Google Hacking

From Wikipedia, the free encyclopedia


Google hacking is a computer hacking technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites use.

Google hacking involves using advance operators in the Google search engine to locate specific strings of text within search results. Some of the more popular examples are finding specific versions of vulnerable Web applications. The following search query would locate all web pages that have that particular text contained within them. It is normal for default installations of applications to include their running version in every page they serve, e.g., "Powered by XOOPS 2.2.3 Final".

The following search query will locate all websites that have the words "admbook" and "version" in the title of the website. It also checks to ensure that the web page being accessed is a PHP file.

intitle:admbook intitle:version filetype:php

Another technique is searching for insecure coding practices in the public code indexed by Google Code Search or other source code search engines.

One can even retrieve the username and password list from Microsoft FrontPage servers by inputting the given microscript in Google search field:

"#-Frontpage-" inurl:administrators.pwd

Devices connected to the Internet can be found. A search string such as inurl:"ViewerFrame?Mode=" will find public web cameras.


This technique would come into use in round 2 of limtz.