Google hacking refers to the use of Google as a powerful search engine to uncover websites with security bugs and technical issues. Google, with its crawling engine, searches and indexes the content of websites around the world 24/7.  It essentially captures everything from normal website presentation to websites with technical problems, displaying error messages into its database in regard to visitors’ queries.

For example, it is not unusual to see an ASP website displaying errors messages such as:

“InvalidOperationException: Failed to map the path ‘/<Application_Name>/App_GlobalResources/’.”

This error message reveals the server’s application path as well as part of the server’s internal file structure. Experienced hackers can use this vital information to initiate an attack on that system.

Google contains probably the world’s largest collection of snapshots for any website.  It records an enormous number of websites with various error messages like the one above. Anyone who knows how can easily search for the relevant messages with advanced commands in search queries like “inurl:”, which will refine a search to look for particular error messages.

For further information on various advanced search query techniques, click here:

Johnny Long, a researcher, writer, and a “white” hacker for web application security, has written a useful book on Google hacking. Find more information by clicking the image:

Google Hacking

Tags: Web Applications Security