Allows you to find juicy information indexed by Google about a target website (ex. directory listing, sensitive files, error messages, login pages, etc).
Google Hacking is a powerful reconnaissance method since it basically searches all information indexed by Google about the target websites/domains.
This scan does not interact in any way with the target website. All the information is obtained directly from Google, without sending any packet to the target.
Advanced Search Operators
The tool uses a combination of advanced Google search operators in order to discover potential vulnerabilities and misconfigurations indexed by Google.
Every penetration test should start with a passive reconnaissance phase. Since public search engines have gathered huge amounts of information about almost every website from the Internet, it is a good idea to make some queries and get this information from them. Very often you will find sensitive information or data that is not supposed to be public.
Google has a set of advanced search operators which can be used to find interesting information about a target website or domain.
Our tool aggregates a couple of useful search expressions (Google dorks) that you can use to extract 'juicy' data from Google. More Google dorks can be found here.
Note: Your browser must allow popups
Target website / domain
As the name says, this is your target website or domain for which you are querying Google. When you specify a domain name (ex. adobe.com), Google will return results for all subdomains of adobe.com like: repo.adobe.com, get.adobe.com, rmsdemo.adobe.com, etc.
How it works
This tool will use your browser to make requests to Google using specific search expressions that are able to find interesting information about the target.
This tool costs 0 credits but you have 40 credits left.