Saturday, 10 November 2007

Google as a Search tool (its for more than hacking!)

I am a perpetual student. I am completing my LLM (Masters in Law) at the moment (I will have my dissertation complete by Feb 08). I use search engines in finding material all the time.

Johny Long, points out the value of checking Google for errors and vulnerabilies so that you do not become another Google Dork.

Both reasons are valid uses for these search engines. Some of the things you should know include:
  • Use "site:" to enumerate hostnames

  • Exclude common files with "-ext:"

  • Try "intitle:" if you are hunting a very specific setting or string

  • You can use "filetype:" if you are searching for intellectual property leakage

  • Finding relationships using "link:"Expanding relationships through "inanchor:"

  • Search patterns in URLs using "inurl:"

  • Limiting searches to specific countries with "restrict=countryCC"

  • Language-specific constraints using "hl" and "lr"

  • "all...:" operators

  • Ranges: "numrange:" and "daterange:"

  • Mixing Google operators

If you are interested in learnign more, I am teaching a SANS STAY SHARP class in Sydney next week. The class is Stay Sharp: Power Search with Google (formerly Google Hacking & Defense) and it is a must for anyone who has to work with web systems and security (firewall and IDS admins, network administrators, security and web etc). I look forward to seeing you there.

No comments: