google-hacking-google-dorking

Google Dorking | Use Google as a Hacking Tool

Posted on

What is Google Dorking?

Google Hacking is also known as Google Dorking is a hacker technique that uses Google search and other Google applications to gain access to sensitive information like usernames, passwords, and even credit card details that did not intend to make publically available by others. Because of the tremendous web crawling capabilities of Google, it can index almost anything within any website. So, hackers use a search string that uses advanced search queries called Google ‘Dork’ to find this sensitive information.

Google search operators

Google Dorking is performed by special search operators. So, before starting with google dorks you need to have basic understanding of a few of them

  1. intitle

This operator will show HTML pages with certain words.

Example: intitle:apple

  1. inurl

Find URLs contains certain words.

Inurl:apple

  1. filetype

Shows results with certain filetype

Example: username filetype:txt

  1. intext

Find pages containing certain words

Example: intext:car

  1. site

Limit the search results to a single site that we provide with the operator.

Example: site:menofletter.com

  1. cache

This will show you a cached version of a website.

Example: cache:menofletter.com

 

The basic formula of a dork as follows:

“search operator1:<value>search operator2:<value>”

Example: allintext:password filetype:xlsx after:2020

How Google Dorks helps in Ethical Hacking and Penetration Testing?

No one can hack websites using Google dorks. But If you are not properly configured your robot.txt file, then google will index all the information available on any website. A skillful hacker can gather information like vulnerable services, log files, database details, etc using the proper combination of Dorks.

Examples of Google Dorking

 

1. Explore log files using the following Dork

allintext:username filetype:log

This will show different log files available on the websites. Log files like access logs, error logs, etc. Hackers can gather sensitive information from these files and use them for various attacks against the target.

 

2. Find vulnerable web servers

inurl:/proc/self/cwd

The above dork will display hacked servers or servers with vulnerabilities.

 

3. Find open FTP servers

intitle:”index of” inurl:ftp

This dork shows open FTP servers which can reveal sensitive directories and information.

 

4. Email lists

filetype:xls inurl:”email.xls”

The above dork will fetch excel files that contain emails addresses

There are different kinds of dork combinations you can try and you can find different types of google dorks in the google hacking database in Exploit-db.com

menofletter

See author's posts

Leave a Reply

Your email address will not be published. Required fields are marked *