Google is a useful hacking tool. Today we are going to dig into Google hacking techniques, also known as Google Dorking or Google hacking.
Caution : Safety First!
Accessing certain web pages or downloading files from them can be a prosecutable offense. Use Tor or VPN services when dorking online.
The following content is for educational purposes only!
What is Google Dork ?
Applying specialised search methods and advanced search engine parameters to locate confidential information is typically termed as Google Dorking.
As search engines crawl their way through web applications with the intent of indexing their content they stumble upon sensitive information. These information will be very useful in hacking.
It’s not only in Google, but also available in all major search engines.
Google hacking Database (GHDB) is a categorized index of dorks designed to uncover interesting, and usually sensitive, information made publicly available on the Internet.
Some examples
list vulnerable webcams openly available in internet
intitle:"EvoCam" inurl:"webcam.html"
intitle:"Live View / - AXIS"
intitle:"LiveView / - AXIS"
inurl:LvAppl intitle:liveapplet
inurl:axis-cgi/jpg
intitle:liveapplet
inurl:lvappl
inurl:view/view.shtml
Hacking Wifi Routers
inurl:"cgi-bin" "No password set!" "There is no password set on this router."
intitle:"router" inurl:"home.asp"
Hacking Personal Documents
filetype:php inurl:list/admin/ intitle:"payment methods"
intitle:index.of finances.xls
Find Passwords
password filetype:doc site:Your Site
password filetype:docx site:Your Site
password filetype:pdf site:Your site
password filetype:xls site:Your site
What data we can find using google dork ?
- Username and passwords
- Admin Login Pages
- Sensitive Documents
- Email Lists
- Gov/Military Data
- Bank details
- Vulnerable websites
And much more…
Dorking operators
Dork | Description |
---|---|
cache:[url] | Show the cached snapshot of a page |
related:[url] | List pages which Google consider to be related to another |
info:[url] | Find info of URL in the search database |
site:[url] | Restrict a search to a single site |
intitle:[text] or allintitle:[text] | Restrict a search so that all the keywords must appear in the title. You must include a space between the colon and the query for the operator to work in Bing. |
inurl:[text] or allinurl:[text] | Restrict a search so that all of the keywords must appear in the URL |
meta:[text] | Finds pages that contain the specific keyword in the meta tags. |
filetype:[file extension] | Searches for specific file types. |
intext:[text], allintext:[text], inbody:[text] | Searches text of page. For Bing and Yahoo the query is inbody:[text]. For DuckDuckGo the query is intext:[text]. For Google either intext:[text] or allintext:[text] can be used. |
inanchor:[text] | Search link anchor text |
location:[iso code] or loc:[iso code], region:[region code] | Search for specific region. For Bing use location:[iso code] or loc:[iso code] and for DuckDuckGo use region:[region code]. |
contains:[text] | Identifies sites that contain links to filetypes specified (i.e. contains:pdf) |
altloc:[iso code] | Searches for location in addition to one specified by language of site (i.e. pt-us or en-us) |
domain:[url] | Wider than the site: operator, locates any subdomain containing the “suffix” of the main website’s url |
feed:[feed type, i.e. rss] | Find RSS feed related to search term |
hasfeed:[url] | Finds webpages that contain both the term or terms for which you are querying and one or more RSS or Atom feeds. |
imagesize:[digit, i.e. 600] | Constrains the size of returned images. |
ip:[ip address] | Find sites hosted by a specific ip address |
keyword:[text] | Metaoperator;Takes a simple list as a parameter. All the elements in the list are searched as and/or pairs together. |
language:[language code] | Returns websites that match the search term in a specified language |
book:[title] | Searches for book titles related to keywords |
maps:[location] | Searches for maps related to keywords |
linkfromdomain:[url] | Shows websites that link to the specified url (with errors) |
phonebook:[name] | look up phone numbers associated with the given name |
define:[text] | Show Google’s glossary definition for a term |
weather:[place] | Dork to find information about the weather. |
Useful Resources :
https://ww.exploit-db.com
http://www.google-dorking.com
Wrapping up
Google dorking is a great tool for information gathering in penetration testing. As search engine crawls through web directories they uncover interesting, and usually sensitive, information helpful for exploitation due to bad configurations of server.
Knowledge is power especially when it’s shared. I hope you will make correction if i was wrong, because it is from mistakes that we learn 😊