The Google Search Engine finds answers to our questions, which is helpful in our daily lives. You can search for your school assignments, reports, presentations, and more. Before I start the tutorial on using use Google Dorks in Penetration Testing and Ethical Hacking, I'm going to share a definition of Google Dork queries that I saw on techtarget.com:
A Google Dork query, sometimes just referred to as a dork, is a search string that uses advanced search operators to find information that is not readily available on a website.
In other words, we can use Google Dorks to find vulnerable websites, servers and discover hidden information buried deep in online databases. Since Google has a searching algorithm and indexes most websites, it can be useful to a hacker to find vulnerabilities on a target. The basic syntax for advanced operators in Google is:
operator_name:keyword
For example, this operator_name:keyword syntax can be typed as filetype:xls intext:username in the standard search box, which results in a list of Excel files, which contain the term 'Username.'
Simple Google Dorks Syntax (see Figure 1)
site - will search a specific website only. Example: COVID19 site: who.int (This search for the term COVID19 within the World Health Organization website only.
allintitle and intitle - the title of the page contains the specified search term.
inurl - restricts the results to those where the specified search keyword contained in the URLs.
filetype - search for a specified file type. Example: filetype:PDF (this return only file types PDF contain the search keyword/s.
What Data Can We Find Using Google Dorks?
- Admin login pages
- Usernames and passwords
- Vulnerable entities
- Sensitive documents
- Government/military data
- Email lists
- Bank account details and more
Find Sub-domain Names
Google Dorks can also be used for network mapping. We're able to find a target site's subdomain using a simple Dork (see Figure 2).
Try cybrary.it to scan, and we find some of the subdomains using the master website.
Explore Live Cameras
Using Google dorks, we can find exposed internet cameras that are not restricted by IP address. There are many Google Dorks to find internet cameras. Here are two examples:
intitle:"IP CAMERA Viewer" intext:"setting | Client setting" (see Figure 4) intitle:NetworkCamera intext:"Pan / Tilt" inurl:ViewerFrame (see Figure 5)
Additional Google Dorks Examples
- To search within social media sites, use the symbol @ followed by a social media name; then enter a colon in your search query. For example, enter @facebook:keyword to search for the term keyword within Facebook.
- To search for hashtags, put a # sign before your search term. For example, enter #USAelection.
- To search for the unknown words, use the asterisk (*) to substitute it with one or more words. For example, enter data hiding in *.
- Use the keyword map: followed by location name, and Google will show you map-based results. For example, enter map:New York.
- You can even check flight information using Google. Type your airline company name and the flight number in the Google search box, and it will show you flight status information (see Figure 6).
Summary
Google is the most reputable and powerful search engine in the world. Google indexes billions of web pages, making them accessible to the public, who easily use its simple search interface.
In this article, we have shown the potential of Google Dorks (also known as Google hacking) for finding sensitive content online that we cannot find when using Google's simple search interface. Google Dorks can be used to restrict or narrow- our search to return only relevant results. Additionally, they can discover leaked information, vulnerable services in websites, and online applications. Keep in mind that malicious actors can use Google Dorks to find sensitive information about any entity (e.g., individual or organization) to help them in executing their attacks.