Google Hacking

Free

Google will search for interesting information and potential vulnerabilities in this domain.

Sample domain: att.com

  Directory listing vulnerabilities
  Configuration files exposed
  Database files exposed
  Log files exposed
  Backup and old files
  Login pages
  SQL errors
  Publicly exposed documents
  phpinfo()

About this tool

Every penetration test should start with a passive reconnaissance phase. Since public search engines have gathered huge amounts of information about almost every website from the Internet, it is a good idea to make some queries and get this information from them. Very often you will find sensitive information or data that is not supposed to be public.

Google has a set of advanced search operators which can be used to find interesting information about a target website or domain. Our tool aggregates a couple of useful search expressions (Google dorks) that you can use to extract 'juicy' data from Google. More Google dorks can be found here.

Note: Your browser must allow popups


Parameters

  • Target website / domain: as the name says, this is your target website or domain for which you are querying Google. When you specify a domain name (ex. adobe.com), Google will return results for all subdomains of adobe.com like: repo.adobe.com, get.adobe.com, rmsdemo.adobe.com, etc.

How it works

This tool will use your browser to make requests to Google using specific search expressions that are able to find interesting information about the target.

×
Pentest-Tools.com © 2018