off as it once was. Google, for reasons I will avoid discussing here because it angers me to no end, has decided it needs to police search results to prevent folks from using the search engine as it was intended to be used. As you can see from Figure below, and probably from your own Google hacking attempts in learning this opportunity, Google will, from time to time, throw up a CAPTCHA if it believes you’re a “bot” or trying to use the search engine for



17 comments:

  1. Thank you for sharing such amazing blogs every month. Every time you come up with different topics and ideas which really help our students. If you want to learn hacking? here is full hacking tutorial. watch now!!!

    ReplyDelete
    Replies
    1. Hello Everyone !

      USA SSN Leads/Dead Fullz available, along with Driving License/ID Number with good connectivity.

      All SSN's are Tested & Verified.

      **DETAILS IN LEADS/FULLZ**

      ->FULL NAME
      ->SSN
      ->DATE OF BIRTH
      ->DRIVING LICENSE NUMBER
      ->ADDRESS WITH ZIP
      ->PHONE NUMBER, EMAIL
      ->EMPLOYEE DETAILS

      *Price for SSN lead $2
      *You can ask for sample before any deal
      *If you buy in bulk, will give you discount
      *Sampling is just for serious buyers

      ->Hope for the long term business
      ->You can buy for your specific states too

      **Contact 24/7**

      Whatsapp > +923172721122

      Email > leads.sellers1212@gmail.com

      Telegram > @leadsupplier

      ICQ > 752822040

      Delete
  2. Nice blog.
    To learn more about Ethical Hacking institute in Noida, then you can get in touch with the Global Institute of Ethical Hacking, Noida. They provide the best courses to make you stand out of the crowd.

    ReplyDelete
  3. Excellent post, Thanks to sharing for google hacking methods.

    Ethical Hacking Training in Delhi

    ReplyDelete
  4. Hello Everyone !

    USA SSN Leads/Dead Fullz available, along with Driving License/ID Number with good connectivity.

    All SSN's are Tested & Verified.

    **DETAILS IN LEADS/FULLZ**

    ->FULL NAME
    ->SSN
    ->DATE OF BIRTH
    ->DRIVING LICENSE NUMBER
    ->ADDRESS WITH ZIP
    ->PHONE NUMBER, EMAIL
    ->EMPLOYEE DETAILS

    *Price for SSN lead $2
    *You can ask for sample before any deal
    *If you buy in bulk, will give you discount
    *Sampling is just for serious buyers

    ->Hope for the long term business
    ->You can buy for your specific states too

    **Contact 24/7**

    Whatsapp > +923172721122

    Email > leads.sellers1212@gmail.com

    Telegram > @leadsupplier

    ICQ > 752822040

    ReplyDelete
  5. Selling USA FRESH SPAMMED SSN Leads/Fullz, along with Driving License/ID Number with EXCELLENT connectivity.

    **PRICE**
    >>2$ FOR EACH LEAD/FULLZ/PROFILE
    >>5$ FOR EACH PREMIUM LEAD/FULLZ/PROFILE

    **DETAILS IN EACH LEAD/FULLZ**

    ->FULL NAME
    ->SSN
    ->DATE OF BIRTH
    ->DRIVING LICENSE NUMBER WITH EXPIRY DATE
    ->ADDRESS WITH ZIP
    ->PHONE NUMBER, EMAIL, I.P ADDRESS
    ->EMPLOYEE DETAILS
    ->REALTIONSHIP DETAILS
    ->MORTGAGE INFO
    ->BANK ACCOUNT DETAILS

    >All Leads are Tested & Verified.
    >Invalid info found, will be replaced.
    >Serious buyers will be welcome & I will give discounts for bulk orders.
    >Fresh spammed data of USA Credit Bureau
    >Good credit Scores, 700 minimum scores
    >Bulk order will be preferable
    >Minimum order 20 leads/fullz
    >Hope for the long term business
    >You can asked for samples, specific states & zips (if needed)
    >Payment mode BTC, PAYPAL & PERFECT MONEY

    Email > leads.sellers1212@gmail.com
    Telegram > @leadsupplier
    ICQ > 752822040

    ''OTHER GADGETS PROVIDING''

    >Dead Fullz
    >Carding Tutorials
    >Hacking Tutorials
    >SMTP Linux Root
    >DUMPS with pins track 1 and 2
    >Sock Tools
    >Server I.P's
    >USA emails with passwords (bulk order preferable)

    **Contact 24/7**

    Email > leads.sellers1212@gmail.com
    Telegram > @leadsupplier
    ICQ > 752822040

    ReplyDelete
  6. Become an EC-Council Certified Ethical Hacker(CEH) with this certification training course. Learn tools & techniques to protect your network. Attend onsite, in-class or customized training. Contact Now! +1 437 580 3311

    ReplyDelete
  7. Hello all
    am looking few years that some guys comes into the market
    they called themselves hacker, carder or spammer they rip the
    peoples with different ways and it’s a badly impact to real hacker
    now situation is that peoples doesn’t believe that real hackers and carder scammer exists.
    Anyone want to make deal with me any type am available.

    Available Services

    ..Wire Bank Transfer all over the world

    ..Western Union Transfer all over the world

    ..Credit Cards (USA, UK, AUS, CAN, NZ)

    ..School Grade upgrade / remove Records

    ..Spamming Tool

    ..keyloggers / rats

    ..Social Media recovery

    .. Teaching Hacking / spamming / carding (1/2 hours course)

    discount for re-seller

    Contact: 24/7

    fixitrogers@gmail.com

    ReplyDelete
  8. I sincerely don’t like the fact saying this here but please let everyone be aware of scam. I hope this will be a lesson for others to be very careful of imposters and who they contact, many are fake claiming to be legitimate. Actually I was a victim because i was so desperate searching for hacker to help me get some information and i fall at hand of scammers, but all thanks to GOD I was lucky at last to find a reliable hacker and he was my savior; his services are so genuine. I recommend everyone to "Hacker Kaspersky" he is just the best for any phone hacking and internet programming. My boyfriend was ungrateful as he was deceiving me for his own selfish interest, But "Hacker Kaspersky" remotely tracked him as i was able to access his phone calls, messages and his location without his notice. Contact him via email (hackerkasperskytech@gmail.com) tell him i refer you.

    ReplyDelete
  9. Fullz With DL & SSN Available
    Fresh Databases & Verified Info
    Bulk Quantity Available
    Will replace Fullz/Pros if found Invalid

    Details Included
    Full Name|SSN|DOB|Address|City|State|Zip|Phone|EmailEmployee&Bank Info

    CC Fullz with CVV
    Dumps With Pins 101 & 202 With Pins
    High Credit Scores Pros
    DL Scans Front & Back
    Business EIN Fullz
    UK|USA|CANADA Fullz
    Bulk Quantity available

    Hit Me UP:
    Telegram @killhacks \ @leadsupplier
    ICQ @killhacks \ 752822040
    Email hacksp007 @ dnmx.org
    Whats App +92 317 272 1122

    ReplyDelete
  10. NEW SWIFT HACK Software. generate amount and transfer using SWIFT MT103 SWIFT HACK SOFTWARE

    ReplyDelete
  11. Google hacking involves using advanced search operators to uncover sensitive information online, highlighting potential security gaps. Businesses seeking solutions should avoid risks and work with genuine hackers for hire, like certified ethical hackers, who identify vulnerabilities legally and ethically. Partnering with professionals ensures data security, compliance with laws, and stronger protection against cyber threats without compromising trust or integrity.

    ReplyDelete
    Replies
    1. Finding ethical and secure hackers for hire is essential for account recovery, hacking solutions, or investigations. Reliable professionals prioritize speed, safety, and privacy to meet all cyber challenges effectively. Always verify credentials and ensure legal compliance.

      Get all hacking solution here:

      Hire a Hacker
      Genuine Hackers for Hire
      Hacker for Hire
      Ethical hackers for hire
      Hire Phone Hackers
      Top Rated Ethical Hackers

      Delete

Popular Posts