Vega Web Security Scanner 1.0 Beta Windows / Linux




Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own.

Download


Saba

National Level Ethical Hacking Contest - 2012 - Sign up now...




What you need to do?
1. Form a team (max five members from your college)
2. Approach a faculty/mentor and request him/her to mentor your team
3. Register online at http://inctf.in
In addition it’s been decided that teams which finished in the top 10 places on InCTF 2011 qualify directly for the second round-they do not have to participate in the first round. Congratulations to all these teams!
Great Rewards
25K The winning team receives a cash prize of up to Rs. 25000/-
20K The first runner-up team receives a cash prize of up to Rs. 20000/-
15K The second runner-up team receives a cash prize of up to Rs. 15000/-
10K The third runner-up team receives a cash prize of up to Rs. 10000/-
5K The fourth runner-up team receives a cash prize of up to Rs. 5000/-

See http://inctf.in/prizes for more.

Special Prizes*

  • Teams are awarded prizes based on their performance
  • Deserving teams are well awarded. Exciting prizes to be won.
So, what are you waiting for? It’s simple: Register, Learn, Hack! See you in InCTF ’12


for more infor :-   http://inctf.in

Unable to delete the file? here is the trick..


Unable to delete the file?


Here the trick how you can delete these kind of files.
Here are steps.

SEND SELF-DESTRUCTING EMAILS... Interesting one.



What is KickNotes?

KickNotes is a completely free service used to send and receive self-destructing online messages.

http://www.kicknotes.com/aboutkn.htm

Use KickNotes to send:

Sensitive Messages
Personal Contact Info
Announcements
Invitations
Temporary Advertising
"Work Unsafe" Links or Images

Use KickNotes on:

Work Computers
Family Computers
Shared Computers
Public Computers

Sql injection Using Havij - Video

You like a Blog ... Convert it into E- book --- Free.


 Website Name :-Book Smith 
Supports :- Blogger and wordpresss  
Use  Gmail login  to get full content of blogs, you may also continue with parital content,

Why should i use this conversion   ?
1) you may like the blog and you dont have time to read the complete articles at the same time frame
2) This e-book helps to read you blog articles offline. cool haaa


Or


Just  convert web page to pdf....


use this...


http://pdfmyurl.com/


Saba

The SAMHAIN file integrity / host-based intrusion detection system



The Samhain host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.
Samhain been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and maintenance, although it can also be used as standalone application on a single host.
Samhain is an open-source multiplatform application for POSIX systems (Unix, Linux, Cygwin/Windows).

PHP Vulnerability Hunter v.1.1.4.6 - Automated fuzz testing tool

PHP Vulnerability Hunter is an advanced automated whitebox fuzz testing tool.  

 This is the application that detected almost all of the web application vulnerabilities listed on the advisories page. PHP Vulnerability Hunter is an advanced automated whitebox fuzz testing tool capable of triggering a wide range of exploitable faults in PHP web applications. Minimal configuration is necessary to begin a scan; PHP Vulnerability Hunter doesn’t even need a user specified starting URI. 

For More http://www.autosectools.com/PHP-Vulnerability-Scanner



Download


Source

Ncrack – High Speed Network Authentication Cracking Tool


Introduction

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts.
Ncrack's features include a very flexible interface granting the user full control of network operations, allowing for very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap's and many more. Protocols supported include RDP, SSH, http(s), SMB, pop3(s), VNC, FTP, and telnet.

Are you a Hacker/Cracker -Test your Hacking skills - Live

Below are the websites where you can learn and hack like hackers.


1) http://hackforums.net/ -Hacking and Market place
2) http://evilzone.org/ -Hacking and Warez
3) http://hackaday.com/
4) http://www.hitb.org/
5)http://www.hackthissite.org/ - Best site :)

Source
Credit

Step wise :-phUploader Remote File Upload Vulnerability


This is purely for educational purpose



Step:1
www.google.com 
Step:2
intitle:Powered By phUploader  ( paste this and search for Vulnerable site)
Step:3
vulnerable site will have path ending with upload.php
Ex:-http://sitename/ path/upload.php
Ex:- http://sitename/upload.php 

Uniscan 5.2 : Information Security vulnerability Scanner


The Uniscan vulnerability scanner is aimed at information security, which aims at finding vulnerabilities in Web systems. The Uniscan was developed using the Perl programming language to be easier to work with text, has an easy to use regular expressions and is also multi-threaded.

nmapsi4 0.3 beta1 released.




NmapSI4

NmapSi4 is a complete Qt4-based Gui with the design goals to provide a complete nmap interface for Users, in order to menage all option of this power security net scanner and search services vulnerability.
  • Traceroute support with nmap.
  • Lookup support with internal tool or dig.
  • Vulnerabilities search support (new functionality done 0.3~git).

Facebook spam attack results in graphic images for some users

Facebook said a deliberate spam attack was behind a flood of graphic images that some users had reported seeing in their news feeds.
The issue, which first surfaced last week, had largely been resolved by late Tuesday, said Frederic Wolens, a spokesman at the company. Mr. Wolens said the attack lured users into copying and pasting a Web address into their browser with the promise of showing them a neat video or telling them who was viewing the profile. Instead, that Web site installed malicious software that began filling their news feeds with violent and pornographic images without their knowledge.
Read More

Two Lakh FB accounts from Bangalore Hacked - 15th nov 2011

 
Bangalore:  Over two lakh city Facebook users woke up to a social media embarrassment yesterday morning as their accounts had been hacked and weblinks to their morphed pornographic pictures sent as feeds to friends and family.



Another FB news on nov 15th 2011

Basic requirements to be an Ethical Hacker.


< To Learn Ethical hacking ... Aspirant should have a long term goal ,discipline and more importantly Ethical. The Aim and objective of  Ethical hacking is for defense not offense >


Ethical hackers need hands-on security skills. Although you do not have to be an expert in everything, you should have an area of expertise. Security tests are typically performed by teams of individuals, where each individual typically has a core area of expertise. These skills include:

Routers —
Knowledgeof routers, routing protocols, and access control lists (ACLs).
Microsoft —
Skills in the operation, configuration, and management of Microsoft-based systems. These can run the gamut from Windows NT to Windows 2003.
Linux —
A good understanding of the Linux/UNIX OS. This includes security setting, configuration, and services such as Apache. These individuals may be Red Hat, or Linux+ certified.
Firewalls —
Knowledge of firewall configuration and the operation of intrusion detection systems (IDS) and intrusion prevention systems (IPS) can be helpful when performing a security test.
Network protocols —
Most modern networks are Transmission Control Protocol/ Internet Protocol (TCP/IP), although you might still find the occasional network that uses Novell or Apple routing information. Someone with good knowledge of networking protocols, as well as how these protocols function and can be manipulated, can play a key role in the team.

Credit 

Types of Hackers

Types of hackers

Hackers are divided into three categories :

1)    white hat hackers   2)    black hat hackers  3)    gray hat hackers

White hat hackers :


They are generally security professionals white hat hackers in computer slang’s refers to an ethical hacker, a penetration or vulnerabilities tester or a security expert

White hat hackers are computer security experts who specialize in penetration testing and other testing methodologies, to ensure security. This white hat hacker uses the computer security tools, hacker tools and tactics to find or identify the exploits or vulnerabilities and works for security

Now basically saying white hat hackers uses hacking techniques and skills in an ethical manner i.e. in defense purposes


Black hat hackers :


Comparing to white hat hackers black hat hackers are villains or bad guy’s , especially as the name suggests white hat hackers uses the hacking techniques for their profit , it can be from stealing information or money  by gaining unauthorized access or by destroy vital data Or anything it means they intent to cause problems for their subjects or targets .

They break the Law, exploit Vulnerabilities, in other words they violate the system integrity with malicious intent.
 



Gray Hat hackers :

These hackers generally hack to learn. These types of hackers are the combination of both i.e. white hat hackers and Black hat hackers. Gray hat hackers may work for offensive purposes or defensive, depends on the situation and the choice.

There are self proclaimed ethical hackers, who are interested in gaining knowledge mostly for curious purposes. Most of the people fall in this category



Ethical hackers are up against several individuals in the battle to secure the network. The following list presents some of the more commonly used terms for these attackers:

Phreakers —
The original hackers. These individuals hacked telecommunication and PBX systems to explore the capabilities and make free phone calls. Their activities include physical theft, stolen calling cards, access to telecommunication services, reprogramming of telecommunications equipment, and compromising userids and passwords to gain unauthorized use of facilities, such as phone systems and voice mail.
Script/Click Kiddies —
A term used to describe often younger attackers who use widely available freeware vulnerability assessment tools and hacking tools that are designed for attacking purposes only. These attackers typically do not have any programming or hacking skills and, given the techniques used by most of these tools, can be defended against with the proper security controls and risk mitigation strategies.
Disgruntled Employee —
Employees who have lost respect and integrity for the employer. These individuals might or might not have more skills than the script kiddie. Many times, their rage and anger blind them. They rank as a potentially high risk because they have insider status, especially if access rights and privileges were provided or managed by the individual.
Whackers —
Whackers are typically newbies who focus their limited skills and abilities on attacking wireless LANs and WANs.
Software Cracker/Hacker —
Individualswho have skills in reverse engineering software programs and, in particular, licensing registration keys used by software vendors when installing software onto workstations or servers. Although many individuals are eager to partake of their services, anyone who downloads programs with cracked registration keys are breaking the law and can be a greater potential risk and subject to malicious code and malicious software threats that might have been injected into the code.
Cyber-Terrorists/Cyber-Criminals
An increasing category of threat that can be used to describe individuals or groups of individuals who are typically funded to conduct clandestine or espionage activities on governments, corporations, and individuals in an unlawful manner. These individuals are typically engaged in sponsored acts of defacement; DoS/DDoS attacks identify theft, financial theft, or worse, compromising critical infrastructures in countries, such as nuclear power plants, electric plants, water plants, and so on.
System Cracker/Hacker —
Elite hackers who have specific expertise in attacking vulnerabilities of systems and networks by targeting operating systems. These individuals get the most attention and media coverage because of the globally affected viruses, worms, and Trojans that are created by System Crackers/Hackers. System Crackers/Hackers perform interactive probing activities to exploit security defects and security flaws in network operating systems and protocols.
Now that you have an idea who the legitimate security professionals are up against, let’s briefly discuss some of the better known crackers and hackers.


Source

Credit

What is Ethical Hacking and why is it ?


I know Ethical Hacking( ET) is much of applied training then reading the definitions, But what to do friends, when we decided to start from A- Z , we have to cover this topic as well.


You can disregard this topic if you are aware of it. This article is targeted to newbies ONLY. 

 What is Ethical Hacking and why is it ?

Content and Index of the e-Learning - Ethical Hacking.

Chapter 1


Introduction  

      1. What is Ethical Hacking and why is it ? ( Click the link for reading)
  1. Types of Hackers
  2. Basic requirements to be an Ethical Hacker.
Basic Network
  1. TCP/IP
  2. IP Address 
  3. SSH and Putty

 I will start posting topic by topic ASAP.

Thank you reading
Saba

Hacking Basics.

Hi All,
After i started this blog , many of FB/gtalk users started posting/email to me strange requests.


I am writing down few of note worthy/foolish questions here.


1) I want hack FB account
2) I am new to Security domain( user used hacking instead of security domain) and want to learn HACKING.

How to create Number trick on facebook



1) click on the your profile .
2) copy the Number in url ( only number)
3) replace xxxxx with url id number @[xxxxxxxxxxx:0]
How to create a quotation with number trick?

1) create a page under you FB page .
2) Add title to page with the your Fav quote (ex:- Do before ask, learn before you do - Saba)
3)Now you can see the Url of page will have Unique ID ,
4) copy the url and replacexxxxx the @[xxxxxxxxxxx:0]

this is simple trick :) enjoy 

Tor Browser Bundle -browse Anonymously

 

Tor Browser Bundle


The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from

HOWTO : Blind SQL Injection _ Videos


Credit to : KFProdigy

This is KFProdigy's work but not mine. I re-post it for educational purpose only.



SQL Injection: What is it?

SQL Injection

SQL Injection: What is it?

SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations. It is perhaps one of the most common application layer attack techniques used today. It is the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database.
In essence, SQL Injection arises because the fields available for user input allow SQL statements to pass through and query the database directly.
SQL Injection: An In-depth ExplanationWeb applications allow legitimate website visitors to submit and

Wireshark v1.7.0 Released

Wireshark is the world's foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto (and often de jure) standard across many industries and educational institutions.

Source

Download

SQL Injection -Basics

I found this article @ Source 
I thought this is MUST read article for aspirants who are looking for Sql Injection basics   
Credit goes to author :-Source 


< Disclaimer:-  This tutorial is purely for educational purpose>
What is SQL Injection?
Spoiler
is a code injection technique that exploits a security vulnerability occurring in the database layer of an application (like queries). The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.



Step 1: Choose Your Target

John the Ripper -a fast password cracker

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version.




John the Ripper is free and Open Source software, distributed primarily in source code form. If you would rather use a commercial product tailored for your specific operating system, please consider John the Ripper Pro, which is distributed primarily in the form of "native" packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance.

Proceed to John the Ripper Pro homepage for your OS:
Download one of the latest official free versions (release notes):

Download the latest community-enhanced version (release notes):

 Source :- http://www.openwall.com/john/

Useful - Hack tools

http://www.beenuarora.com/work.html

I did not tried them yet ;)

Saba

Facebook Number trick Half-Explained

Interesting post going on Face book these days

To Paste  @[134282353283788:0]
on status or comment and you will get Life is too short smile while you still have teeth
 
 
This number(134282353283788) indicates the page unique number ( click on the above link  ) and this will pick up title of page.
you can also create you own link.

Here is one .
@[169551793136994:] This is my page title.
@[100003140491969:] This is My FB name

Copy .. paste  and check out.


Frankly, still I am working on the syntax @ and :0 , I will post you update.
If some body know how does it work , please post the comments.
=================================================================================================
Here you go.. @ is used for tagging the friends , when ever you type @ in comments and Status .. you will be getting a drop down list where you can select friend/group/page. .. here in this trick , we are using @ and number( unique id) of page/friend/ etc. ... still working on Syntax [ ]:0 will update you...
==================================================================





Saba


Facebook Trick

1. Copy the below lines :

@[134282353283788:0]

2. Put on the comment line/Status
...

4. Enter

try it ...... :P

TCPEye Network Monitoring

Description

TCPEye V1.0 is network monitoring software that displays the list of all currently opened TCP/IP and UDP ports on your local computer.
For each port in the list, information about the process that opened the port is also displayed,
including the process name,
full path of the process,
version information of the process (product name, file description, and so on),
the time that the process was created,
and the user that created it.
Country Name + Flag
In addition, TCPEye allows you to close unwanted TCP connections,
kill the process that opened the ports, and save the TCP/UDP ports information to HTML file , XML file, or to tab-delimited text file.
TCPEye also automatically mark with pink color suspicious TCP/UDP ports owned by unidentified applications (Applications without version information and icons)
Compatible Windows XP/Vista/7/Server 2003/2008/

source
 

Net Share Monitor

This is the best site for many security tools,   your rock securityxploded.
Thanks for sharing good tools and info...
-------------------------------------- Here is good tool ------------------------




NetShareMonitor is the application to watch your shared files from the intruders and thereby protecting your shares from unauthorized access. As soon as remote user connects to your machine, NetShareMonitor detects it and displays information about that session. The session information includes remote host address, remote user name, list of accessed files and time of connection. Entire details pertaining to each session will be logged to file for future analysis.

Now you no longer have to worry about your shared files being accessed by unknown persons on the network. You can make NetShareMonitor to keep eye on your shares while you get down to work. It will alert you on any file access and you can always check the log files for past sessions in case you have missed the alert.


 

Search engine hacking

The following table lists the search operators that work with each Google search service. Click on an operator to jump to its description — or, to read about all of the operators, simply scroll down and read all of this page.
Search ServiceSearch Operators
Web Searchallinanchor:allintext:allintitle:allinurl:cache:define:
,filetype:,id:inanchor:info:intext:intitle:inurl:link:,phonebook: 
related:site:
Image Searchallintitle:allinurl:filetype:inurl:intitle:site:
Groupsallintext:allintitle:author:group:insubject:intext:,intitle:
Directoryallintext:allintitle:allinurl:ext:filetype:intext:,intitle:inurl:
Newsallintext:allintitle:allinurl:intext:intitle:inurl:,location:source:
Product Searchallintext:allintitle:
The following is an alphabetical list of the search operators. This list includes operators that are not officially supported by Google and not listed in Google’s online help.
Note: Google may change how undocumented operators work or may eliminate them completely.
Each entry typically includes the syntax, the capabilities, and an example. Some of the search operators won’t work as intended if you put a space between the colon (:) and the subsequent query word. If you don’t care to check which search operators require no space after the colon, always place the keyword immediately next to the colon. Many search operators can appear anywhere in your query. In our examples, we place the search operator as far to the right as possible. We do this because the Advanced Search form writes queries in this way. Also, such a convention makes it clearer as to which operators are associated with which terms.
allinanchor:
If you start your query with allinanchor:, Google restricts results to pages containing all query terms you specify in the anchor text on links to the page. For example, [ allinanchor: best museums sydney ] will return only pages in which the anchor text on links to the pages contain the words “best,” “museums,” and “sydney.” Anchor text is the text on a page that is linked to another web page or a different place on the current page. When you click on anchor text, you will be taken to the page or place on the page to which it is linked. When using allinanchor: in your query, do not include any other search operators. The functionality of allinanchor: is also available through the Advanced Web Search page, under Occurrences.
allintext:
If you start your query with allintext:, Google restricts results to those containing all the query terms you specify in the text of the page. For example, [ allintext: travel packing list ] will return only pages in which the words “travel,” “packing,” and “list” appear in the text of the page. This functionality can also be obtained through the Advanced Web Search page, under Occurrences.
allintitle:
If you start your query with allintitle:, Google restricts results to those containing all the query terms you specify in the title. For example, [ allintitle: detect plagiarism ] will return only documents that contain the words “detect” and “plagiarism” in the title. This functionality can also be obtained through the Advanced Web Search page, under Occurrences. The title of a webpage is usually displayed at the top of the browser window and in the first line of Google’s search results for a page. The author of a website specifies the title of a page with the HTML TITLE element. There’s only one title in a webpage. When using allintitle: in your query, do not include any other search operators. The functionality of allintitle: is also available through the Advanced Web Search page, under Occurrences. In Image Search, the operator allintitle: will return images in files whose names contain the terms that you specify. In Google News, the operator allintitle: will return articles whose titles include the terms you specify.
allinurl:
If you start your query with allinurl:, Google restricts results to those containing all the query terms you specify in the URL. For example, [ allinurl: google faq ] will return only documents that contain the words “google” and “faq” in the URL, such as “www.google.com/help/faq.html”. This functionality can also be obtained through the Advanced Web Search page, under Occurrences. In URLs, words are often run together. They need not be run together when you’re using allinurl:. In Google News, the operator allinurl: will return articles whose titles include the terms you specify. The Uniform Resource Locator, more commonly known as URL, is the address that specifies the location of a file on the Internet. When using allinurl: in your query, do not include any other search operators. The functionality of allinurl: is also available through the Advanced Web Search page, under Occurrences.
author:
If you include author: in your query, Google will restrict your Google Groups results to include newsgroup articles by the author you specify. The author can be a full or partial name or email address. For example, [ children author:john author:doe ] or [ children author:doe@someaddress.com ] return articles that contain the word “children” written by John Doe or doe@someaddress.com. Google will search for exactly what you specify. If your query contains [ author:”John Doe” ] (withquotes), Google won’t find articles where the author is specified as “Doe, John.”
cache:
The query cache:url will display Google’s cached version of a web page, instead of the current version of the page. For example, [ cache:www.eff.org ] will show Google’s cached version of the Electronic Frontier Foundation home page.
Note: Do not put a space between cache: and the URL (web address).
On the cached version of a page, Google will highlight terms in your query that appear after the cache:search operator. For example, [ cache:www.pandemonia.com/flying/ fly diary ] will show Google’s cached version of Flight Diary in which Hamish Reid’s documents what’s involved in learning how to fly with the terms “fly” and “diary” highlighted.
define:
If you start your query with define:, Google shows definitions from pages on the web for the term that follows. This advanced search operator is useful for finding definitions of words, phrases, and acronyms. For example, [ define: blog ] will show definitions for “Blog” (weB LOG).
ext:
This is an undocumented alias for filetype:.
filetype:
If you include filetype:suffix in your query, Google will restrict the results to pages whose names end in suffix. For example, [ web page evaluation checklist filetype:pdf ] will return Adobe Acrobat pdf files that match the terms “web,” “page,” “evaluation,” and “checklist.” You can restrict the results to pages whose names end with pdf and doc by using the OR operator, e.g. [  email security filetype:pdf OR filetype:doc ]. When you don’t specify a File Format in the Advanced Search Form or the filetype: operator, Google searches a variety of file formats; see the table in File Type Conversion.
group:
If you include group: in your query, Google will restrict your Google Groups results to newsgroup articles from certain groups or subareas. For example, [ sleep group:misc.kids.moderated ] will return articles in the group misc.kids.moderated that contain the word “sleep” and [ sleep group:misc.kids ] will return articles in the subarea misc.kids that contain the word “sleep.”
id:
This is an undocumented alias for info:.
inanchor:
If you include inanchor: in your query, Google will restrict the results to pages containing the query terms you specify in the anchor text or links to the page. For example, [ restaurants inanchor:gourmet ] will return pages in which the anchor text on links to the pages contain the word “gourmet” and the page contains the word “restaurants.”
info:
The query info:URL will present some information about the corresponding web page. For instance, [ info:gothotel.com ] will show information about the national hotel directory GotHotel.com home page.
Note: There must be no space between the info: and the web page URL.
This functionality can also be obtained by typing the web page URL directly into a Google search box.
insubject:
If you include insubject: in your query, Google will restrict articles in Google Groups to those that contain the terms you specify in the subject. For example, [ insubject:”falling asleep” ] will return Google Group articles that contain the phrase “falling asleep” in the subject. Equivalent to intitle:.
intext:
The query intext:term restricts results to documents containing term in the text. For instance, [ Hamish Reid intext:pandemonia ] will return documents that mention the word “pandemonia” in the text, and mention the names “Hamish” and “Reid” anywhere in the document (text or not).
Note: There must be no space between the intext: and the following word.
Putting intext: in front of every word in your query is equivalent to putting allintext: at the front of your query, e.g., [ intext:handsome intext:poets ] is the same as [ allintext: handsome poets ].
intitle:
The query intitle:term restricts results to documents containing term in the title. For instance, [ flu shot intitle:help ] will return documents that mention the word “help” in their titles, and mention the words “flu” and “shot” anywhere in the document (title or not).
Note: There must be no space between the intitle: and the following word.
Putting intitle: in front of every word in your query is equivalent to putting allintitle: at the front of your query, e.g., [ intitle:google intitle:search ] is the same as [ allintitle: google search ].
inurl:
If you include inurl: in your query, Google will restrict the results to documents containing that word in the URL. For instance, [ inurl:print site:www.googleguide.com ] searches for pages on Google Guide in which the URL contains the word “print.” It finds pdf files that are in the directory or folder named “print” on the Google Guide website. The query [ inurl:healthy eating ] will return documents that mention the words “healthy” in their URL, and mention the word “eating” anywhere in the document.
Note: There must be no space between the inurl: and the following word.
Putting inurl: in front of every word in your query is equivalent to putting allinurl: at the front of your query, e.g., [ inurl:healthy inurl:eating ] is the same as [ allinurl: healthy eating ]. In URLs, words are often run together. They need not be run together when you’re using inurl:.
link:
The query link:URL shows pages that point to that URL. For example, to find pages that point to Google Guide’s home page, enter: [ link:www.googleguide.com ]
Note: According to Google’s documentation, “you cannot combine a link: search with a regular keyword search.” Also note that when you combine link: with another advanced operator, Google may not return all the pages that match. The following queries should return lots of results, as you can see if you remove the -site: term in each of these queries.
Find links to the Google home page not on Google’s own site. [ link:www.google.com -site:google.com ] Find links to the UK Owners Direct home page not on its own site. [ link:www.www.ownersdirect.co.uk -site:ownersdirect.co.uk ]
location:
If you include location: in your query on Google News, only articles from the location you specify will be returned. For example, [ queen location:canada ] will show articles that match the term “queen” from sites in Canada. Many other country names work; try them and see. Two-letter US state abbreviations match individual US states, and two-letter Canadian province abbreviations (like NS for Nova Scotia) also work — although some provinces don’t have many newspapers online, so you may not get many results. Some other two-letter abbreviations — such as UK for the United Kingdom — are also available.
movie:
If you include movie: in your query, Google will find movie-related information. For examples, seeGoogle’s Blog.
phonebook:
If you start your query with phonebook:, Google shows all public U.S. resudence telephone listings (name, address, phone number) for the person you specify. For example, [ phonebook: John Doe New York NY ] will show phonebook listings of everyone named John Doe in New York, NY.
related:
The query related:URL will list web pages that are similar to the web page you specify. For instance, [ related:www.consumerreports.org ] will list web pages that are similar to the Consumer Reports home page.
Note: Don’t include a space between the related: and the web page url.
You can also find similar pages from the “Similar pages” link on Google’s main results page, and from the similar selector in the Page-Specific Search area of the Advanced Search page. If you expect to search frequently for similar pages, consider installing a GoogleScout browser button, which scouts for similar pages.
site:
If you include site: in your query, Google will restrict your search results to the site or domain you specify. For example, [ admissions site:www.lse.ac.uk ] will show admissions information from London School of Economics’ site and [ peace site:gov ] will find pages about peace within the .gov domain. You can specify a domain with or without a period, e.g., either as .gov or gov.
Note: Do not include a space between the “site:” and the domain.
You can use many of the search operators in conjunction with the basic search operators +OR, and" ". For example, to find information on Windows security from all sites except microsoft.com, enter: [  windows security –site:microsoft.com  ] You can also restrict your results to a site or domain through the domains selector on the Advanced Search page.
source:
If you include source: in your query, Google News will restrict your search to articles from the news source with the ID you specify. For example, [ election source:new_york_times ] will return articles with the word “election” that appear in the New York Times. To find a news source ID, enter a query that includes a term and the name of the publication you’re seeking. You can also specify the publication name in the “news source” field in the Advanced News Search form. You’ll find the news source ID in the query box, following the source: search operator. For example, let’s say you enter the publication name Ha’aretz in the News Source box, then you click theGoogle Search button. The results page appears, and its search box contains [ peace source:ha_aretz__subscription_ ]. This means that the news source ID is ha_aretz__subscription_. This query will only return articles that include the word “peace” from the Israeli newspaper Ha’aretz.
weather
If you enter a query with the word weather and a city or location name, if Google recognizes the location, the forecast will appear at the top of the results page. Otherwise, your results will usually include links to sites with the weather conditions and forecast for that location. Since weather is not an advanced operator, there is no need to include a colon after the word. For example, [ weather Sunnyvale CA ] will return the weather for Sunnyvale, California and [ weather 94041 ] will return the weather for the city containing the zip code (US postal code) 94041, which is Mountain View, California.
The Google Guide Advanced Operator Quick Reference(www.googleguide.com/advanced_operators_reference.html) provides a nice summary of the search operators grouped by type. It includes search operators not yet documented by Google, e.g., allinanchor:allintext:,author:ext:group:id:insubject:intext:intitle:location:phonebook:, and source:.
Note: Google may change how undocumented operators work or eliminate them completely. If you notice problems or changes in Google’s undocumented operators, please let us know.


Source