Menu
homeConnection

Google search secrets. Special purpose teams. What is Google Dorks

The following is an alphabetical list of the search operators. This list includes operators that are not officially supported by Google and not listed in Google's online help.

Note: Google may change how undocumented operators work or may eliminate them completely.

Each entry typically includes the syntax, the capabilities, and an example. Some of the search operators won’t work as intended if you put a space between the colon (:) and the subsequent query word. If you don’t care to check which search operators require no space after the colon, always place the keyword immediately next to the colon. Many search operators can appear anywhere in your query. In our examples, we place the search operator as far to the right as possible. We do this because the Advanced Search form writes queries in this way. Also, such a convention makes it clearer as to which operators are associated with which terms.

Allinanchor:

If you start your query with allinanchor: , Google restricts results to pages containing all query terms you specify in the on links to the page. For example, [ allinanchor: best museums sydney] will return only pages in which the anchor text on links to the pages contain the words “best,” “museums,” and “sydney.”

Group:

If you include group: in your query, Google will restrict your Google Groups results to newsgroup articles from certain groups or subareas. For example, [ sleep group:misc.kids.moderated ] will return articles in the group misc.kids.moderated that contain the word “sleep” and [ sleep group:misc.kids ] will return articles in the subarea misc.kids that contain the word “sleep.”

Id: intitle:

The query intitle: term restricts results to documents containing term in the . For instance, [ flu shot intitle:help] will return documents that mention the word “help” in their titles, and mention the words “flu” and “shot” anywhere in the document (title or not).

Note: There must be no space between the intitle: and the following word.

Putting intitle: in front of every word in your query is equivalent to putting allintitle: at the front of your query, e.g., [ intitle:google intitle:search] is the same as [ allintitle: google search ].

If you include inurl: in your query, Google will restrict the results to documents containing that word in the . For instance, searches for pages on Google Guide in which the URL contains the word “print.” It finds pdf files that are in the directory or folder named “print” on the Google Guide website. The query [ inurl:healthy eating] will return documents that mention the words “healthy” in their URL, and mention the word “eating” anywhere in the document.

Note: There must be no space between the inurl: and the following word.

Putting inurl: in front of every word in your query is equivalent to putting allinurl: at the front of your query, e.g., [ inurl:healthy inurl:eating] is the same as [ allinurl: healthy eating ].

In URLs, words are often run together. They need not be run together when you're using inurl:.

The query link: URL shows pages that point to that. For example, to find pages that point to Google Guide’s home page, enter:

Find links to the UK Owners Direct home page not on its own site.

Location: related:

You can also restrict your results to a site or domain through the domains selector on the Advanced Search page.

Surely you have heard more than once about such a wonderful search engine as Google. I'm guessing you've used it more than once when you wanted to know something. But did you find what you wanted? If you search for answers on Google as often as I do, I think you will find this article useful because it is designed to make your search faster and more efficient. So, first, a little history...

Google is a corruption of the English word "googol", coined by Milton Sirotta, nephew of the American mathematician Edward Kaiser, to denote the number consisting of one and one hundred zeros. Now the name Google is the leader of Internet search engines, developed by Google Inc.

Google occupies more than 70% of the global market, which means that seven out of ten people online turn to its page when searching for information on the Internet. It currently registers about 50 million search queries daily and indexes more than 8 billion web pages. Google can find information in 101 languages. Google at the end of August 2004 consisted of 132 thousand machines located in different parts of the planet.

Google uses intelligent text analysis techniques to help you find important and relevant pages for your query. To do this, Google analyzes not only the page itself that matches the query, but also the pages that link to it to determine the value of that page for the purposes of your query. Google also prefers pages where the keywords you enter are close to each other.

The Google interface contains a rather complex query language that allows you to limit the search scope to specific domains, languages, file types, etc. The use of some operators in this language allows you to make the process of finding the necessary information more flexible and accurate. Let's look at some of them.

Logical “AND”:
By default, when you write query words separated by spaces, Google searches for documents that contain all the query words. This corresponds to the AND operator. Those. a space is equivalent to the AND operator.

For example:
Cats dogs parrots zebras
Cats AND dogs AND parrots AND zebras
(both queries are the same)

Logical "OR" (OR):
Written using the OR operator. Please note that the OR operator must be written in capital letters. Relatively recently, it became possible to write a logical “OR” in the form of a vertical bar (|), similar to how it is done in Yandex. Used to search with several options for the required information.

For example:
Dachshunds long-haired OR smooth-haired
Long-haired dachshunds | smooth-haired
(both queries are the same)

Please remember that Google queries are not case sensitive! Those. the queries Greenland Island and Greenland Island will be exactly the same.

Operator "Plus" (+):
There are situations when it is necessary to force a word into the text that may have different spellings. To do this, use the "+" operator before the required word. Let's say if we have a query for Home Alone I, the query will result in us having unnecessary information about Home Alone II, Home Alone III and very little about Home Alone I. If we have a query of the form Home Alone +I, the result will be information only about the movie “Home Alone I”.

For example:
Newspaper +Zarya
Bernoulli equation + mathematics

Excluding words from the query. Logical NOT (-):
As you know, information garbage is often encountered when composing a request. To remove it, exclusion operators are used as standard - logical “NOT”. In Google, this operator is represented by a minus sign. Using this operator, you can exclude from search results those pages that contain certain words in the text. Used like the "+" operator before the excluded word.

For example:
Crane well-bird
Dead Souls - novel

Search for an exact phrase (""):
In practice, searching for an exact phrase is required either to search for the text of a specific work, or to search for specific products or companies in which the name or part of the description is a consistently repeated phrase. To cope with this task using Google, you need to enclose the query in quotation marks (meaning double quotation marks, which are used, for example, to highlight direct speech).

For example:
The work "Quiet Don"
“It was cold outside, although this did not prevent Boris from carrying out his plans”

By the way, Google allows you to enter no more than 32 words into the query bar!

Word truncation (*):
Sometimes you need to look for information about a word combination in which one or more words are unknown. For these purposes, instead of unknown words, the “*” operator is used. Those. "*" - any word or group of words.

For example:
Master and *
Leonardo * Vinci

cache operator:
The search engine stores the version of the text that is indexed by the search spider in a special storage format called a cache. A cached version of a page can be retrieved if the original page is unavailable (for example, the server on which it is stored is down). A cached page is shown as it is stored in the search engine's database and is accompanied by a notice at the top of the page indicating that it is a cached page. It also contains information about the time the cached version was created. On the page from the cache, the query keywords are highlighted, and each word is highlighted in a different color for user convenience. You can create a request that will immediately return a cached version of a page with a specific address: cache: page_address, where instead of “page_address” is the address of the page saved in the cache. If you need to find any information in a cached page, you need to write a request for this information separated by a space after the page address.

For example:
cache:www.bsd.com
cache:www.knights.ru tournaments

We must remember that there should not be a space between ":" and the page address!

Filetype operator:
As you know, Google indexes not only html pages. If, for example, you needed to find some information in a file type other than html, you can use the filetype operator, which allows you to search for information in a specific file type (html, pdf, doc, rtf...).

For example:
Specification html filetype:pdf
Essays filetype:rtf

Operator info:
The info operator allows you to see the information that Google knows about this page.

For example:
info:www.wiches.ru
info:www.food.healthy.com

Site operator:
This operator limits the search to a specific domain or site. That is, if you make a request: marketing intelligence site:www.acfor-tc.ru, then the results will be obtained from pages containing the words “marketing” and “intelligence” on the site “acfor-tc.ru” and not on others parts of the Internet.

For example:
Music site:www.music.su
Books site:ru

Link operator:
This operator allows you to see all the pages that link to the page for which the request was made. Thus, the request link:www.google.com will return pages that contain links to google.com.

For example:
link:www.ozone.com
Friends link:www.happylife.ru

allintitle operator:
If you start a query with the allintitle operator, which translates as “everything is in the title,” then Google will return texts in which all the words of the query are contained in the titles (inside the TITLE tag in HTML).

For example:
allintitle: Free software
allintitle: Download music albums

intitle operator:
Shows pages in which only the word immediately after the intitle operator is contained in the title, and all other query words can be anywhere in the text. Putting the intitle operator before each word of the query is equivalent to using the allintitle operator.

For example:
Programs intitle: Download
intitle: Free intitle: download software

allinurl operator:
If the query begins with the allinurl operator, then the search is limited to those documents in which all the query words are contained only in the page address, that is, in the url.

For example:
allinurl:rus games
allinurl:books fantasy

inurl operator:
The word that is located directly together with the inurl operator will be found only in the address of the Internet page, and the remaining words will be found anywhere in such a page.

For example:
inurl:books download
inurl:games crack

Operator related:
This operator describes pages that are "similar" to a specific page. Thus, the query related:www.google.com will return pages with similar topics to Google.

For example:
related:www.ozone.com
related:www.nnm.ru

define statement:
This operator acts as a kind of explanatory dictionary, allowing you to quickly get a definition of the word that is entered after the operator.

For example:
define: Kangaroo
define: Motherboard

Synonym search operator (~):
If you want to find texts containing not only your keywords, but also their synonyms, then you can use the “~” operator before the word for which you want to find synonyms.

For example:
Types of ~metamorphoses
~Object orientation

Range operator (..):
For those who have to work with numbers, Google has made it possible to search for ranges between numbers. In order to find all pages containing numbers in a certain range “from - to”, you need to put two dots (..) between these extreme values, that is, the range operator.

For example:
Buy a book $100..$150
Population 1913..1935

Here are all the Google query language operators I know. I hope they will somehow make the process of finding the information you need easier. In any case, I use them very often and I can say with confidence that when using them I spend significantly less time searching than without them.

Good luck! And may the Force be with you.

Tags: search, operators, Google

Guys, we put our soul into the site. Thank you for that
that you are discovering this beauty. Thanks for the inspiration and goosebumps.
Join us on Facebook And In contact with

Today, almost every person has their own Facebook profile, but not everyone knows the capabilities of this social network.

website I decided to teach you some of the intricacies of Mark Zuckerberg’s brainchild.

1. Read hidden messages

Few people know that Facebook has two mailboxes. One of them is for messages from people who are not your Facebook friends. If you didn't know about the second mailbox, then you most likely missed invitations to various events from friends of your friends or proposals for a meeting from former work colleagues. To read these messages, you need to click on the “Messages” icon, then click on the “Correspondence Requests” button and execute the “View filtered requests” command.

2. Check where you came from to your page

If you doubt that you have left your page on your friend's computer, you can click the small downward arrow in the upper right corner of your screen and select “Settings.” Click on the “Security” button from the list of commands that appears on the left, and then select “Where you are signed in from” - this way you can track all browsers on which you are logged into your account at any time. To leave your page on any browser, simply click “End Action”.

3. Be sure that no one will hack you

If you have doubts about Facebook’s security system, you can use the “Login Confirmation” button in the same “Security Settings” section. Thus, the security system will require you to enter a password when logging into your account from an unknown device. If you access your page from a device you have never used, you will be required to use a password that will be sent to your phone.

4. Assign someone responsible for your profile

I wonder what happens to our social media profile when we no longer use it? On Facebook, you also have the opportunity to select the person who will be responsible for your page in the event of your death by clicking on the “Trusted Contacts” button in the same “Security Settings”. A trusted contact will not be able to post news or correspond on your behalf. His powers include changing his profile photo and responding to friend requests.

5. Allow yourself to be nostalgic.

Sometimes we want to look again at our old ridiculous photos and old correspondence with our best friend. To do this, you don’t have to spend hours scrolling the mouse wheel, but you can simply click on the three dots icon in your friend’s profile and execute the “View Friendship” command.

6. Remember your Facebook past

On Facebook, you have the ability to view everything you've ever liked, commented on, or posted. Simply click on the upside-down arrow in the top right corner of your page and select “Activity Log.”

7. Walk in someone else's shoes

If you want to know what your profile looks like to people who aren't your friends, click on the three dots to the right of "View Activity Log" and select "View As..." This will give you a great opportunity to see your profile through the eyes of strangers you people.

Select icon user audience for posting on Facebook You will find most places where you can share information, change status, upload photos and other materials. Click the select tool to specify your target audience.

The utility remembers the last selected target audience, and until it is changed, selects it as the default target audience when publishing subsequent content. For example, if you published public post, the next post will be visible to everyone, unless you change the audience when publishing.

The recipient selection icon is available in many places, including in your privacy settings. Changing the reader selection icon settings in one place causes the settings for that tool to update in all places where it is available.

Icon audience selection is located next to the material you publish, making it easy to determine who can view this post. If you need to change the audience of a previously shared message, click on the reader selection icon and select a new audience.

Remember that if you add a post to another person's feed, they will have control over who can see your post. In addition, the post can be seen by all persons designated as friends.

How to change the audience of a post on Facebook

You can use the icon audience selection to change the visibility of any previously published content in your Chronicle.

Remember that when you do something on a friend’s timeline, the friend determines the readership of the post.

Can others see who can see content?

People who can see your post also see the range of readers to whom the post is visible: public, friends, only me, or custom settings.

When choosing Custom Settings, the person who has access to the post can see the first and last names of the people with whom you shared the post.

Who can tag or comment on posts

When you share content on Facebook, you can control who can see it using the audience selection icon. At the same time, everyone who can see the post can tag or comment on it.

If you have set a subscription ban, you can control who can comment on your public posts. Select filter Comments on publications parameter Disable filter- this will allow everyone to comment on your public posts.

Select Enable filter to allow only a limited group of people, such as friends and friends of friends, to comment on your public posts.

What audience options are available to choose from?

The Facebook Post Audience Selector icon allows you to select a specific audience.

The following functions are available:

You can also share content with your friends in pre-created circles, such as Family or Best Friends, or hide messages from a list of “special” friends (such as Colleagues).

What does the Friends/Friends (+) option mean?

This option allows you to share content with friends on Facebook. If someone is designated in the post, the circle of recipients expands to Friends (+), since it will also include the designated person and his friends.

If you don't want your photos or post to be visible to the designated person's friends, you can adjust this setting. Just click the audience select icon, select User Settings and remove Friends of the designated person.

Obtaining private data does not always mean hacking - sometimes it is published publicly. Knowledge of Google settings and a little ingenuity will allow you to find a lot of interesting things - from credit card numbers to FBI documents.

WARNING

All information is provided for informational purposes only. Neither the editors nor the author are responsible for any possible harm caused by the materials of this article.

Today, everything is connected to the Internet, with little concern for restricting access. Therefore, many private data become the prey of search engines. Spider robots are no longer limited to web pages, but index all content available on the Internet and constantly add non-public information to their databases. Finding out these secrets is easy - you just need to know how to ask about them.

Looking for files

In capable hands, Google will quickly find everything that is not found on the Internet, for example, personal information and files for official use. They are often hidden like a key under a rug: there are no real access restrictions, the data simply lies on the back of the site, where no links lead. The standard Google web interface provides only basic advanced search settings, but even these will be sufficient.

You can limit your Google search to a specific type of file using two operators: filetype and ext . The first specifies the format that the search engine determined from the file title, the second specifies the file extension, regardless of its internal content. When searching in both cases, you only need to specify the extension. Initially, the ext operator was convenient to use in cases where the file did not have specific format characteristics (for example, to search for ini and cfg configuration files, which could contain anything). Now Google's algorithms have changed, and there is no visible difference between operators - in most cases the results are the same.


Filtering the results

By default, Google searches for words and, in general, any entered characters in all files on indexed pages. You can limit the search area by top-level domain, a specific site, or by the location of the search sequence in the files themselves. For the first two options, use the site operator, followed by the name of the domain or selected site. In the third case, a whole set of operators allows you to search for information in service fields and metadata. For example, allinurl will find the given one in the body of the links themselves, allinanchor - in the text equipped with the tag , allintitle - in page titles, allintext - in the body of pages.

For each operator there is a lightweight version with a shorter name (without the prefix all). The difference is that allinurl will find links with all words, and inurl will only find links with the first of them. The second and subsequent words from the query can appear anywhere on web pages. The inurl operator also differs from another operator with a similar meaning - site. The first also allows you to find any sequence of characters in a link to the searched document (for example, /cgi-bin/), which is widely used to find components with known vulnerabilities.

Let's try it in practice. We take the allintext filter and make the request produce a list of numbers and verification codes of credit cards that will expire only in two years (or when their owners get tired of feeding everyone).

Allintext: card number expiration date /2017 cvv

When you read in the news that a young hacker “hacked into the servers” of the Pentagon or NASA, stealing classified information, in most cases we are talking about just such a basic technique of using Google. Suppose we are interested in a list of NASA employees and their contact information. Surely such a list is available in electronic form. For convenience or due to oversight, it may also be on the organization’s website itself. It is logical that in this case there will be no links to it, since it is intended for internal use. What words can be in such a file? At a minimum - the “address” field. Testing all these assumptions is easy.


Inurl:nasa.gov filetype:xlsx "address"


We use bureaucracy

Finds like this are a nice touch. A truly solid catch is provided by a more detailed knowledge of Google's operators for webmasters, the Network itself, and the peculiarities of the structure of what is being sought. Knowing the details, you can easily filter the results and refine the properties of the necessary files in order to get truly valuable data in the rest. It's funny that bureaucracy comes to the rescue here. It produces standard formulations that are convenient for searching for secret information accidentally leaked onto the Internet.

For example, the Distribution statement stamp, required by the US Department of Defense, means standardized restrictions on the distribution of a document. The letter A denotes public releases in which there is nothing secret; B - intended only for internal use, C - strictly confidential, and so on until F. The letter X stands out separately, which marks particularly valuable information representing a state secret of the highest level. Let those who are supposed to do this on duty search for such documents, and we will limit ourselves to files with the letter C. According to DoDI directive 5230.24, this marking is assigned to documents containing a description of critical technologies that fall under export control. You can find such carefully protected information on sites in the top-level domain.mil, allocated for the US Army.

"DISTRIBUTION STATEMENT C" inurl:navy.mil

It is very convenient that the .mil domain contains only sites from the US Department of Defense and its contract organizations. Search results with a domain restriction are exceptionally clean, and the titles speak for themselves. Searching for Russian secrets in this way is practically useless: chaos reigns in domains.ru and.rf, and the names of many weapons systems sound like botanical ones (PP “Kiparis”, self-propelled guns “Akatsia”) or even fabulous (TOS “Buratino”).


By carefully studying any document from a site in the .mil domain, you can see other markers to refine your search. For example, a reference to the export restrictions “Sec 2751”, which is also convenient for searching for interesting technical information. From time to time it is removed from official sites where it once appeared, so if you cannot follow an interesting link in the search results, use Google’s cache (cache operator) or the Internet Archive site.

Climbing into the clouds

In addition to accidentally declassified government documents, links to personal files from Dropbox and other data storage services that create “private” links to publicly published data occasionally pop up in Google's cache. It’s even worse with alternative and homemade services. For example, the following query finds data for all Verizon customers who have an FTP server installed and actively using their router.

Allinurl:ftp:// verizon.net

There are now more than forty thousand such smart people, and in the spring of 2015 there were many more of them. Instead of Verizon.net, you can substitute the name of any well-known provider, and the more famous it is, the larger the catch can be. Through the built-in FTP server, you can see files on an external storage device connected to the router. Usually this is a NAS for remote work, a personal cloud, or some kind of peer-to-peer file downloading. All contents of such media are indexed by Google and other search engines, so you can access files stored on external drives via a direct link.

Looking at the configs

Before the widespread migration to the cloud, simple FTP servers ruled as remote storage, which also had a lot of vulnerabilities. Many of them are still relevant today. For example, the popular WS_FTP Professional program stores configuration data, user accounts and passwords in the ws_ftp.ini file. It is easy to find and read, since all records are saved in text format, and passwords are encrypted with the Triple DES algorithm after minimal obfuscation. In most versions, simply discarding the first byte is sufficient.

It is easy to decrypt such passwords using the WS_FTP Password Decryptor utility or a free web service.

When talking about hacking an arbitrary website, they usually mean obtaining a password from logs and backups of configuration files of CMS or e-commerce applications. If you know their typical structure, you can easily indicate the keywords. Lines like those found in ws_ftp.ini are extremely common. For example, in Drupal and PrestaShop there is always a user identifier (UID) and a corresponding password (pwd), and all information is stored in files with the .inc extension. You can search for them as follows:

"pwd=" "UID=" ext:inc

Revealing DBMS passwords

In the configuration files of SQL servers, user names and email addresses are stored in clear text, and their MD5 hashes are written instead of passwords. Strictly speaking, it is impossible to decrypt them, but you can find a match among the known hash-password pairs.

There are still DBMSs that do not even use password hashing. The configuration files of any of them can simply be viewed in the browser.

Intext:DB_PASSWORD filetype:env

With the advent of Windows servers, the place of configuration files was partially taken by the registry. You can search through its branches in exactly the same way, using reg as the file type. For example, like this:

Filetype:reg HKEY_CURRENT_USER "Password"=

Let's not forget the obvious

Sometimes it is possible to get to classified information using data that was accidentally opened and came to the attention of Google. The ideal option is to find a list of passwords in some common format. Only desperate people can store account information in a text file, Word document or Excel spreadsheet, but there is always enough of them.

Filetype:xls inurl:password

On the one hand, there are a lot of means to prevent such incidents. It is necessary to specify adequate access rights in htaccess, patch the CMS, not use left-handed scripts and close other holes. There is also a file with a list of robots.txt exceptions that prohibits search engines from indexing the files and directories specified in it. On the other hand, if the structure of robots.txt on some server differs from the standard one, then it immediately becomes clear what they are trying to hide on it.

The list of directories and files on any site is preceded by the standard index of. Since for service purposes it must appear in the title, it makes sense to limit its search to the intitle operator. Interesting things are in the /admin/, /personal/, /etc/ and even /secret/ directories.

Stay tuned for updates

Relevance is extremely important here: old vulnerabilities are closed very slowly, but Google and its search results are constantly changing. There is even a difference between a “last second” filter (&tbs=qdr:s at the end of the request URL) and a “real time” filter (&tbs=qdr:1).

The time interval of the date of the last update of the file is also indicated implicitly by Google. Through the graphical web interface, you can select one of the standard periods (hour, day, week, etc.) or set a date range, but this method is not suitable for automation.

From the look of the address bar, you can only guess about a way to limit the output of results using the &tbs=qdr: construction. The letter y after it sets the limit of one year (&tbs=qdr:y), m shows the results for the last month, w - for the week, d - for the past day, h - for the last hour, n - for the minute, and s - for give me a sec. The most recent results that Google has just made known are found using the filter &tbs=qdr:1 .

If you need to write a clever script, it will be useful to know that the date range is set in Google in Julian format using the daterange operator. For example, this is how you can find a list of PDF documents with the word confidential, downloaded from January 1 to July 1, 2015.

Confidential filetype:pdf daterange:2457024-2457205

The range is indicated in Julian date format without taking into account the fractional part. Translating them manually from the Gregorian calendar is inconvenient. It's easier to use a date converter.

Targeting and filtering again

In addition to specifying additional operators in the search query, they can be sent directly in the body of the link. For example, the filetype:pdf specification corresponds to the construction as_filetype=pdf . This makes it convenient to ask any clarifications. Let's say that the output of results only from the Republic of Honduras is specified by adding the construction cr=countryHN to the search URL, and only from the city of Bobruisk - gcs=Bobruisk. You can find a complete list in the developer section.

Google's automation tools are designed to make life easier, but they often add problems. For example, the user’s city is determined by the user’s IP through WHOIS. Based on this information, Google not only balances the load between servers, but also changes the search results. Depending on the region, for the same request, different results will appear on the first page, and some of them may be completely hidden. The two-letter code after the gl=country directive will help you feel like a cosmopolitan and search for information from any country. For example, the code of the Netherlands is NL, but the Vatican and North Korea do not have their own code in Google.

Often, search results end up cluttered even after using several advanced filters. In this case, it is easy to clarify the request by adding several exception words to it (a minus sign is placed in front of each of them). For example, banking, names and tutorial are often used with the word Personal. Therefore, cleaner search results will be shown not by a textbook example of a query, but by a refined one:

Intitle:"Index of /Personal/" -names -tutorial -banking

One last example

A sophisticated hacker is distinguished by the fact that he provides himself with everything he needs on his own. For example, VPN is a convenient thing, but either expensive, or temporary and with restrictions. Signing up for a subscription for yourself is too expensive. It's good that there are group subscriptions, and with the help of Google it's easy to become part of a group. To do this, just find the Cisco VPN configuration file, which has a rather non-standard PCF extension and a recognizable path: Program Files\Cisco Systems\VPN Client\Profiles. One request and you join, for example, the friendly team of the University of Bonn.

Filetype:pcf vpn OR Group

INFO

Google finds password configuration files, but many of them are encrypted or replaced with hashes. If you see strings of a fixed length, then immediately look for a decryption service.

Passwords are stored encrypted, but Maurice Massard has already written a program to decrypt them and provides it for free through thecampusgeeks.com.

Google runs hundreds of different types of attacks and penetration tests. There are many options, affecting popular programs, major database formats, numerous vulnerabilities of PHP, clouds, and so on. Knowing exactly what you're looking for will make it much easier to find the information you need (especially information you didn't intend to make public). Shodan is not the only one that feeds with interesting ideas, but every database of indexed network resources!