Public footprinting

Google Hacking, also known as Google Dorking, involves using advanced Google search operators to uncover information that websites unintentionally expose. This can include sensitive files, open directories, configuration data, or server details. These techniques allow security researchers to map a target’s digital footprint without directly interacting with its systems, making them a powerful passive reconnaissance method.

Useful Search Operators

• site: Restricts search results to a specific domain. Useful for reviewing everything Google has indexed for an organization.
• filetype: Searches for specific file formats such as PDF, DOCX, XLS, or TXT, which may contain sensitive or internal information.
• ext:php, ext:xml, ext:py Helps identify backend technologies and scripts used by a website.
• site:hackfixlearn.com -filetype:html Displays indexed files other than standard HTML web pages.
• intitle:"index of" "parent directory" Reveals directory listings caused by misconfigurations, often exposing internal files and folders.
  

Helpful Resources

• Google Hacking Database (GHDB) is a curated collection of well-known and effective Google search queries, commonly called “Google dorks,” that are used by cybersecurity professionals to identify exposed information and potential security issues.
• DorkSearch is a lightweight online tool that allows users to test and experiment with Google dorks in real time, helping learners understand how advanced search techniques can reveal publicly accessible data.

Netcraft is an internet services company based in England that offers a free, web-based platform for digital reconnaissance. This tool allows us to uncover key details about a target website, including the technologies it runs on and other hosts that share the same IP netblock.

Using Netcraft’s DNS search page , we can quickly gather intelligence about any domain. It reveals subdomains, identifies underlying technologies, and provides insights that are extremely useful during the early reconnaissance phase and as we transition into active information gathering and exploitation.

Shodan is a powerful search engine that scans and indexes devices connected to the internet. This includes not only web servers, but also routers, industrial systems, and Internet of Things (IoT) devices. Unlike traditional search engines such as Google—which focus on website content—Shodan focuses on exposed devices, actively interacting with them to collect and display detailed technical information.

Using Shodan, we can inspect open ports, running services, and underlying technologies on a target server. It also highlights known, publicly disclosed vulnerabilities associated with the detected services or software, making it an invaluable tool for reconnaissance and vulnerability assessment.