Google Hacking Database (GHDB)
GHDB indexes thousands of advanced searches that target information people have inadvertently left online, such as
Excel spreadsheets that include Social Security numbers
Text files with passwords
Sequel database backups that include passwords
technical drawings on network topology
etc.
Google Hacking
A method where creative search queries are used to uncover easily accessible public information
Useful Google Searches
“site:”
“site:” - limits a search to a given domain
ex - site:engineering.nyu.edu
“link:”
“link:” - shows all sites linked to a specified domain
Useful in identifying the target's business and/or personal relationships.
ex - link:engineering.nyu.edu
“intitle:”
“intitle:” - shows pages whose title matches the search criteria
Useful in identifying open VPN ports, command consoles, web management and consoles for different applications.
ex - intitle:tandon
“inurl:”
“inurl:” - shows pages whose URL matches the search string
If we know the format of the URL for a particular management application or software, we could potentially determine if the target is using it with this search function.
ex - inurl:nyu
“related:”
“related:” - shows similar pages
This could help to provide an indication as to the kind of business or any sort of commerce that's going on between the target and another entity.
ex - related:engineering.nyu.edu
Google Hacking Database (GHDB)
GHDB indexes thousands of advanced searches that target information people have inadvertently left online, such as
Excel spreadsheets that include Social Security numbers
Text files with passwords
Sequel database backups that include passwords
technical drawings on network topology
etc.
Google Hacking
A method where creative search queries are used to uncover easily accessible public information
Useful Google Searches
“site:”
“site:” - limits a search to a given domain
ex - site:engineering.nyu.edu
“link:”
“link:” - shows all sites linked to a specified domain
Useful in identifying the target's business and/or personal relationships.
ex - link:engineering.nyu.edu
“intitle:”
“intitle:” - shows pages whose title matches the search criteria
Useful in identifying open VPN ports, command consoles, web management and consoles for different applications.
ex - intitle:tandon
“inurl:”
“inurl:” - shows pages whose URL matches the search string
If we know the format of the URL for a particular management application or software, we could potentially determine if the target is using it with this search function.
ex - inurl:nyu
“related:”
“related:” - shows similar pages
This could help to provide an indication as to the kind of business or any sort of commerce that's going on between the target and another entity.
ex - related:engineering.nyu.edu