Google hacking

Google hacking, also named Google dorking, is a computer hacking technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites use.

Google hacking involves using advanced operators in the Google search engine to locate specific strings of text within search results. Some of the more popular examples are finding specific versions of vulnerable Web applications. The following search query would locate all web pages that have that particular text contained within them. It is normal for default installations of applications to include their running version in every page they serve, for example, "Powered by XOOPS 2.2.3 Final"

One can even retrieve the username and password list from Microsoft FrontPage servers by inputting the given microscript in Google search field:

Devices connected to the Internet can be found. A search string such as inurl:"ViewerFrame?Mode=" will find public web cameras.

Another useful search is following intitle:index.of[1] followed by a search keyword. This can give a list of files on the servers. For example, intitle:index.of mp3 will give all the MP3 files available on various servers.

There are many similar advanced operators which can be used to exploit insecure websites:

The "link:" search operator that Google used to have, has been turned off by now (2017).

The concept of "Google Hacking" dates back to 2002, when Johnny Long began to collect interesting Google search queries that uncovered vulnerable systems and/or sensitive information disclosures - labeling them googleDorks.

The list of googleDorks grew into large dictionary of queries, which were eventually organized into the original Google Hacking Database (GHDB) in 2004. These Google hacking techniques were the focus of a book released by Johnny Long in 2005, called Google Hacking for Penetration Testers, Volume 1.

...
Wikipedia