2 Free Scans
×

Google Hacking

Uses advanced search operators to find juicy information about target websites

  Directory listing vulnerabilities
  Configuration files exposed
  Database files exposed
  Log files exposed
  Backup and old files
  Login pages
  SQL errors
  Publicly exposed documents
  phpinfo()
Free Scan

Sample Report

Here is a Google Hacking sample report:

  • Fast information gathering
  • Fully passive scan, non-instrusive
  • Leverage the power of Google search engine

Download Sample Report

Sample report

Google Hacking - Use Cases

Allows you to find juicy information indexed by Google about a target website (ex. directory listing, sensitive files, error messages, login pages, etc).

Target Reconnaissance

Google Hacking is a powerful reconnaissance method since it basically searches all information indexed by Google about the target websites/domains.

Completely Passive

This scan does not interact in any way with the target website. All the information is obtained directly from Google, without sending any packet to the target.

Advanced Search Operators

The tool uses a combination of advanced Google search operators in order to discover potential vulnerabilities and misconfigurations indexed by Google.

Technical Details


About

Every penetration test should start with a passive reconnaissance phase. Since public search engines have gathered huge amounts of information about almost every website from the Internet, it is a good idea to make some queries and get this information from them. Very often you will find sensitive information or data that is not supposed to be public.

Google has a set of advanced search operators which can be used to find interesting information about a target website or domain.
Our tool aggregates a couple of useful search expressions (Google dorks) that you can use to extract 'juicy' data from Google. More Google dorks can be found here.

Note: Your browser must allow popups


Parameters

Parameter Description
Target website / domain As the name says, this is your target website or domain for which you are querying Google. When you specify a domain name (ex. adobe.com), Google will return results for all subdomains of adobe.com like: repo.adobe.com, get.adobe.com, rmsdemo.adobe.com, etc.


How it works

This tool will use your browser to make requests to Google using specific search expressions that are able to find interesting information about the target.