contadores de paginas web Saltar al contenido

Google hacking, searching for secret and prohibited things on the net

google-hacking-database

Google Hacking Database is a database that collects special searches for Google and they allow you to find endless information leaked on the internet. The project was created a few years ago by a guy named Johnny Long and then continued by the exploit-db.com team.

When accessing we will find a large list of commands and searches to perform ordered by categories. For each of them, its function and the type of information that can be revealed such as passwords, confidential documents, vulnerabilities in applications and all kinds of things that should not appear in Google but appear by bad server and site configurations.

Perhaps one of the funniest searches is open or poorly configured security webcams, some can even be controlled from the PC (search by webcam or camera):

Webcam found with Google

Keep in mind that although the information or the accesses can be found within the reach of anyone (at the end of the day one simply accesses a web page), what is done afterwards can generate legal problems… so be careful with that.

The practice of carrying out this type of search is called Google hacking And it is not something that is only used by the bad guys, the good guys also take advantage of it to detect problems and even one could do it as explained in this article by Chema Alonso: 6 easy tests to assess the security of your website (or your company).

Finally, mention that Google has its limitations and it is not the only thing that can be used to collect information, there are more search engines and specialized tools. In this sense, I can recommend Chema's blog where there is a lot of published information and practical examples, as well as the book Hacking with Search Engines written by Enrique Rando from Informatica64:

In the past ekoparty took the opportunity to buy it from Chema and I can assure you that the book is amazingly cool.