What are Google Dorks?
“Google Dorks” is a term used to describe specific search queries that users can input into the Google search engine to find information that might not be easily accessible through conventional search queries. These queries are often used by security professionals, researchers, and hackers to discover vulnerabilities and sensitive information on websites and web servers. Google Dorks are extremely valuable for OSINT during Ethical Hacking.
Google Dorks typically involve the use of advanced search operators and keywords to narrow down search results to specific types of information. Some common examples of Google Dorks include:
-
Site-specific searches: You can use “site:” followed by a domain name to search for content within a specific website. For example, “site:example.com” will only return results from the website example.com.
-
Filetype searches: You can use “filetype:” followed by a file extension to search for specific types of files. For example, “filetype:pdf” will search for PDF files.
-
Inurl searches: You can use “inurl:” followed by a keyword to search for web pages with that keyword in the URL. For example, “inurl:admin” might help identify web pages related to website administration.
-
Intitle searches: You can use “intitle:” followed by a keyword to search for web pages with that keyword in the title. For example, “intitle:index of mp3” might help you find directories containing MP3 files.
-
Link: operator: You can use “link:” followed by a URL to find web pages that link to a specific webpage. This can be useful for discovering backlinks to a particular site.
-
Cache: operator: You can use “cache:” followed by a URL to view the cached version of a webpage stored by Google. This can be useful for accessing content that may have been removed or modified on the live website.
Useful Google Dorks
I have put together a list of some of the most useful search operators.
- As an Ethical Hacker, you can use these search operators to find vital information about the company you have been hired to test the security of, this is known as a penetration test.
- As a Black Hat Hacker, you can abuse these modifiers to find user accounts, passwords & much more.
Stay on the right side of the law guys!
| Filter | Command |
|---|---|
| Find log files with user credentials | allintext:username filetype:log |
| Search index pages of ftp servers | intitle:”index of” inurl:ftp |
| Search Database Passwords | db_password filetype:”env” |
| Backend website Data | intitle:”WAMPSERVER homepage” |
| Backend Data | intitle”Server Configuartion” |
| Backend Data | intitle:”Apache Version” |
| Company Vulnerability reports | intitle:”report”(“qualys” “acunetix” “nessus” “netsparker” “nmap”) filetype:pdf |
| Must contain chosen keyword | inurl:”keyword” |
| Search specific site | site:”http://site.com” |
| Search specific file extensions | filetype:”pdf” |
| Search unsecure webcams | intitle:webcam XP5 |
| Search webcams | intitle:”WEBCAM 7″ |
| keyword found anywhere in text | intext:”keyword” |
| keyword found in title | intitle:”keyword” |
| Search only English language content | altloc:”en-us” |
| External Links | link:”keyword” |
| Glob search (wildcards) | site:*.com |
| Include results | -site:imdb.com or +site:imdb.* |
| Exclude results | site:facebook.* -site:facebook.com/dontWannaKnow |
| Combine searches | site:facebook.com & site:twitter.com |
For a more extensive list of google dorks Goto Exploit-db/Google Dorks
If you get Banned
Google may ban you while using these, don’t panic they just think you are a bot. You can follow the directions they provide to remove the restriction immediately.
Conclusion
Google Dorks can be used for legitimate research and troubleshooting, such as finding specific documents or resources on the web. However, they can also be misused for malicious purposes, like identifying vulnerabilities in websites or searching for sensitive information that has been unintentionally exposed online. It’s important to use this knowledge responsibly and in compliance with Google’s terms of service and applicable laws and regulations.
Searching Google isn’t illegal but using found credentials, passwords etc. or accessing someone else’s network devices most definitely is illegal!
Happy Hacking Folks!
Ethical Hacking Guides
We have many guides to help you on your journey into the world of Ethical Hacking. If this is something you find interesting, please take a look here today: Ethical Hacking Guides.
Recommendation:
ALFA Network Wi-Fi Adapter: https://amzn.to/3QbZ6AE
This Wi-Fi adapter is essential if you are to learn Wi-Fi Hacking.
