Google Dorking

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 16

Google Dorking

What Is Google Dorking?

Google Dorking or Google hacking refers to using some custom search


techniques to hack into vulnerable sites or search for information that is not
available in public search results
Google hacking, can return information that is difficult to locate through
simple searching techniques
This includes information that is not intended for public viewing, but that is
inadequately protected and can, therefore the information can be hacked by
a hacker
At the surface level, Google dorking involves using specific modifiers to search
data. For example, instead of searching the entire Web, users can click on tags
like "image" or "site" to collect images or find information about a specific site.
Users can utilize other commands like "filetype" and "datarange" to get other
specific search results.
How it works?
Google dorking is a passive attack or hacking method involving the use of a
custom technques. Using this techniques the hacker can identify websites with
security vulnerabilities and/or sensitive information that attacker can use for
some malicious purpose.

Around since 2002, dorking usually involves using a search engine as a hacking
tool. Google's tremendous web crawling capabilities facilitate dorking. With a
Google dork, attackers can access a lot of information they wouldn't be able to
get with simple queries. This information includes the following:

 usernames and passwords

 email address lists

 sensitive documents
 personally identifiable information

 personally identifiable financial information

 website vulnerabilities
This information is used for many types of illegal activities,
including cybercrime, cyberterrorism, industrial espionage, identity
theft and cyberstalking. Hackers may also sell this data to other criminals on
the dark web for large sums of money
Be aware that Google also knows who we are when we perform such kind of
operations. So, it's advised to use it only with good intentions, whether for
your own research or while looking for ways to defend your website against
this kind of vulnerability.
Intrusion prevention measures proposed was to conduct Google dorking
expeditions using likely attack parameters to discover what type of information
an intruder could access

If we are performing any techniques in Google for hacking we should consider


above nine network security features
Google Dorking Commands
A hacker that gets access to internal documents on a website can potentially
also get additional sensitive information. For example, document
metadata often contains more information than the author may be aware of,
such as name, revision history, deletions, dates, etc
A cache is a metadata that speeds up the page search process.
Google stores some data in its cache, such as current and previous versions of
the websites. This cache holds much useful information that the developers
can use. Some developers use cache to store information for their testing
purpose that can be changed with new changes to the website.
An intruder knowledgeable about Google dorking and armed with hacking
tools can access sensitive information from cache fairly and easily
It's a good practice to remove all metadata from documents before publishing
them on a website. Document sanitization can also ensure that only authorized
users can access the intended information.
The following are some google dorking commands

OPERATOR FUNCTION EXAMPLE

cache: Returns the cached version cache:facebook.com


of a website

Returns a list of all


site: indexed URLs from a site:facebook.com
website or domain

ext: To search for a specific type site:https://www.ford.com/


of document ext:pdf
filetype: Returns various kinds of filetype:sql intext:wp_users
files, depending on the file phpmyadmin
extension provided

inurl: Searches for a specific term inurl:register.php


in the URL

allinurl: Returns results whose URL allinurl:clientarea


contains all the specified
characters

intext: Locates webpages that intext:"Google Dork Query"


contain certain characters
or strings inside their text

allintext: To search for multiple allintext:”Google Dork Query”


keywords. All the keywords “hacking”
will be separated using a
single space between them

intittle: To filter out the documents intitle:”ip camera”


based on HTML page titles

allintittle multiple keywords are used allintittle:”ipcamera” “dvr”


with this query to get more
specific result
inposttitle: To search for a certain term inposttitle:Hacking tips
within the blog. It is useful
for blog search

allintittle: If we run a blog, and want allintittle:how to write content


to research for other blogs for google dorking
that are similar and high-
quality blogs.This command
is helpful

inanchor: Searches for an exact inanchor:”cyber attacks”


anchor text used on any
links

allinanchor: Research on pages that Allinanchor:”what are recent


have all the terms after the top cyber attacks”
“inanchor” in the anchor
text that links back to the
page

Around It provides you the results Vulnerability scanning


with two or more terms AROUND(5) tools
appearing on the page. 

@ Search only on the specified Cybersecurity @facebook


social media platform

““ To search for the exact “Cyber attacks”


phrase. The search engine
results will eliminate
unnecessary pages
Related: Search for specific data “Related:facebook.com”
from more than one
website with similar
content

Info: To find the information “Info:facebook.com”


related to a specific domain
name.

Weather To fetch Weather Wing intittle:”Weather Wing WS-2”


device transmissions

| Shows all sites that contain hacking | Google dork


either or both specified
words in the query

+ Concatenates words to hacking + Google dork


detect pages using more
than one specific key

- Used to avoid displaying hacking – dork


results containing certain
words

* To search pages that how to * a website


contain "anything" before
your word
Practical Google Dork examples

Cache Command:
cache:facebook.com

output:

Site Command:
site:facebook.com

output:
Ext Command:
site:https://www.ford.com/ ext:pdf
output:

Filetype Command :
filetype:sql intext:wp_users phpmyadmin
Output:
Inurl Command:

inurl:register.php

Output:

Intitle Command:
intitle:admin

Output:

“ ” Command:
“Cyber Security”

Output:

Allintext Command:
allintext:”username” “password”

output:
Allintitle command:
allintitle:”ip camera” “dvr”

Output:

Inpostitle Command:
inposttitle:weight loss goals
Output:

Allinanchor Command:
allinanchor:"how to scan vulnerabilities"

Output:

Inanchor Cmmand:
inanchor:"vulnerability scanning”
output:

AROUND Command:
vulnerbility scanning AROUND(2) tools

Output:

@ Command:
cybersecurity @facebook

Output:
Related Command:
“Related:facebook.com”

Output:

Info Command:
"Info:facebook.com"

Output:
Weather Command:
Intitle:"Weather Wing WS-2"

Output:
References:

https://www.cybrary.it/blog/0p3n/advanced-google-dorking-commands/

https://www.simplilearn.com/tutorials/cyber-security-tutorial/google-dorking

https://www.techtarget.com/whatis/definition/Google-dork-query

https://www.techopedia.com/definition/30938/google-dorking

https://hackr.io/blog/google-dorks-cheat-sheet

You might also like