How we can refine our searches
Many people do not know how to squeeze Google to refine their searches and get the most out of it.
Google has advanced operators that we can use to make our searches more accurate. These operators are also used to obtain a lot of web data with security flaws, obtaining in the end its own name Google Hacking, currently better known as Google Dorks, which if we translate it would be like Google stupid or idiots, you will understand throughout the post why it is called so.
We will start with the most typical which are the signs, where we find:
"" If we want to search for an exact phrase, we will put it in quotation marks, showing us all those websites that contain the phrase exactly as it is in quotation marks.
"Find an apartment in Madrid"
- The hyphen is used to exclude in your searches, for example, we are looking for apartments in Madrid but we hate idealistas and milanuncios.
Find apartment in Madrid -idealista -milaunincios
The operators can be combined with each other, in this case with what we have done so far would be
"Find apartment in Madrid" -idealist -milaunincios
* It is a wildcard, we are performing a search where we are missing a word we do not know.
cinemas * Madrid
@Used to find users in social networks, e.g.
# Results of social networks with the hashtag of your choice
+ Used to search for profiles on Google+
$ To find products with an exact price, in this case we will write the symbol in front of the price which is the most accurate, if we follow the Spanish rules the results will be much fewer.
€ Igual que el dolar pero con euros, en este caso lo ponemos detrás o delante el resultado suele ser similar
.. The two little dots are really good, imagine that you want to buy a laptop, not too bad, not too good or because you have a budget for such a purchase, we would write (you can combine it with the previous symbols of $ and €)
We will now move on to other operators that are also available and more widely used and interesting, due to their power.
OR :To search for multiple terms in a single search
laptops OR tablets OR mobiles
site: para buscar en un sitio o dominio en concreto
site:pccomponentes.com xiaomi 200..300
As you can see we have made another combination to search on pccomponents for the xiaomi between 200 and 300 euros.
related: To search for sites related to a selected url
cache: To see the version of cache that google has on a site
filetype: To search for web sites that contain the type of document we are looking for, for example txt
intitle: To search for web pages that contain in their title in any order the indicated words, it is undoubtedly one of the best, as you will see.
intitle: motorcycles tricycles bicycles
inturl: To search for terms in any order in your url
inturl: motorcycles tricycles bicycles
inttext: To search for terms in any order in the text
inttext: motorcycles tricycles bicycles
To these last three operators described above, we can add in front of them all being allintitle,allinturl,allintext to indicate that the order must match.
Very important in all these operators where you have to write behind the : do not leave any space or Google will take it as a word to search.
There are many more, we leave it to you to investigate.
Google also has its advanced search in the foot of your web, that forgotten part that is under the search bar hehe, clicking on settings/advanced search.
Where we will be able to use many of these operators without knowing them by means of form.
In addition we also have the option to search by images, which surprisingly many people do not know being in the top right and also has advanced search in configuration.
When you click on images you will see the search bar change to show a camera on the right.
Well, apart from using terms to search for images, which you can do in normal mode and then select images, you can click on the camera and upload a photo, to search for all possible matches. For example, you have seen a table in a place that you love and you don't know where to buy it, take a picture and go up or you are looking at a statue and you are curious about it, take a picture and go up too hehe.
And now what?
As we mentioned at the beginning, why from these operators a "Google Hacking" technique has been born, you may ask.
Combining many of these operators or knowing how many systems work, making use of them, we can obtain very sensitive information, such as users and passwords, access to databases, access to cms, documents, books, ... puff endless things, without much effort.
In this post we are only going to put some examples, because although it is for informative level and of learning there is much capullín that in addition can be put in messes without wanting.
For example many webs by mistake or by ignorance allow to list directories and files, where it can be very dangerous if in addition the permissions are not established correctly, acceding to sites where it is not due. And that have these webs in the title, Index of, therefore if we make use simply of the operator intitle: with its quotation marks, let's remember that it coincides exactly with what there is between quotation marks.
We will see the number of web sites, millions, where file and directory listing is allowed.
If we also start playing with the operators we can be finer.
intitle:"Index of" filetype:txt
Or why not?
intitle:"Index of/" "password.txt"
A few more examples and we let them have fun testing and studying.
intitle:"index of" "mysql.properties"
intitle:"index of" cvsroot
site:*/wp-admin/install.php intitle:WordPress Installation
Many systems such as WAF (Web Application Firewall) protect us from Google Dorks, so it is always advisable to have our servers in environments with as many security systems as we can afford.
As you can see with a couple of operators, knowing how many systems work you can find a lot of information that surely should not be there either by mistake that can happen to all of us or by ignorance, hence, they called Google Dorks, now you understand its meaning.
Enjoy... see you soon