Google Dorking Simple
Finding security flaws with only using Google search engine from the basics.
DISCLAIMER : The writer takes no responsibility if the knowledge below would be used for nefarious purposes.
Google hacking or Google dorking is simply a term for using Google search engine to look for website vulnerabilities that are created involuntarily. These vulnerabilities often crawled by search engines and open for public use. As a result, there will be unauthorized usage, leakage of sensitive information and numerous privacy issues. In conclusion, websites that are configured incorrectly will expose security flaws that are by default could be avoided.
Google dorking could be used not only for looking security flaws presented by public websites, it could be used for looking up other information in a more efficient way. This could be made possible by using search operators. With this searching ability, it’s much easier to look for a specific information.
Let’s take a look at operators that are available and commonly used :
It’s used for looking any words contained in the title page of websites. For example,
intitle:hack would give a result of websites containing the word of “hack” in its title page (inside
<title>...</title> HTML tag).
It’s used for looking any words that match within the URL of the site. For example,
google inurl:en.wikipedia.org would give a result of Wikipedia URLs containing word “google”.
It’s used for looking any words at a specific site, commonly used in conjunction with other operators. For example,
site:google.com would give a result of sites that has “google.com” in its domain.
It’s used for looking any words that are inside of a webpage. For example
intext: information would give a result of websites with words of “information” inside its webpage.
It’s used for looking any files with a specific extension type. For example
filetype: pdf would give a result of websites that store files with “.pdf” extensions.
These advanced operators are not the only one, there are others such as info, allintitle, allinurl, etc. However not all of them could be combined with other advanced operators. Details about how to use these operators are explained in this presentation slide, with the title of “Advanced Operators at a Glance”.
Special characters could also be used in conjunction with advanced operators. These special characters are :
- Plus sign (+), would force the result within an inclusion of words that are in common
- Minus sign (-), would exclude the result
- Quotes (‘’), would give a result of words around the containing quotes in an exact match.
- Asterisk (*), a wildcard operator, would give a result from one to any number of words.
- OR Boolean (|), would give a result of either words.
- AND, searches by default are combined with AND operator.
Try typing these search terms and see the results
research intitle:climate intext:analysis filetype:pdf. What does the first result of the research paper discuss ?
intitle:”climate” disasters inurl:blogspot.com. Does the first result contain words both “climate” and “disasters” ?
intext:info site:yahoo.com filetype:txt. Do you find any .txt file with a word “info” included ?
bing|googleWhich website comes first ? Does Bing any better than Google ?
memes intitle:index ofHave you found a nice collection of memes ?
Further readings :