Google Reference Card

Advanced Operators

allintext

Search only within the text of a page (anywhere except in the title, the URL, and links).

intitle

Search within the title of a page.

inurl

Search within a URL (note that other advanced operators, such as site and filetype, can search more specific places inside the URL even better than inurl can).

site

Narrow search to specific sites (servers or domains).

filetype:pdf pdf

Search for files of a specific type, such as a list of every PDF file (ext is an undocumented alias for filetype).

link

Search within the actual URL of a link.

inanchor

Search within the text representation of a link.

cache

Show the cached version of a page.

numrange:12344-12346

Search for numbers within a range (shortened version: 12344..12346).

daterange

Search for pages indexed within a certain date range.

info

Show the summary information for a site.

related

Show related sites.

author

Search groups for an author of a newsgroup post.

group

Search the title of Google groups or keywords describing the groups.

insubject

same as intitle.

msgid

Locate a group post by message ID.

stocks

Search for stock information.

define

Show the definition of a term.

phonebook

Search phone listings.

Google Hacking Basics

TODO Using Caches for Anonymity

Directory Listings

intitle:index.of "parent directory"

Locate directory listings.

intitle:index.of name size

Locate directory listings.

intitle:index.of inurl:admin

Finding specific directories, such as admin or backup.

intitle:index.of inurl:wsftp.log

Finding specific files, such as wsftp.log.

intitle:index.of " server at"

Retrieve software version of Web server.

intitle:index.of "Apache/1.0"

Search for a specific server version.

Traversal Techniques

Directory Traversal

Click the "Parent Directory" link.

Replace the word admin with the word student or public.

Send a URL such as www.somesadsite.org/badcode.pl?page=../../../ect/passwd.

Incremental Substitution

Modify the URL that contains a number, changing the 1 to a 2.

Extension Walking

filetype:HTM HTM

Search for HTM files.

inurl:index.php.bak

Search for PHP backup files.

Find file with the same file name and different extension, replacing the HTM with ASP or BAK.

Backup files have a tendency to reveal source code: PHP.BAK files will be displayed as text.