Google Dorks: An Easy Way of Hacking
A Google Dork query, sometimes just referred to as a dork, is a search string that uses advanced search operators to find information that is not readily available on a website.
In other words, we can use Google Dorks to find vulnerabilities, hidden information and access pages on certain websites. Because Google has a searching algorithm and indexes most websites, it can be useful to a hacker to find vulnerabilities on the target.The basic syntax for advanced operators in Google is:
For example, this operator_name:keyword syntax can be typed as 'filetype:xls intext:username' in the standard search box, which results in a list of Excel files which we contain the term 'Username'.
Simple Google Dorks Syntax
site - will return website on following domain
allintitle and intitle - contains title specified phrase on the page
inurl - restricts the results contained in the URLS of the specified phrase
filetype - search for specified filetype formatsSee the images below:
What Data Can We Find Using Google Dorks?
- Admin login pages
- Username and passwords
- Vulnerable entities
- Sensitive documents
- Govt/military data
- Email lists
- Bank account details and lots more
Create an Account To Enroll In Any Of These Courses:
Google Dorks can also be used for network mapping; we're able to find the subdomain of the target site using Simple Dorks.Information gathering and network mapping is useful in Ethical Hacking. See the image below:
Dorks:site:wipro.com -site:www.wipro.com -site:careers.wipro.com
Try wipro.com to scan and we find some of the subdomains using the master website. We see other login pages and other system administrators/webmasters are using the subdomains for login pages. Based on the results, it's not fully secured. That's why the site mapping in Google Dorks is good. How about a port scanning? Available ports for intrusion and open ports? Can Google Dorks find it? The answer is yes. See the image below:
We use port 8443 and it's open; we find some websites enable port 8443. The queries above search websites using port 8443.
Start a 7 Day Trial To Enroll In One Of These Career Paths:
In this article, we presented a few uses of Google Dorks for testing our own website. We found out if it was searchable on Google and leaking confidential information. Thanks and Greetings from a Philippine Security Researcher and Project-AG
Do you like to write about your infosec knowledge, skills, opinions, or exploits?
Publish your original research, tutorials, articles, or other written content on Cybray's blog to be seen by thousands of infosec readers daily!