Google Hacking History by "Bishop Fox".

Google hacking:

Google hacking is a computer hacking technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites use.

Basics:

Google hacking involves using advanced operators in the Google search engine to locate specific strings of text within search results. Some of the more popular examples are finding specific versions of vulnerable Web applications. The following search query would locate all web pages that have that particular text contained within them. It is normal fordefault installations of applications to include their running version in every page they serve, for example, "Powered by XOOPS 2.2.3 Final".

The following search query will locate all websites that have the words "admbook" and "version" in the title of the website. It also checks to ensure that the web page being accessed is a PHP file.

intitle:admbook intitle:version filetype:php

One can even retrieve the username and password list from Microsoft FrontPage servers by inputting the given microscript in Google search field:

"#-Frontpage-" inurl:administrators.pwd
or filetype:log inurl passwort login

Devices connected to the Internet can be found. A search string such as inurl:"ViewerFrame?Mode=" will find public web cameras.

Another useful search is following intitle:index.of followed by a search keyword. This can give a list of files on the servers. For example, intitle:index.of mp3 will give all the MP3 files available on various servers.

Advanced operators:

There are many similar advanced operators which can be used to exploit insecure websites:

Operator	Purpose	Mixes with Other Operators?	Can be used Alone?	Web	Images	Groups	News
intitle	Search page Title	yes	yes	yes	yes	yes	yes
allintitle[1]	Search page title	no	yes	yes	yes	yes	yes
inurl	Search URL	yes	yes	yes	yes	not really	like intitle
allinurl	Search URL	no	yes	yes	yes	yes	like intitle
filetype	specific files	yes	no	yes	yes	no	not really
allintext	Search text of page only	not really	yes	yes	yes	yes	yes
site	Search specific site	yes	yes	yes	yes	no	not really
link	Search for links to pages	no	yes	yes	no	no	not really
inanchor	Search link anchor text	yes	yes	yes	yes	not really	yes
numrange	Locate number	yes	yes	yes	no	no	not really
daterange	Search in data range	yes	no	yes	not really	not really	not really
author	Group author search	yes	yes	no	no	yes	not really
group	Group name search	not really	yes	no	no	yes	not really
insubject	Group subject search	yes	yes	like intitle	like intitle	yes	like intitle
msgid	Group msgid search	no	yes	not really	not really	yes	not really

History of Google Hacking:

See also: Johnny Long § Google hacking

Google Hacking History - Timeline by Bishop Fox

Johnny Long creates "googleDorks" in 2002

The concept of "Google Hacking" dates back to 2002, when Johnny Long began to collect interesting Google search queries that uncovered vulnerable systemsand/or sensitive information disclosures - labeling them googleDorks.

The list of googleDorks grew into large dictionary of queries, which were eventually organized into the original Google Hacking Database (GHDB) in 2004.^[3] These Google hacking techniques were the focus of a book released by Johnny Long in 2005, called Google Hacking for Penetration Testers, Volume 1.

Since its heyday, the concepts explored in Google Hacking have been extended to other search engines, such as Bing and Shodan.Automated attack tools use custom search dictionaries to find vulnerable systems and sensitive information disclosures in public systems that have been indexed by search engines.

For a full visual timeline, detailing the major events and developments in Google Hacking from 2002 to Present, see the Google Hacking History by "Bishop Fox".