Google Docs are now in the public domain. Search for different words in one sentence. Search for words in a title
Every day we search for something on Google. I probably google for something 200 times a day. I check any information, learn something new, instantly find the answer to my question. The question arose - I typed it into the search bar - and got the result. What could be easier? But sometimes difficulties arise when searching for specific information. A few tricks will help you always find what you are looking for.
We have already written about the secrets of searching on Google more than once. I decided to check what tricks are still working and refresh your memory a bit.
Search for a specific phrase
Sometimes it is necessary to find a phrase exactly in the form in which we enter it. For example, when we search for the lyrics of a song, but we only know one phrase from it. In this case, you need to enclose the phrase in quotation marks.
Search for a specific site
Google is a great search engine. And it's often better than built-in search on websites. That is why it is more rational to use Google to find information on a website. For this we introduce site: lenta.ru Putin made.
Search for words in text
If you need all the words of the query to be in the text of the results found, enter before it allintext:.
If one word of the request should be in the text, and the rest - anywhere else on the page, including the title or URL, put before the word intext:, and write the rest before that.
Search for words in a title
If you want all the words of the request to be in the title, use the phrase allintitle:.
If only part of the request should be in the header, and the rest - elsewhere in the document or page, put intitle:.
Find words in URL
To find the pages that have your request in the URL, enter allinurl:.
Search for news for a specific location
If you need news on a specific topic from a specific location, use location: to search on Google news.
Search with some missing words
You need to find a sentence in a document or article, but you only remember the words at the beginning and end. Enter your query and indicate the approximate number of words between the words that you remember. It looks like this: "Near the curvaceous AROUND (5) oak tree."
Search if you forgot a word or number
Forgot a word from a saying, song, quote? No problem. Google will help you find it anyway. Place an asterisk (*) in the place of the forgotten word.
Find sites that link to a site of interest to you
This item is useful for blog or website owners. If you are wondering who is linking to your site or even to a specific page, then just enter link: website.
Exclude results with unnecessary word
Let's imagine a situation. You have decided to go on vacation to the islands. And you don't want to go to the Maldives at all. To prevent Google from showing them in search results, you just need to enter "Holidays in the Maldives Islands." That is, put a minus before the word Maldives.
You want to find all your competitors. Or you really like the site, but there is not enough material on it, and you want more and more. Introduce related: lenta.ruand admire the result.
Search for "either-or"
There are situations when you need to find information concerning two people at once. For example, you want to laugh at Vova, but you haven’t decided which one - Zelensky or something else. It is enough to enter "Vladimir Zelensky | Zhirinovsky", and you will get the result you need. Instead of the "|" English OR can be entered.
Search for different words in one sentence
You can use the & symbol to find connections between objects or simply to find references to two individuals together. Example: "Freud & Jung".
Search by synonyms
If you are as lazy as I am, then you do not have the patience to Google several times for different synonyms of the same word. For example, cheap firewood. The ~ symbol can make your life much easier. We write "~ cheap firewood" and get results for "cheap", "inexpensive", "affordable" and so on.
Search within a specific range of numbers
A very useful Google search secret if you need to find, for example, events that happened in certain years, or prices in a certain range. Just put two dots between the numbers. Google will search in this range.
Search for files of a specific format
If you need to find a document or just a file of a certain format, then Google can help you here. It is enough to add at the end of your request filetype: docand instead of doc substitute the format you need.
10 more useful functions
1. Google can do a pretty good job of calculating it. To do this, simply enter the desired operation in the search bar.
2. If you want to know the meaning of a word, and not just look at pages by topic, add to the word define or "value".
3. You can use the search engine as a converter of values \u200b\u200band currencies. To call the converter, type a request with a translation, for example, "centimeters to meters".
4. With Google, you can check the weather and time without having to go to websites. Type the queries "weather" city of interest "," time "city of interest" ".
5. To view the results and schedule of matches of a sports team, just type its name in the search engine.
6. To translate a word into any language, write in the search line "translate the 'desired word' into English (any other) language".
7. Google shows the sunrise and sunset times for the query "sunrise" city of interest "" (for the latter - the corresponding query).
8. cache: site.com - sometimes very helpful function of site search in Google cache. For example, when newsmen delete news. They can be read thanks to Google.
9. If you enter a flight number into the search box, Google will give you full information about it.
10. To see a table with quotes for a specific company, simply enter the query “stocks of the company of interest”, for example, “Apple stocks”.
If you have your own ways to use Google more effectively and find the information you need faster, share your tips in the comments to this article.
Guys, we put our soul into the site. Thank you for
that you discover this beauty. Thanks for the inspiration and the goosebumps.
Join us at Facebook and In contact with
In the era of digital technologies and high-speed Internet, you can find out any information. In a few minutes we find recipes for a delicious cake or get acquainted with the theory of particle-wave dualism.
But often the necessary information has to be sown bit by bit and spend more than one hour on it. website collected for you the most effective ways to help you find precious materials in a couple of clicks.
1. Either one or the other
Sometimes we are not exactly sure that we have memorized or heard the necessary information correctly. No problem! Just enter some suitable options using the "|" or the English "or" and then select the appropriate result.
2. Search by synonym
As you know, the great and mighty Russian language is rich in synonyms. And sometimes it doesn't work at all. If you need to quickly find sites on a given topic, and not just a specific phrase, put the "~" symbol.
For example, the results of the query "healthy ~ food" will help you learn about healthy eating principles, introduce you to healthy recipes and foods, and suggest eating healthy restaurants.
3. Search within the site
4. Strength of the sprocket
When an insidious memory fails us and hopelessly loses words or numbers from a phrase, the "*" sign comes to the rescue. Just put it in the place of the forgotten fragment and get the results you want.
5. Lots of missing words
But if not one word, but half of the phrase fell out of memory, try to write the first and last words, and between them - AROUND (the approximate number of missing words). For example, like this: "I loved you AROUND (7) not quite."
6. Time frame
Sometimes we desperately need to get acquainted with the events that took place in a certain period time. To do this, add a time frame to the main phrase, written through ellipsis. For example, we want to know what scientific discoveries were made between 1900 and 2000.
7. Search by title or link
In order for the search engine to find keywords in the title of the article - enter the word "intitle:" before the query without a space, and to search for a word in the link - "inurl:".
1. How the documents got into search results
Google Docs is a free online office developed by by Google. Cloud storage allows you to organize remote access to the documents placed on it, as well as exchange files. The option to make a document hosted in the cloud public is one of the main options for the service. Also, the user can hide the document: then, except for the owner of the file, no one else will have access to it. If the user makes the document publicly available, then any Internet user can follow the link leading to the file, and for this he does not need a Google Docs account. If a user sees that a document he has created is viewed by people from his contact list or anonymous (instead of an avatar they have animal faces displayed), then the file is in the public domain. The access level is set separately for each file in the settings. When sharing a file with others, it is worth paying attention to the powers that the co-owners of the document will have. For them, you can select the status of the editor (allow changing the access of other users, edit and download the file), or you can limit the functionality only by viewing the document and commenting on it. The owner of the document can make access to it temporary.
2. When search engines started indexing Google Docs documents
According to the head of the Russian research center at Kaspersky Lab, Yuri Namestnikov, all search engines have been indexing documents for many years and news appears at certain intervals that search engines can find personal data or documents marked as secret, and stored as in cloud services, and on regular sites of organizations.
To search for such documents, you must use special advanced search commands. “They are used, for example, as part of pentests (tests to check the possibility of hacking. - RBK), primary cyber intelligence. Often this legal tool is used by cybercriminals, it allows you to find information that is not searched for by ordinary search. Often in this way you can find passwords and other valuable information, "- said in a message from the company on information security Group IB on social media.
Anton Fishman, head of the Group-IB system solutions department, told RBC that there have always been advanced search queries, but that in order to display documents in the search, it was necessary to select special teams. At some point, in the Yandex search settings, it became possible to search by the docs.google.com subdomain. The expert could not specify the time of appearance. "In the winter of 2017 (when Group IB tested Yandex search. - RBK) There was no such opportunity when it appeared - yesterday or earlier, it's hard to say, ”Fishman said. According to him, any search engine constantly improves the quality of search, makes changes to its engine and algorithm for indexing, search and delivery of results.
On July 5 at 1:30 Moscow time, Google Docs files were no longer displayed in Yandex search results. The representative of the Russian search engine did not specify how long this option existed and why the company abandoned it.
3. Who is to blame
Group IB in its message on social networks indicated that the situation with Google Docs cannot be called a leak of confidential data. “This is a banal negligence of users of Google Docs and Google Drive (Google Drive is a file hosting service that provides the user with space for his files and round-the-clock access to them via the Internet. - RBK). When you create a file in Google Docs, you have several options for choosing access to it. If you have a checkmark in front of "publicly available for search and viewing" in your settings, your file can be indexed by search engines. Google warns users that search will be possible. "Yandex" also does not violate anything ", - noted in the message of Group IB. The company believes that, among other things, confidential documents have become publicly available due to user negligence and disregard for the "basic rules of digital hygiene." Group IB recommended that users, if they want to maintain privacy, check the access settings that they have installed on their files, and remove the check mark next to the option "searchable".
Yuri Namestnikov also believes that it is unfair to blame Yandex for what happened. “The robot follows the links and indexes all the documents that it sees, and it is not forbidden to touch it. It is the task of the owners of web services to correctly differentiate access, ”he said. If the user does not want that when working with documents in the clouds, and not only in google servicesthat documents / presentations / tables created by them were indexed by robots, Namestnikov advises not to set access settings to “available to all”. “Give rights to view and edit only those who really need it, and it is preferable to give access by invitation, and not by link,” said a representative of Kaspersky Lab.
4. What sensitive information did search engines index?
In 2011, the data of about 8 thousand MegaFon subscribers who sent SMS from the official website of the company were made publicly available. Users could see the message text, recipient number, and delivery status. In "Yandex" the incident was also explained by the incorrect use of the robots.txt file by site administrators.
As a result, the Moscow Arbitration Court "MegaFon" was guilty of violating licensing conditions (the company did not ensure the secrecy of communications) and imposed a fine of 30 thousand rubles. The lawsuit against MegaFon was filed by Roskomnadzor. A representative of this department, in response to a question from RBC about how they assess the situation with Google Docs and Yandex, said that they “sent an official request to Yandex. Roskomnadzor promised to publish additional comments on its website.
Also in 2011, search engines collected information about customers of dozens of online stores, including contact information, IP addresses and lists of purchased goods, as well as personal data of Russian Railways passengers who purchased tickets online.
5. Who and what responsibility will incur for Google Docs getting into search results
According to the head of the Zecurion analytical center, Vladimir Ulyanov, the story with the indexing of documents should not have legal consequences for either Google or Yandex. “Neither the provider that stores the data, nor the search engines will have any problems. The search included those documents that were opened. The search for "Yandex" got Google Docs documents, which had the form of access "for everyone on the Internet" and "for everyone who has a link." The same can be done with Google search. That is, the users are to blame for not privatizing the data, ”Ulyanov told RBC.
In a conversation with RBC, Anton Sonichev, partner of the Delovoy Fairvater law firm, noted that in the event that personal data of citizens are made public, search aggregators may be held liable for the dissemination of information only hypothetically. “According to the Law“ On Personal Data ”, such information is considered to be the full name, date of birth, residential address, family or property status of a citizen, and so on. Search engines, being operators of personal data, undertake not to disseminate personal data without the consent of the subject of this data, ”he said. But in order to record the fact of the dissemination of such information, it is necessary that the screenshot of the page is notarized and an inspection protocol is drawn up. “Considering the fact that the information was made public at night, the possibility of recovering any compensation is practically reduced to zero,” Sonichev said.
Lawyer Roman Alymov told RBC that users are responsible for how they store their data. “Whether or not this information is personal data depends on each specific case. All this happened due to the negligence of specific users whose passwords surfaced. They did not establish appropriate confidentiality regimes, ”he explained.
Getting private data doesn't always mean hacking - sometimes it's publicly available. Knowing Google settings and a little bit of ingenuity will allow you to find a lot of interesting things - from credit card numbers to FBI documents.
WARNING
All information is provided for informational purposes only. Neither the editorial board nor the author is responsible for any possible harm caused by the materials of this article.Everything is connected to the Internet today, with little concern about restricting access. Therefore, many private data becomes the prey of search engines. Spider robots are no longer limited to web pages, but index all the content available on the Web and constantly add undisclosed information to their databases. Finding these secrets is easy - you just need to know how to ask about them.
Looking for files
In the right hands, Google will quickly find everything that is bad on the Web - for example, personal information and files for official use. They are often hidden like a key under a rug: there are no real access restrictions, the data just lies on the backyard of the site, where links do not lead. Google's standard web interface only provides basic advanced search settings, but even those will suffice.
You can use two operators to limit your search to specific types of files on Google: filetype and ext. The first specifies the format that the search engine determined by the file title, the second - the file extension, regardless of its internal content. When searching in both cases, you only need to specify the extension. Initially, the ext operator was convenient to use in cases where the file did not have specific format attributes (for example, to search for configuration ini files and cfg, which can contain anything inside). Now Google's algorithms have changed, and there is no visible difference between the operators - the results in most cases come out the same.
Filtering the issue
By default, Google searches all files on indexed pages for words and, in general, any entered characters. You can limit your search by domain top level, a specific site or by the location of the desired sequence in the files themselves. For the first two options, the site operator is used, followed by the domain name or the selected site name. In the third case, a whole set of operators allows you to search for information in service fields and metadata. For example, allinurl will find the specified in the body of the links themselves, allinanchor - in the text with the tag , allintitle - in the page titles, allintext - in the body of the pages.
For each operator there is a light version with a shorter name (without the all prefix). The difference is that allinurl will find links with all words, while inurl will only find links with the first one. The second and subsequent words from the query can appear anywhere on web pages. The inurl operator also differs from another, similar in meaning - site. The former also allows you to find any sequence of characters in a link to the searched document (for example, / cgi-bin /), which is widely used to find components with known vulnerabilities.
Let's try it in practice. We take the allintext filter and make the request return a list of credit card numbers and verification codes, which will expire only after two years (or when their owners get tired of feeding everyone).
Allintext: card number expiration date / 2017 cvv 
When you read in the news that a young hacker "hacked the servers" of the Pentagon or NASA, stealing classified information, then in most cases we are talking about just such an elementary technique of using Google. Suppose we are interested in a list of NASA employees and their contact details. Surely there is such a list in electronic form. For convenience or by oversight, it can also be on the organization's website itself. It is logical that in this case there will be no links to it, since it is intended for internal use. What words can be in such a file? At least - the "address" field. Testing all these assumptions is easy.
Inurl: nasa.gov filetype: xlsx "address"
We use bureaucracy
Finds like these are a nice little thing. A really solid catch provides a more detailed knowledge of Google operators for webmasters, the Web itself, and the structure of what is being sought. Knowing the details, you can easily filter the results and clarify the properties of the files you need in order to get really valuable data in the rest. It's funny that bureaucracy comes to the rescue here. It produces standard formulations that make it convenient to search for secret information accidentally leaked into the Web.
For example, the Distribution statement stamp, which is mandatory in the office of the US Department of Defense, means standardized restrictions on the distribution of a document. The letter A denotes public releases in which there is nothing secret; B - for internal use only, C - strictly confidential, and so on up to F. Separately, there is letter X, which marks especially valuable information representing a state secret of the highest level. Let such documents be searched for by those who are supposed to do it on duty, and we will restrict ourselves to files with the letter C. According to the DoDI directive 5230.24, such marking is assigned to documents containing a description of critical technologies that come under export control. Such highly guarded information can be found on sites in the .mil top-level domain dedicated to the US Army.
"DISTRIBUTION STATEMENT C" inurl: navy.mil 
It is very convenient that the .mil domain contains only sites from the US Department of Defense and its contract organizations. Domain-restricted search results are exceptionally clean, and the headlines are self-explanatory. It is almost useless to search for Russian secrets in this way: chaos reigns in the .ru and.rf domains, and the names of many weapons systems sound botanical (PP "Cypress", ACS "Akatsiya") or completely fabulous (TOS "Buratino").
By carefully examining any document from a site in the .mil domain, you can see other markers to refine your search. For example, a reference to export restrictions "Sec 2751", which is also convenient to search for interesting technical information. From time to time, it is withdrawn from the official sites, where it was once lit up, so if you cannot follow an interesting link in the search results, use Google's cache (cache operator) or the Internet Archive site.
Climbing into the clouds
In addition to accidentally declassified government documents, Google's cache occasionally pops up links to personal files from Dropbox and other storage services that create "private" links to publicly released data. It's even worse with alternative and home-made services. For example, the following request finds data from all Verizon clients who have an FTP server installed and actively used on their router.
Allinurl: ftp: // verizon.net
There are now more than forty thousand such smart people, and in the spring of 2015 there were an order of magnitude more. Instead of Verizon.net, you can substitute the name of any well-known provider, and the more famous it is, the bigger the catch can be. Through the built-in FTP server, you can see the files on the external storage connected to the router. Usually this is a NAS for remote work, a personal cloud or some kind of peer-to-peer file download. All the contents of such media are indexed by Google and other search engines, so you can access files stored on external drives using a direct link.
Peeping configs
Before the massive migration to the clouds, simple FTP servers, which also had enough vulnerabilities, ruled as remote storages. Many of them are still relevant today. For example, the popular WS_FTP Professional program stores configuration data, user accounts, and passwords in the ws_ftp.ini file. It is easy to find and read, since all records are stored in plain text and passwords are encrypted with Triple DES after minimal obfuscation. In most versions, it is sufficient to simply discard the first byte.
It is easy to decrypt such passwords using WS_FTP Password Decryptor or a free web service.
Speaking of hacking an arbitrary site, they usually mean getting a password from logs and backups of CMS configuration files or e-commerce applications. If you know their typical structure, you can easily specify keywords. Lines like those found in ws_ftp.ini are extremely common. For example, Drupal and PrestaShop have a user ID (UID) and a corresponding password (pwd), and all information is stored in files with the .inc extension. You can search for them as follows:
"pwd \u003d" "UID \u003d" ext: inc
Revealing passwords from DBMS
In the configuration files of SQL servers, user names and email addresses are stored in clear text, and their MD5 hashes are written instead of passwords. Strictly speaking, it is impossible to decrypt them, but you can find a match among the known hash-password pairs.
Until now, there are DBMSs that do not even use password hashing. Configuration files for any of them can be simply viewed in a browser.
Intext: DB_PASSWORD filetype: env
With the advent of windows servers the place of configuration files was partially taken by the registry. You can search through its branches in exactly the same way, using reg as the file type. For example, like this:
Filetype: reg HKEY_CURRENT_USER "Password" \u003d
Don't forget the obvious
Sometimes it is possible to get to classified information with the help of accidentally opened and caught in the field of view Google data... Ideally, find a list of passwords in some common format. Store account information in a text file, Word document, or email excel spreadsheet only desperate people can, but there are always enough of them.
Filetype: xls inurl: password
On the one hand, there are plenty of tools to prevent such incidents. You must specify adequate access rights in htaccess, patch CMS, do not use left-hand scripts and close other holes. There is also a robots.txt file that prevents search engines from indexing files and directories specified in it. On the other hand, if the robots.txt structure on some server differs from the standard one, then you can immediately see what they are trying to hide on it.
The list of directories and files on any site is preceded by the standard index of. Since for service purposes it must appear in the header, it makes sense to limit its search to the intitle operator. Interesting things are in the / admin /, / personal /, / etc / and even / secret / directories.
Follow the updates
The relevance here is extremely important: old vulnerabilities are being closed very slowly, but Google and its search results are constantly changing. There is even a difference between the “last second” filter (& tbs \u003d qdr: s at the end of the request url) and “real time” (& tbs \u003d qdr: 1).
Date time interval last update file from Google is also implicit. Through the graphical web interface, you can select one of the typical periods (hour, day, week, and so on) or set a date range, but this method is not suitable for automation.
By sight address bar you can only guess about a way to limit the output of results using the construction & tbs \u003d qdr:. The letter y after it sets the limit of one year (& tbs \u003d qdr: y), m shows the results for the last month, w for the week, d for the past day, h for the last hour, n for the minute, and s for give me a sec. The most recent results just released to Google are found using the & tbs \u003d qdr: 1 filter.
If you need to write a tricky script, it will be useful to know that the date range is set in Google in Julian format using the daterange operator. For example, this is how you can find the list pDF documents with the word confidential, uploaded from 1st January to 1st July 2015.
Confidential filetype: pdf daterange: 2457024-2457205
The range is specified in Julian date format, excluding the fractional part. Translating them manually from the Gregorian calendar is inconvenient. It's easier to use a date converter.
Targeting and filtering again
In addition to specifying additional operators in the search query, you can send them directly in the body of the link. For example, the filetype: pdf qualification corresponds to the as_filetype \u003d pdf construction. Thus, it is convenient to specify any clarifications. Suppose that results are returned only from the Republic of Honduras by adding the cr \u003d countryHN construction to the search URL, and only from the city of Bobruisk - gcs \u003d Bobruisk. See the developer section for a complete list.
Google's automation tools are meant to make life easier, but they often add challenges. For example, the user's city is determined by the user's IP through WHOIS. Based on this information, Google not only balances the load between servers, but also changes the search results. Depending on the region, for the same request, the first page will get different results, and some of them may be completely hidden. To feel like a cosmopolitan and to search for information from any country, its two-letter code after the gl \u003d country directive will help. For example, the Netherlands code is NL, but the Vatican and North Korea do not have their own code on Google.
Often, search results get cluttered even after using several advanced filters. In this case, it is easy to refine the query by adding several exception words to it (each of them is preceded by a minus sign). For example, banking, names and tutorial are often used with the word Personal. Therefore, cleaner search results will be shown not by a textbook example of a query, but by a refined one:
Intitle: "Index of / Personal /" -names -tutorial -banking
Last example
The sophisticated hacker is distinguished by the fact that he provides himself with everything he needs on his own. For example, a VPN is a convenient thing, but either expensive, or temporary and limited. It's too expensive to subscribe for yourself alone. It's good that there are group subscriptions, and with Google it is easy to become part of a group. To do this, just find the Cisco VPN configuration file, which has a rather non-standard PCF extension and a recognizable path: Program Files \\ Cisco Systems \\ VPN Client \\ Profiles. One request, and you join, for example, the friendly staff of the University of Bonn.
Filetype: pcf vpn OR Group
INFO
Google finds configuration files with passwords, but many of them are encrypted or replaced with hashes. If you see strings of fixed length, then immediately look for a decryption service.Passwords are stored encrypted, but Maurice Massard has already written a program to decrypt them and provides it for free through thecampusgeeks.com.
Hundreds of different types attacks and penetration tests. There are many options, affecting popular programs, major database formats, multiple vulnerabilities in PHP, clouds and so on. If you have an accurate idea of \u200b\u200bwhat you are looking for, it will greatly simplify getting the information you need (especially the one that was not planned to be made public). Shodan is not a single source of interesting ideas, but every base of indexed network resources!
But the search function in Google Docs still remained - with the help of Google itself. By specifying in the search bar with the help of a special command all the same Google Docs documents, it was possible to find what you were looking for, for example, Google returned the results for the query "passwords".
Yandex indexes only the open part of the Internet - those pages that are available when clicking on links without entering a username and password, Ilya Grabovsky, a company representative, explained to Vedomosti. Pages that are not indexed by the site administrator in the roots.txt file are not indexed by Yandex, even if they are located in the open part of the Internet. According to Grabowski, on Wednesday evening, users complained to the support service about the availability of doc.google.com files, and now the Yandex security service is contacting colleagues from Google “to draw their attention to the fact that these files may contain private information ”, Said Grabowski. Grabowski did not disclose how many search queries on Google Docs users performed. He also did not comment on whether Yandex disabled Google Docs indexing.
Vedomosti is awaiting comments from a Google representative.
What is Google Docs
Google Docs (as well as Google Sheets - tables, and Google Slides - presentations) is a set of services for working with various types of documents - from texts to tables and presentations, reminiscent in functionality office suite Microsoft Office programs. But, unlike Microsoft products, Google Docs allows you to work on a document online - access is provided through a web interface or mobile applications for various operating systems.
There are several levels of privacy settings in google docs. By default, only the user himself has access to it, but he can choose a different level of access (viewing, commenting or editing the document) and give it to third-party users. This can be done by choosing one of the options - to allow access of a certain level (viewing, editing or commenting) to specific users - for this you need to specify their mail, or give this access to all users who have a link to this document. The latter case is the most convenient, since it does not require actions to confirm user access via mail.
