pentest-resources
  • Penetration Testing Resources
  • Repository & File Structure
  • General
    • Resources
      • Link collection
      • Toolkits
      • General guides
      • OSCP experience write-ups
      • Practice resources
    • OS basics
      • Users
        • User info
        • Add low-privilege user
        • Add admin user
        • Change privileges of existing user
        • Delete user
      • Filesystem
        • Find a file / directory
        • File Analysis
        • Services and Autostart
        • CLI tools: grep and friends
      • Network
        • Netcat
        • DNS tools
        • Web tools: curl / wget
    • Python scripting
    • Metasploit
  • Recon
    • Passive Recon
      • OSINT
        • Google operators
    • Active Recon
      • Port Scanning
      • Manual service enumeration
      • Enumeration with system access
  • Vulnerability analysis
    • Standard Ports & Common Services
      • 00 - Service unknown
      • 21 - FTP
      • 22 - SSH
      • 23 - Telnet
      • 25 - SMTP
      • 53 - DNS
      • 69 - TFTP
      • 80 - HTTP
      • 88 - Kerberos
      • 110 - POP3
      • 111 - RPCbind
      • 119 - NTP
      • 135 - MSRPC
      • 139 - SMB
      • 143 - IMAP
      • 161 - SNMP
      • 162 - SNMP
      • 199 - SMUX
      • 389 - LDAP
      • 443 - HTTPS
      • 445 - SMB
      • 554 - RTSP
      • 587 - Outgoing SMTP
      • 631 - CUPS
      • 636 - LDAP
      • 993 - IMAP (secure)
      • 993 - POP3
      • 1433 - MSSQL
      • 1521 - Oracle Database
      • 2049 - NFS
      • 3306 - MySQL
      • 3389 - RDP
      • 5432 - PostgreSQL
      • 5900 - VNC
    • Finding vulnerabilities
  • Gaining access
    • Physical Access
    • Client-side Attacks
    • Web Application Attacks
    • Reverse Shells
    • Common Vulnerabilities
      • MS17-010 - EternalBlue
  • Post Exploitation
    • Restricted Shell Escape
    • Privilege Escalation
      • Scripts & Tools
      • Further Enumeration
    • Persistence
    • Loot
    • Password Cracking
    • Reducing Forensic Evidence
  • Reporting
  • My methodology
    • Example Pentest
    • My Toolkit
      • Software
      • Hardware
Powered by GitBook
On this page

Was this helpful?

  1. Recon
  2. Passive Recon
  3. OSINT

Google operators

These operators (to be used in the google search bar) can be very useful in the information gathering process! Forgotten data dumps or still active default / config pages can be found quickly this way.

Operator

Description

site:"website.tld"

shows only results from specified site

-site:"website.tld"

excludes results from specified site

filetype:ppt

returns only ppt files

filetype:pdf "keyword1 keyword2"

returns only pdf files containing keywords

intitle:"Fancy website title"

returns sites with specified content in title

inurl:"/path/to/page.html"

returns sites with specified url

intext:"some content"

returns sites with specified content somewhere in the site

Examples

Operator combination

Description

intitle:"VNC viewer for Java"

returns (mostly) exposed VNC services

inurl:"/control/userimage.html"

returns (mostly) exposed webcams

inurl:".php?" intext:CHARACTER_SETS,COLLATIONS intitle:phpmyadmin

returns phpmyadmin config pages

intitle:"-N3t" filetype:php undetectable

returns machines with known php backdoor vulnerabilitiy

PreviousOSINTNextActive Recon

Last updated 6 years ago

Was this helpful?