Google Dorking Simple

Finding security flaws with only using Google search engine from the basics.

3 min readApr 3, 2022

DISCLAIMER : The writer takes no responsibility if the knowledge below would be used for nefarious purposes.

Google hacking or Google dorking is simply a term for using Google search engine to look for website vulnerabilities that are created involuntarily. These vulnerabilities often crawled by search engines and open for public use. As a result, there will be unauthorized usage, leakage of sensitive information and numerous privacy issues. In conclusion, websites that are configured incorrectly will expose security flaws that are by default could be avoided.

Google dorking could be used not only for looking security flaws presented by public websites, it could be used for looking up other information in a more efficient way. This could be made possible by using search operators. With this searching ability, it’s much easier to look for a specific information.

Let’s take a look at operators that are available and commonly used :

intitle

It’s used for looking any words contained in the title page of websites. For example, intitle:hack would give a result of websites containing the word of “hack” in its title page (inside <title>...</title> HTML tag).

inurl

It’s used for looking any words that match within the URL of the site. For example, google inurl:en.wikipedia.org would give a result of Wikipedia URLs containing word “google”.

site

It’s used for looking any words at a specific site, commonly used in conjunction with other operators. For example, site:google.com would give a result of sites that has “google.com” in its domain.

intext

It’s used for looking any words that are inside of a webpage. For example intext: information would give a result of websites with words of “information” inside its webpage.

filetype

It’s used for looking any files with a specific extension type. For example filetype: pdf would give a result of websites that store files with “.pdf” extensions.

These advanced operators are not the only one, there are others such as info, allintitle, allinurl, etc. However not all of them could be combined with other advanced operators. Details about how to use these operators are explained in this presentation slide, with the title of “Advanced Operators at a Glance”.

Special characters could also be used in conjunction with advanced operators. These special characters are :

Plus sign (+), would force the result within an inclusion of words that are in common
Minus sign (-), would exclude the result
Quotes (‘’), would give a result of words around the containing quotes in an exact match.
Asterisk (*), a wildcard operator, would give a result from one to any number of words.
OR Boolean (|), would give a result of either words.
AND, searches by default are combined with AND operator.

Exercise

Try typing these search terms and see the results

research intitle:climate intext:analysis filetype:pdf. What does the first result of the research paper discuss ?
intitle:”climate” disasters inurl:blogspot.com. Does the first result contain words both “climate” and “disasters” ?
intext:info site:yahoo.com filetype:txt . Do you find any .txt file with a word “info” included ?
bing|google Which website comes first ? Does Bing any better than Google ?
memes intitle:index of Have you found a nice collection of memes ?