Google Dorks: Learn to Enhance your OSINT Skills

Ethical Hacking-Google

What are Google Dorks?

“Google Dorks” is a term used to describe specific search queries that users can input into the Google search engine to find information that might not be easily accessible through conventional search queries. These queries are often used by security professionals, researchers, and hackers to discover vulnerabilities and sensitive information on websites and web servers. Google Dorks are extremely valuable for OSINT during Ethical Hacking.

Google Dorks typically involve the use of advanced search operators and keywords to narrow down search results to specific types of information. Some common examples of Google Dorks include:

  • Site-specific searches: You can use “site:” followed by a domain name to search for content within a specific website. For example, “site:example.com” will only return results from the website example.com.

  • Filetype searches: You can use “filetype:” followed by a file extension to search for specific types of files. For example, “filetype:pdf” will search for PDF files.

  • Inurl searches: You can use “inurl:” followed by a keyword to search for web pages with that keyword in the URL. For example, “inurl:admin” might help identify web pages related to website administration.

  • Intitle searches: You can use “intitle:” followed by a keyword to search for web pages with that keyword in the title. For example, “intitle:index of mp3” might help you find directories containing MP3 files.

  • Link: operator: You can use “link:” followed by a URL to find web pages that link to a specific webpage. This can be useful for discovering backlinks to a particular site.

  • Cache: operator: You can use “cache:” followed by a URL to view the cached version of a webpage stored by Google. This can be useful for accessing content that may have been removed or modified on the live website.

Useful Google Dorks

I have put together a list of some of the most useful search operators.

  • As an Ethical Hacker, you can use these search operators to find vital information about the company you have been hired to test the security of, this is known as a penetration test.
  • As a Black Hat Hacker, you can abuse these modifiers to find user accounts, passwords & much more.

Stay on the right side of the law guys!

Filter Command
Find log files with user credentials allintext:username filetype:log
Search index pages of ftp servers intitle:”index of” inurl:ftp
Search Database Passwords db_password filetype:”env”
Backend website Data intitle:”WAMPSERVER homepage”
Backend Data intitle”Server Configuartion”
Backend Data intitle:”Apache Version”
Company Vulnerability reports intitle:”report”(“qualys” “acunetix” “nessus” “netsparker” “nmap”) filetype:pdf
Must contain chosen keyword inurl:”keyword”
Search specific site site:”http://site.com”
Search specific file extensions filetype:”pdf”
Search unsecure webcams intitle:webcam XP5
Search webcams intitle:”WEBCAM 7″
keyword found anywhere in text intext:”keyword”
keyword found in title intitle:”keyword”
Search only English language content altloc:”en-us”
External Links link:”keyword”
Glob search (wildcards) site:*.com
Include results -site:imdb.com or +site:imdb.*
Exclude results site:facebook.* -site:facebook.com/dontWannaKnow
Combine searches site:facebook.com & site:twitter.com

For a more extensive list of google dorks Goto Exploit-db/Google Dorks

If you get Banned

Google may ban you while using these, don’t panic they just think you are a bot. You can follow the directions they provide to remove the restriction immediately.

Conclusion

Google Dorks can be used for legitimate research and troubleshooting, such as finding specific documents or resources on the web. However, they can also be misused for malicious purposes, like identifying vulnerabilities in websites or searching for sensitive information that has been unintentionally exposed online. It’s important to use this knowledge responsibly and in compliance with Google’s terms of service and applicable laws and regulations.

Searching Google isn’t illegal but using found credentials, passwords etc. or accessing someone else’s network devices most definitely is illegal!

Happy Hacking Folks!

Ethical Hacking Guides

We have many guides to help you on your journey into the world of Ethical Hacking. If this is something you find interesting, please take a look here today: Ethical Hacking Guides.

Recommendation:

ALFA Network Wi-Fi Adapter: https://amzn.to/3QbZ6AE

This Wi-Fi adapter is essential if you are to learn Wi-Fi Hacking.

Luke Barber

Hello, fellow tech enthusiasts! I'm Luke, a passionate learner and explorer in the vast realms of technology. Welcome to my digital space where I share the insights and adventures gained from my journey into the fascinating worlds of Arduino, Python, Linux, Ethical Hacking, and beyond. Armed with qualifications including CompTIA A+, Sec+, Cisco CCNA, Unix/Linux and Bash Shell Scripting, JavaScript Application Programming, Python Programming and Ethical Hacking, I thrive in the ever-evolving landscape of coding, computers, and networks. As a tech enthusiast, I'm on a mission to simplify the complexities of technology through my blogs, offering a glimpse into the marvels of Arduino, Python, Linux, and Ethical Hacking techniques. Whether you're a fellow coder or a curious mind, I invite you to join me on this journey of continuous learning and discovery.

Leave a Reply

Your email address will not be published. Required fields are marked *

Verified by MonsterInsights