When it comes to Google, everyone feels confident in knowing what we’re talking about. Google is that nice site that allows us to search whatever we want on the web. More technically, it’s a search engine, something that knows our preferences, our tastes and even (sometimes) our secrets. Google is easy, isn’t it? It appears as a blank page with the search bar and the famous logo,
and everything it can do for us is searching for our favourite films in streaming and so on.
This is just the tip of the iceberg.
Many of you maybe ignore that Google is more powerful than this. In the same way a computer will do what you want when you know the right commands and a server will respond in a friendly manner when you know how to talk to it, Google will offer to you its immense capabilities if you only know what’s the language it speaks. In this article I will briefly explain the basics of this art called Google Hacking, but you should know that the Google Hacking guru Johnny Long wrote a revolutionary book of more than 500 pages. If you’re curious, you can find the download link here.
Basic Rules of Google Searching
Before starting with the powerful advanced operators, let’s take a look to some basic rules that will save your time.
- Google is not case sensitive. When you search for streaming, Streaming or STREAMING, the result will be the same. This is not valid in the case of the OR boolean operator. If you want to use “or”, google will count it as a simple word, if you want to use the boolean operator, you’ll have to use “OR”.
- Google’s * is not a wildcard. Especially for the Unix users, asterisk usually represents a wildcard used to represent a set of all the names of a same type (all the names that start with “a”, all the name that finish with “th” and so on). For Google, * represents nothing more than a single word in a query.
- Google ignores common words. When you submit a query, Google ignores the most common words like “where” and “how”, so a search for “where 1=1” will return the same result of “1=1”. If you want to force Google to consider common words you have to submit them in quotes, so that Google will search the entire string in the quotes. Another way to force Google to consider the common word, is to put a + sign immediately before that word (without spaces).
- 32 words limit. You can only submit a maximum of 32 words in a query but you can extend your query using the asterisk. When you search for “the cat is on the table”, Google counts six words, but if you search “the * is on * table”, Google will only count four words.
Before starting with advanced operators, you should really take some time to understand boolean operators. The boolean operators help you refining your query. AND, OR and NOT are boolean operators. AND is redundant for google. Searching “food for cats” and “food AND for AND cats”, is the same for Google. The NOT operator is used to exclude undesired results from your query. Using NOT is equivalent to using the minus sign preceding the word you want to exclude. Let’s say you’re searching for a new guitar to buy, but you hate Fender. If you search for “guitars”, Google will return Gibson, Fender, B.C. Rich, Martin guitars and so on. But if you search for “guitars -fender” Google will only return the results you’re interested in. Finally, the OR operator helps you to submit a more precise query. If you want to search for HTML pages with the words Gibson or Fender inside, you will submit a query like the following:
intext:gibson | fender
and the result will be the desired one.
The advanced operator gives to you real power over your search. Advanced operators can be used together in combination to make your search more versatile, but there are operators that don’t fit well with others. The list of advanced operators is very long:
For brevity, we will cover only the most used.
- Intitle. The title of a web page is technically the title specified in the html tag called “title”. You can also consider the title of the page, the words represented at the top of your browser when you visit a certain page. To search for all the pages with a certain word in their title, just search.
- Allintitle. If you search for intitle:hacker exploits, Google will search all the pages that have hacker in their title, plus a simple query for all the pages that have something dealing with exploits. If you want to include the word exploits in the intitle query, you must use Allintitle. Allintitle, tells Google that all the words that follow the operator are to be searched in the title of the web page.
- Allintext. As the name itself says, this operator tells Google to only search the desired term in the text of a web page and not in its title or its URL.
- Allinurl. You could be tempted to think that allinurl is the same for the URL as the allintitle for the title but there are few important differences. An URL is made of a protocol, a domain name, a directory path and (sometimes) a file with its extension. You must keep in mind that:
– Google can not search the protocol (like http).
– Google will have problems to search special characters often present in an URL
– To search for parts of the URL, more specific operators like filetype and site are preferable.
As you could see from the list above, there are a lot of operators and every of them has its characteristics. Take your time to analyze all the aspects of every operator and try to perform different searches to grow in your Google’s comprehension. There’s a reason why the title says “Google Hacking”. In the hacking phase of information gathering, only using Google with this kind of refined search, can really bring to you tons of juicy results. So maybe it is the case to start right now to improve your Google skills !