Hacking Tips and Tools is a repository for the basics of hacking that every programmer in the world should know: Kali Tools
Syllabus | Technologies | Prerequisites | How To Use | License | Author
Repository content:
- Virtual machines and containers
- Shell and scripting
- Command-line environment
- Data wrangling
- Editors
- Version control
- Dotfiles and backups
- Automation and machine introspection
- Program introspection and package/dependency management
- OS customization and Remote Machines
- Web and browsers
- Security and privacy
🚧 Repository content under construction
Hacking Tips and Tools is a repository to show as many summarized experiences as possible about hacking the full stack web and mobile application built and organized by Jony Peixoto.
The application consists of a search by Google and externally to other networks such as the Deep Web and associates about the hacking world, where data is collected in operating systems: Windows, Linux, mainly in applications of internal tools of the Linux system.
To use and test the presented tips and tools, you must have correctly installed and licensed the operating systems or similar mentioned below. You can follow the following article(PT-BR) to configure your environment or use a Google Translate browser extension(search for "google translate extension" and install it in your browser) to help you:
This project was developed according to my research with the following technologies:
Pré-requisitos: Must have a device that runs the Linux operating system or using Windows prompt.
1) Open the search bar (Windows button) on your keyboard
2) Type prompt and run as administrator
3) Ready, now type the desired commands !
Similarly, follow the same 3 steps above, open the terminal on Linux, especially on Kali Linux (shown in the screenshot below), you can choose between user mode or root mode (it works in the same way as running it as administrator on Windows).
Preferably, choose root mode to have all administrator privileges and be able to use all commands in the operating system.
Observation:
In user mode, "$" appears before every command you will type.
In root mode, "#" appears before every command you will type.
Bottom TAB help to auto-complete any name in yout prompt on the Ubuntu Linux
# Historical about the files on the Linux directory
$ ls
# Open the file
$ cd (name file)
# Comeback 1 file
$ cd ..
# Create a file
$ mkdir
# Clear the prompt command
$ clear
# Show all the historical commands used on the promt command
$ history
# Restart the machine (PC, Notebook, etc)
$ reboot
# Turn off the machine (PC, Notebook, etc)
$ shutdown
# Delete the file (name file)
$ rm -rf (name file)
# shows / types the last commands typed in the Prompt
$ CTRL + p # Updates only what is needed on Ubuntu Linux (security, etc)
$ apt-get update
# Update everything on Ubuntu Linux
$ apt-get upgrade
# Remove what it is not necessary on Ubuntu Linux
$ apt-get autoremove
# Install the (program name)
$ apt-get install (program name) # SECTION 1: OVERVIEW GOOGLE HACKING
* What is Google Hacking / Dorking?
* What is Open Source Intelligence?
* History
* Exploring its Techniques
* Benefits
# SECTION 2: ABOUT GOOGLE SEARCH
* How Google Works?
* What are Crawlers?
* How do They Work?
* How Search Engine Works?
* What are Keywords?
* Recap
# SECTION 3: UDERSTANDING THE STRUCTURE QUERY
* Query Operator Structure
* Understaind a URL Structure(With QUery Parameters)
* Various Parts, Broken Down into Pieces
* Google Commands(tricks)
# SECTION 4: USING GOOGLE DORK WITH PRACTICAL IMPLEMENTATION
* Preventing Google Dorks
* Myths and Facts
* Conclusion
- What is Google Hacking / Dorking?
- What is Open Source Intelligence?
- History
- Exploring its Techniques
- Benefits
- What is Google Hacking / Dorking?
Google hacking, also named Google dorking, is a hacker technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites are using.
Google Hacking = Google Dorking = OSINT = Open Source Intelligence
- What is Open Source Intelligence? How is it used?
OSINT = Open Source Intelligence = is derived from data and information that is available to the general public.
It's not limited to what we find using Google, although the so-called SOPHIES Web is an important component.
- History
The concept of Google hacking dates back to 2002 when Johnny began to collect Google search queries that uncovered vulnerable systems and sensitive information discloses labeling them as Google Docs.
The list of Google Docs grew in a large dictionary of queries, which were eventually organized in the original Google hacking database that is G.H. DBE in 2004.
Sometimes Google hacking referred to as Google talking, have been extended to other search engines such as Bing and Shodan.
Automated attaack tools use custom search dictionaries to find vulnerable systems and sensitive information disclosures in public systems that have been indexed by search engines.
- Exploring its Techniques & Benefits
What is important understand?
Advanced Google searches used to find security loopholes on websites and allow hackers to break in to or disrupt the site. Google hacking is a computer hacking technique that uses Google Search and other Google applcations to find security holes in the configuration and computer code that websites use.
It's not hacking into Google servers!
It's just using Google search techniques to find exactly what we actually need.
- Benefits
Benefits of Google dorks(Hacking):
Displays better attractive search results .
Easy to learn.
Shows hidden tricks and links as well.
- How Google Works?
- What are Crawlers?
- How do They Work?
- How Search Engine Works?
- What are Keywords?
- Recap
- How Google Works?
-
Query
-
Google Web Server
-
Index Servers: The web server send the query to the index servers. The content inside the index servers is similar to the index in the back of a book--it tells which pages contain the words that match any particular query term.
-
Doc Servers: the query travels to the doc servers, which actually retrieve the stored documents. Snippets are generated to describe each search result.
-
Google user: the search results are returned to the user in a fraction of a second.
- What are Crawlers? How do They Work?
- Search engine
- Crawler
- mywebsite.com
- Website Contents
- Dictionary of content such as keywords & images is recorded by the Crawler
- Keywords: Apple, Banana, Pear
- The Crawler sends these keywords to the Search Engine to be stored for later search
- How Search Engine Works? What are Keywords?
A user submits a query to search...
- User searches for "Pears"
- Search Engine indexes all crawled websites that has the keyword "Pears"
- anotherwebsite.com
- Website Contents
- Keywords: Apples, Bananas, Pears
- Recap
- What is SEO and how it helps in Google Hacking
SEO = Search Engine Optimization
_________________________________________________________________
- Query Operator Structure
- Understaind a URL Structure(With QUery Parameters)
- Various Parts, Broken Down into Pieces
- Google Commands(tricks)
- Query Operator Structure
- Understaind a URL Structure(With QUery Parameters)
- Various Parts, Broken Down into Pieces
- What are URL Parameters?
- Google Commands(tricks)
Google allows the use of certain operators to help refine searches.
The use of advanced operators is very simple as long as attention is given to the syntax.
The basic format is: operator:search_term
Notice that there is no space between the operator, the colon and the search term.
If a space is used after a colon, Google will display an error message.
If a space is used before the colon, Google will use tour intended operator as a search term.
- The Real World Practical GOOGLE Hacking
- Preventing Google Dorks
- Myths and Facts
- Conclusion
- The Real World Practical GOOGLE Hacking
Site
It returns the websites of specified domains
Example: site:wikipedia.org
inurl
restricts the results to sites whose URL's contains specified phrase.
Example: inurl:adminlogin will return only those pages whose URL contains 'adminlogin'
allinurl
If you start a query with [allinurt:], Google will restrict the results to those with all of the query words in the url.
For instance, [allinurl: google search] will return only documents that have both "google" and "search" in the url.
intitle If you include [intitle:] in your query, Google will restrict the results to documents containing that word in the title.
For instance, [intitle: google search] will return documents that mention thw word "google" in their title, and mention the word "search" anywhere in the document(title or no).
Note there can be no space between the "intitle:" and the following word.
allintitle
only returns results that contain every work in the title.
Example: [allintitle: marketing strategy] The result will contain both marketing and strategy in title
link
Link will list webpages that have links to the specified webpage.
For instance, [link:udemy.com] will list webpages that have links pointing to the Google homepage.
Cache
A cache is a reserved storage location that collects temporary data to help websites, browsers, and apps load faster.
If you include other words in the query, Google will highlight those words within the cached document.
[cache:www.google.com web] will show Google's cache of the Google homepage.
Using Archive.org and searching about the webpage, you can see other versions of the website.
Filetype type is used to limit results to a specific file type.
For example, filetype:rtf galway will search for RTF files with the term "galwat" in them.
intext
Find pages containing a certain word(or words) somewhere in the content
Example: intext:apple
intitle:"Index of"
Shows all results from the index of directory indexed by Google.
intitle:"Index of" config.php
Global folder contains a unique setting of your farm tools, installation, your database, connection
login: "password=" filetype:xls
These are all the Excel sheet with passwords of various assets, all companies or whatever.
Other Google search engine template styles:
Google Gravity
Put:
google:gravity and click the first link
https://mrdoob.com/projects/chromeexperiments/google-gravity/
Google Sphere
Put:
google:sphere and click the first link
https://mrdoob.com/projects/chromeexperiments/google-sphere/
Google Easter Eggs Official
Put:
google:mirror and click the first link
Google Terminal
Put:
google terminal and click the first link
Google Guitar
Put:
google guitar and click the first link
Google Zipper
Put:
google zipper and click the first link
- Preventing Google Dorks
- Myths and Facts
How do I avoid being a victim of Google hacking?
You can run a vulnerability scanner against your website or you can hire certified ethical hackers
What is the difference between Google hacking and hacking Google?
Google hacking means using Google to perform hacking activities.
Hacking google means finding vulnerabilities in Google services. There are security researches who find vulnerabilities in Google and claim bug bounty from Google.
What does Google hacking mean?
Google hacking means using Google to find files and pages that are not secure.
For example, if you have any insecure files or pages at Google, I mean, Google doc can find them very easily.
Does Google hacking work with other search engines?
Yes, specific queries of other search engines might be different.
How do I protect myselft against Google hacks?
Check fot dozens of others even more serious problems that may lead attackers, steal information or take over your websites.
_________________________________________________________________
More 500 Linux commands HERE: eBook with over 500 Linux commands
This project is under the MIT license. See the LICENSE for more information.
Made with ♥ by Jony Peixoto 👋 Get in touch!
TikTok: Jony Tech @jonypeixoto
YouTube: Jony Peixoto
Twitch: Jony Peixoto