8 - Search Engine Discovery

- At its core, search engine discovery leverages the immense power of search algorithms to extract data that may not be readily visible on websites - Reasons why search engine discovery is crucial: - Open source - Breadth of info - Ease of use - Cost-effective - Fast - Search engines have built-in operators that can be harnessed for more informative searches such as: | Operator | Operator Description | Example | | :---------------------- | :----------------------------------------------------------- | :-------------------------------------------------- | | `site:` | Limits results to a specific website or domain. | `site:example.com` | | `inurl:` | Finds pages with a specific term in the URL. | `inurl:login` | | `filetype:` | Searches for files of a particular type. | `filetype:pdf` | | `intitle:` | Finds pages with a specific term in the title. | `intitle:"confidential report"` | | `intext:` or `inbody:` | Searches for a term within the body text of pages. | `intext:"password reset"` | | `cache:` | Displays the cached version of a webpage (if available). | `cache:example.com` | | `link:` | Finds pages that link to a specific webpage. | `link:example.com` | | `related:` | Finds websites related to a specific webpage. | `related:example.com` | | `info:` | Provides a summary of information about a webpage. | `info:example.com` | | `define:` | Provides definitions of a word or phrase. | `define:phishing` | | `numrange:` | Searches for numbers within a specific range. | `site:example.com numrange:1000-2000` | | `allintext:` | Finds pages containing all specified words in the body text. | `allintext:admin password reset` | | `allinurl:` | Finds pages containing all specified words in the URL. | `allinurl:admin panel` | | `allintitle:` | Finds pages containing all specified words in the title. | `allintitle:confidential report 2023` | | `AND` | Narrows results by requiring all terms to be present. | `site:example.com AND (inurl:admin OR inurl:login)` | | `OR` | Broadens results by including pages with any of the terms. | `"linux" OR "ubuntu" OR "debian"` | | `NOT` | Excludes results containing the specified term. | `site:bank.com NOT inurl:login` | | `*` (wildcard) | Represents any character or word. | `site:socialnetwork.com filetype:pdf user* manual` | | `..` (range search) | Finds results within a specified numerical range. | `site:ecommerce.com "price" 100..500` | | `" "` (quotation marks) | Searches for exact phrases. | `"information security policy"` | | `-` (minus sign) | Excludes terms from the search results. | `site:news.com -inurl:sports` | # Google Dorking - Common examples: - Finding login pages - `site:example.com inurl:login` - `site:example.com (inurl:login OR inurl:admin)` - Identifying exposed files - - `site:example.com filetype:pdf` - `site:example.com (filetype:xls OR filetype:docx)` - Uncovering config files - `site:example.com inurl:config.php` - `site:example.com (ext:conf OR ext:cnf)` - Locating DB backups - `site:example.com inurl:backup` - `site:example.com filetype:sql`