Google is not just a search engine to help you find news, videos or images. Google can be a very useful hacking tool. Keep in mind, Google does not allow you to directly hack into websites, but because of its web-crawling abilities, you will be able to find any sensitive information that was not meant to be public consumption.
The act of utilising Google to find sensitive information is also called “Google Dorking” or “Google Hacking”. Google Dork uses queries to find hidden information. Running Google Dork queries will allow you to find a list of files, usernames, passwords, emails, ID’s, as well as web vulnerabilities.
The syntax format is Operator: <search string>
You can also search “index of” followed by what you are looking for. For example, index of “/ktp” will display people’s IDs.
Other Google Dork operators include:
- cache = this will show the cached version of any website
- allintext = this will search for a specific text contained in a webpage
- allintitle = this will search for a specific title
- allinurl = this will search for URLs that have specific characters contained in them
- filetype = this will search for file extensions
There are many more operators that can be used in a Google Dork query. To learn more, visit the Google hacking database: https://www.exploit-db.com/google-hacking-database