Search engine hacking

Search Engine Hacking –Manual and Automation

Introduction:

We are all aware of Google/Yahoo/
Bing Search engines; they need no
introduction. We use them every now
and then to solve our day-to-day
queries. Google and other search engines use automated programs
called spiders or crawlers. Also, these search engines
have a large index of keywords, and
where those words can be found.
Powerful crawling and indexing
features make these search engines
not only powerful but also opens
doors for hackers to use for
identifying vulnerable targets over the
internet. This is called Search Engine
Hacking.
Search Engine Hacking involves using
advanced operator-based searching
to identify exploitable targets and
sensitive data using the search
engines.
In this article, we learn to use various
Google search operators to identify
vulnerable targets over the Internet
and also check out a new tool that
can be used to automate this
process.
Special Search Characters:
Google search engine provides its
users with various special search
characters for advanced searching.
See a partial list below:
1.
Quotes ["search query"]: Quotes are
used to search for specific phrase or
set of words.
E.g. The query ["The monk who sold
his Ferrari"] will search for the
specific phrase —The monk who sold
his Ferrari.
2.
Minus Sign [-]: The minus sign tells
Google search engine to exclude the
word that follows the minus operator.
E.g. [-red apple] will display the
search results which will exclude the
word red.
3.
Tilde operator [~]: Adding a tilde
operator in front of a word will search
for results containing that word as
well as even more synonyms.
E.g. [~jokes] will display search
results which will include the word
jokes as well as its synonyms like
funny, humor, etc.
4.
OR operator or vertical bar [|]: Using
OR (in uppercase) or the vertical bar
with two or more keywords, tells
Google to search for pages that
contain either of the words.
E.g. [Android OR Apple] will display
search results containing either of the
words.
5.
Asterisk operator [*]: The asterisk is a
computer symbol for a wildcard,
which allows the search engine, such
as Google, to fill in that space with
any text string. You can also use it
within double quotes for more precise
searches.
E.g. The query ["today is * day"] will
display search results like “today is a
good day” or “today is mother’s day”,
etc