Hello all,
Most of us would have heard about Google hacking or Google dorks. And there are lot of articles about this in the internet.
I would like to add few search stings which is interesting and bit scary too.
Hit the below search query in the search engine and you can find email ids and passwords
ext:txt intext:@hotmail.com intext :password
ext:sql intext:@yahoo.com Intext:phone
One of such text file will be like below screenshot.
EXT: this is the extension of the file type you searching for, so the search engine will just return the link for the file type. In our example it will bring back only the file ftype .txt(text document)
INTEXT: This key word is used to search only the text we mention in the filetype.
So in our example it will look in a text files for a text "@hotmail.com" and also the text "Password"
I tried keep changing the file extension from txt to csv, sql, xls and so on and it returned more detail.
Also you can keep adding intext key for various other thing like username, phone, address.
There is not much luck for the card number at least with in the ones which I searched so far, let me know if there is any key word can be included.
If you doing a pen-testing for a client you can use these to find whether you are able to find similar information.
Example: If my client is www.example.com I can use below query
ext:sql intext:@example.com which will bring any .sql file which has a text content"@example.com.
To find any other files which should be exposed to the public network is available on the internet then we can always as the Google to remove them.
https://support.google.com/webmasters/answer/164734?hl=en
Once the content is been removed by the Google you will find something similar in the Google page, so if you find your email Id or other person details go ahead and report it to the search engine providers.
Most of us would have heard about Google hacking or Google dorks. And there are lot of articles about this in the internet.
I would like to add few search stings which is interesting and bit scary too.
Hit the below search query in the search engine and you can find email ids and passwords
ext:txt intext:@hotmail.com intext :password
ext:sql intext:@yahoo.com Intext:phone
One of such text file will be like below screenshot.
EXT: this is the extension of the file type you searching for, so the search engine will just return the link for the file type. In our example it will bring back only the file ftype .txt(text document)
INTEXT: This key word is used to search only the text we mention in the filetype.
So in our example it will look in a text files for a text "@hotmail.com" and also the text "Password"
I tried keep changing the file extension from txt to csv, sql, xls and so on and it returned more detail.
Also you can keep adding intext key for various other thing like username, phone, address.
There is not much luck for the card number at least with in the ones which I searched so far, let me know if there is any key word can be included.
If you doing a pen-testing for a client you can use these to find whether you are able to find similar information.
Example: If my client is www.example.com I can use below query
ext:sql intext:@example.com which will bring any .sql file which has a text content"@example.com.
To find any other files which should be exposed to the public network is available on the internet then we can always as the Google to remove them.
https://support.google.com/webmasters/answer/164734?hl=en
Once the content is been removed by the Google you will find something similar in the Google page, so if you find your email Id or other person details go ahead and report it to the search engine providers.
No comments:
Post a Comment