Google Dorks: An Easy Way of Hacking
A Google Dork query, sometimes just referred to as a dork, is a search string that uses advanced search operators to find information that is not readily available on a website.
In other words, we can use Google Dorks to find vulnerabilities, hidden information and access pages on certain websites. Because Google has a searching algorithm and indexes most websites, it can be useful to a hacker to find vulnerabilities on the target.The basic syntax for advanced operators in Google is:
For example, this operator_name:keyword syntax can be typed as 'filetype:xls intext:username' in the standard search box, which results in a list of Excel files which we contain the term 'Username'.
Simple Google Dorks Syntax
site - will return website on following domain
allintitle and intitle - contains title specified phrase on the page
inurl - restricts the results contained in the URLS of the specified phrase
filetype - search for specified filetype formatsSee the images below:
What Data Can We Find Using Google Dorks?
- Admin login pages
- Username and passwords
- Vulnerable entities
- Sensitive documents
- Govt/military data
- Email lists
- Bank account details and lots more
Create an Account To Enroll In Any Of These Courses:
Google Dorks can also be used for network mapping; we're able to find the subdomain of the target site using Simple Dorks.Information gathering and network mapping is useful in Ethical Hacking. See the image below:
Dorks:site:wipro.com -site:www.wipro.com -site:careers.wipro.com
Try wipro.com to scan and we find some of the subdomains using the master website. We see other login pages and other system administrators/webmasters are using the subdomains for login pages. Based on the results, it's not fully secured. That's why the site mapping in Google Dorks is good. How about a port scanning? Available ports for intrusion and open ports? Can Google Dorks find it? The answer is yes. See the image below:
We use port 8443 and it's open; we find some websites enable port 8443. The queries above search websites using port 8443.
Start a 7 Day Trial To Enroll In One Of These Career Paths:
In this article, we presented a few uses of Google Dorks for testing our own website. We found out if it was searchable on Google and leaking confidential information. Thanks and Greetings from a Philippine Security Researcher and Project-AG