Professional Documents
Culture Documents
Google Hacking
“search term”
Example: “Bill Gates”
OR
Examples: musk OR gates / musk | gates
AND
Search for X and Y. This will return only results related to both
X and Y. Note: It doesn’t really make much difference for regular searches, as
Google defaults to “AND” anyway. But it’s very useful when paired with
other operators.
Example: musk AND gates
-
Exclude a term or phrase. In our example, any pages returned will be related
to jobs but not Apple (the company).
Example: jobs -apple
*
Acts as a wildcard and will match any word or phrase.
Example: steve * apple
()
Group multiple terms or search operators to control how the search is
executed.
Example: (imac OR iphone) apple
$
Search for prices. Also works for Euro (€), but not GBP (£)
Example: iphone $629
define:
A dictionary built into Google, basically. This will display the meaning of a
word in a card-like result in the SERPs.
Example: define:hacker
cache:
Returns the most recent cached version of a web page (providing the page is
indexed, of course).
Example: cache:apple.com
filetype:
Restrict results to those of a certain filetype. E.g., PDF, DOCX, TXT, PPT,
etc. Note: The “ext:” operator can also be used—the results are identical.
site:
Limit results to those from a specific website.
Example: site:apple.com
related:
Find sites related to a given domain.
Example: related:apple.com
intitle:
Find pages with a certain word (or words) in the title. In our example, any
results containing the word “apple” in the title tag will be returned.
Example: intitle:apple
allintitle:
Similar to “intitle,” but only results containing all of the specified words in
the title tag will be returned.
Example: allintitle:apple iphone
inurl:
Find pages with a certain word (or words) in the URL. For this example, any
results containing the word “apple” in the URL will be returned.
Example: inurl:apple
allinurl:
Similar to “inurl,” but only results containing all of the specified words in
the URL will be returned.
Example: allinurl:apple iphone
intext:
Find pages containing a certain word (or words) somewhere in the content.
For this example, any results containing the word “apple” in the page
content will be returned.
Example: intext:apple
allintext:
Similar to “intext,” but only results containing all of the specified words
somewhere on the page will be returned.
Example: allintext:apple iphone
AROUND(X)
Proximity search. Find pages containing two words or phrases within X words
of each other. For this example, the words “apple” and “iphone” must be
present in the content and no further than four words apart.
Example: apple AROUND(4) iphone
weather:
Find the weather for a specific location. This is displayed in a weather
snippet, but it also returns results from other “weather” websites.
Example: weather:san francisco
stocks:
See stock information (i.e., price, etc.) for a specific ticker.
Example: stocks:aapl
map:
Force Google to show map results for a locational search.
Example: map:silicon valley
movie:
Find information about a specific movie. Also finds movie showtimes if the
movie is currently showing near you.
Example: movie:steve jobs
in
Convert one unit to another. Works with currencies, weights, temperatures,
etc.
Example: $329 in GBP
source:
Find news results from a certain source in Google News.
Example: apple source:the_verge
x_x
Not exactly a search operator, but acts as a wildcard for Google
Autocomplete.
Example: apple CEO _ jobs
#..#
Search for a range of numbers. In the example below, searches related to
“WWDC videos” are returned for the years 2010–2014, but not for 2015 and
beyond.
inanchor:
Find pages that are being linked to with specific anchor text. For this
example, any results with inbound links containing either “apple” or
“iphone” in the anchor text will be returned.
Example: inanchor:apple iphone
allinanchor:
Similar to “inanchor,” but only results containing all of the specified words in
the inbound anchor text will be returned.
Example: allinanchor:apple iphone
loc:placename
Find results from a given area.
inurl:/proc/self/cwd
As you can see in the following screenshot, vulnerable server results will
appear, along with their exposed directories that can be surfed from your own
browser.
Open FTP servers
Google does not only index HTTP-based servers, it also indexes open FTP
servers.
With the following dork, you’ll be able to explore public FTP servers, which
can often reveal interesting things.
As this is a critical dork we will not show you how do it; instead, we will only
show you the critical results:
You’ll notice that unencrypted usernames, passwords and IPs are directly
exposed in the search results. You don’t even need to click the links to get the
database login details.
SSH private keys are used to decrypt information that is exchanged in the
SSH protocol. As a general security rule, private keys must always remain on
the system being used to access the remote SSH server, and shouldn’t be
shared with anyone.
With the following dork, you’ll be able to find SSH private keys that were
indexed by uncle Google.
If this isn’t your lucky day, and you’re using a Windows operating system with
PUTTY SSH client, remember that this program always logs the usernames
of your SSH connections.
In this case, we can use a simple dork to fetch SSH usernames from PUTTY
logs:
filetype:xls inurl:”email.xls"
We filtered to check out only the .edu domain names and found a popular
university with around 1800 emails from students and teachers.
site:.edu filetype:xls inurl:"email.xls"
Remember that the real power of Google Dorks comes from the unlimited
combinations you can use. Spammers know this trick too, and use it on a
daily basis to build and grow their spamming email lists.
Live cameras
Have you ever wondered if your private live camera could be watched not
only by you but also by anyone on the Internet?
The following Google hacking techniques can help you fetch live camera web
pages that are not restricted by IP.
inurl:top.htm inurl:currenttime
intitle:"webcamXP 5"
inurl:”lvappl.htm"
There are a lot of live camera dorks that can let you watch any part of the
world, live. You can find education, government, and even military cameras
without IP restrictions.
If you get creative you can even do some white hat penetration testing on
these cameras; you’ll be surprised at how you’re able to take control of the
full admin panel remotely, and even re-configure the cameras as you like.
Find indexation errors
Google indexation errors exist for most sites.
Let’s use the site: operator to see how many pages Google has indexed
for ahrefs.com.
~1,040.
Let’s find out.
~249. That’s roughly ¼.
Let’s also narrow the search to subdomains and see what we find.
~731 results.
Here are a few other ways to uncover indexation errors with Google
operators:
But did you know that you can find unsecure pages with the site: operator?
~2.47M unsecure pages.
It looks like ASOS don’t currently use SSL—unbelievable for such a large site.
But first, I’m wondering how many times this copy appears on asos.com.
~4.2K.
Now I’m wondering if this copy is even unique to ASOS.
Let’s check.
No, it isn’t.
That’s 15 other sites with this exact same copy—i.e., duplicate content.
Sometimes duplicate content issues can arise from similar product pages,
too.
You can see that—quantities aside—all of these product pages are the same.
If you have a blog, then people could be stealing and republishing your
content without attribution.
You can use the tool: FIND STOLEN CONTENT IN SECONDS website:
https://ahrefs.com/content-explorer
Find odd files on your
domain (that you may have
forgotten about)
Keeping track of everything on your website can be difficult.
For this reason, it’s easy to forget about old files you may have uploaded.
It’s important to delete or noindex these if you’d prefer people didn’t come
across them.
SIDENOTE. For those who haven’t seen this one before, it uncovers so-
called “write for us” pages in your niche—the pages many sites create when
they’re actively seeking guest contributions.
So let’s get more creative.
• “become a contributor"
• “contribute to”
• “write for me” (yep—there are solo bloggers seeking guest posts,
too!)
• “guest post guidelines”
• inurl:guest-post
• inurl:guest-contributor-guidelines
• etc.
SIDENOTE. Did you notice I’m using the pipe (“|”) operator instead of “OR”
this time? Remember, it does the same thing.
• create infographic
• pitch infographic
• get featured, get link (and PR!)
But who should you pitch your infographic to?
Just any old sites in your niche?
NO.
The best way to do this is to find sites that have featured infographics before.
Here’s how:
So here’s a quick trick:
• use the above search to find a good, relevant infographic (i.e., well-
designed, etc.)
• search for that specific infographic
Here’s an example:
This found ~2 results from the last 3 months. And 450+ all-time results.
Do this for a handful of infographics and you’ll have a good list of prospects.
8. Find more link
prospects… AND check
how relevant they really are
Let’s assume you’ve found a site that you want a link from.
SIDENOTE. In the example above, we’re looking for similar sites to Ahrefs’
blog—not Ahrefs as a whole.
But let’s assume that I know nothing about this site (yoast), how could I
quickly vet this prospect?
Here’s how:
Now let’s try the same for a site that I know to be irrelevant: greatist.com.
SIDENOTE. You NEED to know their name for this one. This is usually quite
easy to find on most websites—it’s just the contact details that can be
somewhat elusive.
Here are the top 4 results:
Find internal linking
opportunities
But you need to make sure that you’re ONLY adding internal links where
relevant.
Wouldn’t it be cool to add an internal link to that post from any other posts
where you talk about SEO tips?
Definitely.
It’s just that finding relevant places to add such links can be difficult—
especially with big sites.
So here’s a quick trick:
For those of you who still haven’t gotten the hang of search operators, here’s
what this does:
Buying or selling links that pass PageRank. This includes exchanging money
for links, or posts that contain links; exchanging goods or services for links; or
sending someone a “free” product in exchange for them writing about it and
including a link
But the true value of a sponsored post doesn’t come down to links anyway.
It comes down to PR—i.e., getting your brand in front of the right people.
Here’s one way to find sponsored post opportunities using Google search
operators:
~151 results.
Here are a few other operator combinations to use:
Now you have a list of the sites with the most traffic, which are usually the
best opportunities.