Google Hacking
About this tool
Every penetration test should start with a passive reconnaissance phase. Since public search engines have gathered huge amounts of information about almost every website from the Internet, it is a good idea to make some queries and get this information from them. Very often you will find sensitive information or data that is not supposed to be public.
Google has a set of advanced search operators which can be used to find interesting information about a target website or domain. Our tool aggregates a couple of useful search expressions (Google dorks) that you can use to extract 'juicy' data from Google. More Google dorks can be found here.
Note: Your browser must allow popups
Parameters
- Target website / domain: as the name says, this is your target website or domain for which you are querying Google. When you specify a domain name (ex. adobe.com), Google will return results for all subdomains of adobe.com like: repo.adobe.com, get.adobe.com, rmsdemo.adobe.com, etc.
How it works
This tool will use your browser to make requests to Google using specific search expressions that are able to find interesting information about the target.