Google Dorks: An Easy Way of Hacking

August 19, 2015 | Views: 65498

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Google Dorks: An Easy Way of Hacking

The Google Search Engine finds answer to our questions, which is helpful in our daily lives. You can search for your school assignments, reports, presentations and more.

Before I start the tutorial on using use Google Dorks in Penetration Testing and Ethical Hacking, I’m going to share a definition of Google Dork queries that I saw on techtarget.com:

A Google Dork query, sometimes just referred to as a dork, is a search string that uses advanced search operators to find information that is not readily available on a website.

In other words, we can use Google Dorks to find vulnerabilities, hidden information and access pages on certain websites. Because Google has a searching algorithm and indexes most websites, it can be useful to a hacker to find vulnerabilities on the target.

The basic syntax for advanced operators in Google is:

operator_name:keyword

For example, this operator_name:keyword syntax can be typed as ‘filetype:xls intext:username’ in the standard search box, which results in a list of Excel files which we contain the term ‘Username’.

 

Simple Google Dorks Syntax

site – will return website on following domain

allintitle and intitle – contains title specified phrase on the page

inurl – restricts the results contained in the URLS of the specified phrase

filetype – search for specified filetype formats

See the images below:

1

 

2

 

What Data Can We Find Using Google Dorks?

  • Admin login pages
  • Username and passwords
  • Vulnerable entities
  • Sensitive documents
  • Govt/military data
  • Email lists
  • Bank account details and lots more

Google Dorks can also be used for network mapping; we’re able to find the subdomain of the target site using Simple Dorks.

Information gathering and network mapping is useful in Ethical Hacking. See the image below:

Dorks:
site:wipro.com -site:www.wipro.com -site:careers.wipro.com

3

Try wipro.com to scan and we find some of the subdomains using the master website. We see other login pages and other system administrators/webmasters are using the subdomains for login pages. Based on the results, it’s not fully secured. That’s why the site mapping in Google Dorks is good.

 

How about a port scanning? Available ports for intrusion and open ports? Can Google Dorks find it?

The answer is yes. See the image below:

Dorks:
inurl:8443 -intext:8443

4

 

We use port 8443 and it’s open; we find some websites enable port 8443. The queries above search websites using port 8443.

 

Summary

In this article, we presented a few uses of Google Dorks for testing our own website. We found out if it was searchable on Google and leaking confidential information.

 

Thanks and Greetings from a Philippine Security Researcher and Project-AG

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
41 Comments
  1. can u please teach me how to get those dorks ??

Page 8 of 8« First...«45678
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel