You Can Hack With Google?

You Can Hack With Google

The tech giant – Google is known to be a powerful search engine to find text, images, videos, books, and news by everyone. On the contrary, the powerful capabilities of google are utilized by hackers for hacking web sites.

How hacking is possible through Google?

Google is a powerful web crawler that can index anything within your website including sensitive data and can even expose your web application vulnerabilities upon google search using advance google operators. These advanced search operators are designed to make searching more focused and efficient.

Google hacking is also known as Google Dorking, is a combination of computer hacking techniques to find security loopholes in web applications by using google search operators and other applications powered by google. Hackers take advantage of these advanced search operators to locate web application vulnerabilities in web applications and apply them to exploit the website.

Google Advanced Search Operators

 Some of the advanced search operators by google are mentioned below:

Advanced Search Operators


site:Limit the search query to a specific domain or web site.
filetype:Limit the search to the text found in a specific file type
link:List the websites having a link to a specific web page
Cache:Display the web pages stored in Cache
related:Search for Similar web pages
allintext:Search for websites containing a specific keyword
intext:Search for documents containing a specific keyword
allintitle:Search for websites containing a specific keyword in the title
intitle:Search for documents containing a specific keyword in the title
allinurl:Search for websites containing a specific keyword in URL

Search for documents containing a specific keyword in URL

Google Hacking & Google Hacking Database (GHDB)

For Google Advanced Search, you can also go to the following URL:

Google Hacking was made famous by Johnny Long. The advance search query strings have been compiled into a Google Hacking Database (GHDB). The original database is located at  GHDB is used for footprinting and thereafter used for exploiting sensitive directories, vulnerable sites, server error messages, etc. The advanced search queries are used in combinations for a more specific search.

Google advance search query example from GHDB:  intitle:”index of” “/Cloudflare-CPanel-7.0.1” shows:



The search query results revealed sensitive information of Cloudflare-CPanel (such as sensitive directory information).

Preventive Measures

Once a website is exposed to the internet, a file called robots.txt with a set of rules is added to the root of the website to stop Google or other search engines from crawling and indexing the website. If this file is misconfigured or absent, then a lot of sensitive information from the website is easily exposed and anybody can view that data and exploit the vulnerabilities associated with it. Therefore, it is important to configure robots.txt with the correct configuration. Other proactive measures include encryption of data and sensitive directories using VPNs, firewalls and strong encryption techniques, perform regular vulnerability assessment scans, penetration tests, and risk analysis on websites to check for vulnerabilities and risks from time to time.


Contact LIFARS Immediately for Your Cybersecurity Mitigation Plans.