Everyone overthinks things once in a while, especially when we’re trying to save time and create the “perfect” Boolean search string that will cover all the right keywords. Sometimes, we overthink it and create a string that is so complex that it won’t work, and we spend more time fixing it than trying to run a few more simple strings.
Because I like simple things, I try to create simple strings at the beginning of my search and make them more complex at the end. Creating advanced and complex strings is something anyone can do, but there is hidden beauty in simple things.
The Most Powerful String I Use
My favorite string is this one:
intitle:index.of
This string will reveal all the folders that are not protected and that were indexed by Google. It will show you about 41,200,000 results depending on your search location. But the power of the string lies in the additional keywords you add.
GDPR and index.of
If you are going to try it, keep in mind that you can breach GDPR quite easily. If you run those two strings, you can easily find many CVs that are not protected:
intext:index.of resume
You can also use the inurl: operator and target keywords in a URL:
intitle:index.of inurl:resume
Or you can include more keywords:
intitle:index.of (inurl:Resume OR inurl:CV OR inurl:”curriculum vitae”)
intitle:index.of inurl:(Resume OR CV OR Bio OR Profile OR “curriculum vitae”)
You can also target keywords in files and specific email addresses:
intitle:index.of (Resume OR CV OR “curriculum vitae”) “@gmail.com”
There are many other ways that you can use the index.of command.
You can use it with the intext: operator to get more results if you want:
intext:index.of
This will give you more results because it’s targeting anything where the “index.of” is mentioned.
You can also target companies or domains and check what folders they have open. Adding the site: operator will do the trick. If you want to target a specific domain, just add site: and the domain name:
site:de intitle:index.of
This will target all German domains.
You can also use the “[To Parent Directory]” phrase to target similar sites, just like when you are using index.of:
site:de “[To Parent Directory]”
And if you would like to target specific sites or companies, just add their domain after the site: operator:
site:ibm.com intitle:index.of
You can find a string to find various data and some interesting things when you play with other keywords:
intitle:index.of password
intitle:index.of passwords
intitle:index.of secret
A Second Simple Sourcing Trick: Google Images
Many companies add information and images of their employees to their website. Sometimes, these images are so small that you can’t use the reverse image search. However, there is a simple trick that I successfully use.
Note: Because of GDPR, I am not showing photos or names.
Right-click on an image and select “Inspect Image.”
Copy the URL into Google Image search and select “Face.”
This will very often show you the profile picture of all the people working for that company, and their photos are usually posted on that website. Now you can take the time to go through the whole site.
Note: You can also try to use the URL without “https://.”
Conclusion
There are many simple sourcing tricks that you can use to find the information you are looking for that is even cooler than these two simple tricks. However always keep in mind that even a simple string like the one at the beginning of this article could reveal folders that are not protected, and they may contain private information.
You can often find interesting information about companies, people, and government institutions, but keep in mind that just because you’ve found it doesn’t mean you have permission to use it!
Some data are just poorly protected, and you shouldn’t download them because you could be breaking the laws of your country, GDPR, and so on. It’s up to you how far you are willing to go, but you need to consider the consequences of these decisions.