The term Google hacking refers to an attack that uses a search engine like Google to find vulnerable web servers and websites. Google hacking is based on inventing specific search queries, often using advanced search operators (such as intitle, inurl, intext, filetype, and more), to locate badly configured web servers and web pages that expose sensitive information.
The Google Hacking Database
The Google Hacking Database (GHDB) is a compendium of Google hacking search terms that have been found to reveal sensitive data exposed by vulnerable servers and web applications. The GHDB was launched in 2000 by Johnny Long to serve penetration testers. In 2010, Long turned the database over to Offensive Security and it became part of exploit-db.com. It was also expanded to include not only the Google search engine but also other search engines like Microsoft’s Bing as well as other repositories such as GitHub.
Some of the categories of search engine queries in the GHDB include:
- Product-specific advisories
- Error messages that contain sensitive information such as directory paths
- Files with sensitive data, passwords, and user names
- Sensitive online shopping data
- Detailed information about web servers
Testing for Google Hacking Vulnerabilities
The most effective way to prevent Google hacking attacks and maintain general information security is to run automatic tests for vulnerabilities. A web vulnerability scanner, such as Acunetix, will crawl each page of a website and check for vulnerabilities that are often reflected in search engine queries (for example, misconfigurations and publicly accessible resources) as well as many other vulnerabilities such as SQL injections and Cross-site Scripting. Vulnerabilities might then be further analyzed through manual penetration testing.
Get the latest content on web security
in your inbox each week.