Welcome to my second tutorial on Information Gathering

In this tutorial we ll be using Google to gather more sensitive information about our target.

So first let us start with some basic usage of advanced google searching. Then i will show you how to use them to gather information about your target.

inurl
InUrl is used to search for any text inside the uri. Many times used by hackers to search for vulnerable scripts and plugins or sensitive information in the website.

intext
InText is used to search for any text in the body or the source code of the website. It is many times used by hackers to search for particular version of application which is exploitable.

filetype

FileType is used to search for any type of file which you want to locate in a particualr website or on any particular subject or you can search for any type of file freely. Used by hackers to search for files containing Sensitive information for exploit the websites.

intitle
InTitle is used to search for titles of the webpages. Hackers use to to search for vulnerable pages or the indexing on a website.

site
Site using this dork you can minimize the area of search to a particular website. Hackers use it to target and search sentive information in a website.

link
Link checks other websites containing links to a website. Hackers use to search any other information related to thier target.

-(subtract)
Many times you want to remove some junk results and get more pointed results.

Now we ll use all the above dorks in a manner to get some more information about our target.

Searching for public Sub-domains for your target domain.
Site:yoursite.com -site:www.yoursite.com

Getting Open Index or Insecure Information
intitle:"index of /" Parent Directory site:yoursitehere.com
You can search for admin directories
intitle:"Index of /admin" site:yoursitehere.com
You can search for password directories
intitle:"Index of /password" site:yoursitehere.com
You can search for mail directories
intitle:"Index of /mail" site:yoursitehere.com
You can search for files like passwd
intitle:"Index of /" passwd site:yoursitehere.com
You can search for password.txt files
intitle:"Index of /" password.txt site:yoursitehere.com
You can search for htaccess file
intitle:"Index of /" .htaccess site:yoursitehere.com
You can also search for diffrent extensions.
intitle:"index of ftp" .mdb site:yoursitehere.com
You can also try and look for admin pages or the login functionalities
Intitle: "login" "admin" site:yoursitehere.com

Using InURL we can search for diffrent functionalities within the website.
Search for Admin Login Functionality on target domain
inurl:admin site:yoursitehere.com
Search for Login Functionality on target domain
inurl:login site:yoursitehere.com

Using FileType we can search for diffrent files within the website.
Searching for text files containing passwd in URL on target domain
inurl:passwd filetype:txt site:yoursitehere.com
Searching for db files containing admin in URL on target domain
inurl:admin filetype:db site:yoursitehere.com
Searching for logs on target domain
filetype:log site:yoursitehere.com
Searching for Excel and csv files on target domain
filetype:xls csv site:yoursitehere.com

Search for other sites containing links for your target website
link:yoursite.com -site:yoursite.com

You can also use Google Translater as a proxy to access the website
http://translate.google.com/translate?hl=en&sl=ar&tl=en&u=http://www.yoursitehere.com/urlhere

You can also use shodanhq.com for some more information by just using the hostname:yoursitehere.com dork.

Thanks for reading, see in the next part on Information Gathering

Author : Zenodermus Javanicus
Date : 2014-02-23