The Google “site:” Operator
The Google “site:” operator is one of the most powerful search tools available from Google for target reconnaissance.
Target Reconnaissance
Once normal search methods locate sites that have useful data and you have explored those links using the cache operator, its time to do some serious anonymous target reconnaissance.
Using the “site:” Operator
This operator allows you to map an entire domain. Use the operator to get a listing of every indexed page on a domain. Try this: site:microsoft.com.
The operator will accept additional arguments. For instance, site:gov secret will search all domains ending in .gov for the word secret. Try it.
Notice that the search results include links to the cached pages for the domain. In conjunction with the site operator, you will use additional arguments targeting your subject. Your anonymous target reconnaissance will be conducted by viewing the cached pages. You will not click on any links on the cached pages as these will go to live pages. You will not allow your browser to download any images on the cached pages, as they may be live images from the target domain. You will be STEALTHY. They won’t see you coming.
Large search engines like Google capture a great deal of content that normal searches won’t find. One feature on Google provides two types of functionality commonly ignored by the neophyte.
The feature is the cache operator. This operator has only one argument:
cache:www.confidentialresource.com or cache:http://www.confidentialresource.com
This will return: “This is G o o g l e’s cache of http://www.confidentialresource.com/ as retrieved on 5 Mar 2008 18:01:20 GMT.”
You can see that the Blog has changed since the 5 Mar 2008. This is the first function provided by the cache operator.
Links on cached page may be explored in the cache by copying the link location and submitting it as a search with the cache operator or by clicking on the cache link in the search results (should they appear). In my experience, pages generated from a database (CMS, etc.) will not appear in the cache search results, but it is worth at try. Another operator will work for those pages, and that will be the subject of the next Stealth Search article.
The second, and most important function provided by the cache operator, is that of STEALTH. As you are not visiting the target web site, they don’t know you are investigating them.
Chipwrapper is a Custom Google Search Engine that searches across the UK’s major national newspapers. For an excellent review of this visit Karen Blakeman’s Blog.
Our first Google-Free Wednesday was a resounding success. We searched for people and found them. We searched for telephone numbers and addresses without difficulty. Information on companies, both domestic and foreign, was uncovered. The main players in an industry identified. A government programme was examined. All without Google!
Accoona proved to be particularly useful in its EU version. For more information about this search engine read this article.
Have you noticed how one falls into a rut? For instance, Google is just so easy to use. It sits there in my browser as a toolbar. I use it all the time, dozens of times a day. But what if it wasn’t there today?
I’ve decided to declare Wednesday as a Google-free day. I will use Ask.com, Canuckster.com, CanFind.ca, Exalead.com, Live.com, Yahoo.com. I will use Graball to compare search engine results side by side. I will use Copernic Agent to search multiple search engines.
This will be an opportunity to learn the features and weaknesses of these search engines. It will be an opportunity to get out of the Google rut.
