DEV Community

Cover image for Dorking of Google
ODOT!
ODOT!

Posted on • Updated on

Dorking of Google

Greetings,

Today I wanted to discuss a great topic surrounding Google. Did you know that there is something called Google Dorking that is very popular within the cybersecurity community? Oh yes, Google 'Dorking' sounds crazy, but the community refers to it as ethical hacking.Results found from Google Dorking are found on publicly accessible documents, which Google has indexed. If sensitive info is found within these files, its a risk created by the site owner and is up to them to resolve issue. Let's say someone uploaded private info on a webserver or a open connection to a webcam? When using Google Dorking, you can find the vulnerability. It's used for ethical hacking in the step of recon so one can know more about the target. The passive recon that we are using is defined as such because we are searching for public info.

To use it, simply go to Google.com and use search operators to find information. Here are a list of the search operators in which can be used and it's all legal.

Google Dorking Operators

  • Site: Searches within a particular website
    site:starbucks.com

  • Filetype: Searches for specific file types
    site:starbucks.com filetype:pdf

  • Inurl: Finds URLs that include specific words
    inurl:admin'
    site:starbucks inurl:admin`

  • Intext: Searches for text within a webpage's content.
    site:starbucks intext:admin

  • Intitle: Looks for terms in a webpage's

    tag. site.starbucks.com intitle:login

Now it comes illegal when you take the info and you use it for another attack. Without permission, the use of this info to attack the target would be a 'black hat' hacking which is illegal. Be sure to keep it passive when doing your recon great people. Another great tool is Google Hacking Database.

Google Hacking Database (GHDB) is a filled with potential search strings in which can work. A compilation of search queries and query operators that help us in Google Dorking. It is arranged into categories such as Files containing passwords, vulnerable servers, footholds and error messages. Each category contains search queries and operators crafted to reveal specific info about a target. Keep in mind that all queries in the database may be outdated so verify the info obtain through the operators.

For more info, I will leave the resources below. Take a moment to use the operators reviewed as well as visit the GHDB. You will find many things on there, but I highly advise to NEVER use unethical practices. If you like me, I am trying to gain a role, not become an inmate.

Peace and Light

Resources:

FCC - Google Dorking

HackTheBox - Google Dorking

Google Hacking Database (GHDB)

Top comments (0)