Search Engines and Google-Fu

Perhaps the most important tool in your arsenal, search engines provide a means of quickly and efficiently sorting through the totality of human knowledge. Sometimes referred to as Google-Fu, true search-engine mastery will enable you to learn just about anything, and plays a pivotal role in nearly every aspect of a hacker’s craft.

Most popular search engines (such as Google and DuckDuckGo) feature a robust search syntax, providing powerful tools for narrowing search results. Historically, hackers have used the term Dork (as in “Google Dork”) to refer to a syntactical search recipe. For example, the Google Hacking Database features a collection of Dorks to identify websites and computer systems with vulnerable software or configurations.

Another important consideration when perfecting your search-engine skills is which search engine to use. Sites like Google and DuckDuckGo are excellent for finding all kinds of information, but at times it can be better to use smaller, more specialized search engines and databases. For example, when seeking to identify software vulnerabilities, you might turn to the NIST National Vulnerability Database or the Exploit Database.

For additional search engines, check out the Quick Reference.