A Hacker’s Guide to Google Dorks
Want to get more out of your Google Search Engine? Want to start on the path of vulnerability research? We would like to introduce you to the Google Dorks! No, we aren’t going to talk about Google employees.
Google dorks are search keywords used to gather sensitive information using Google advanced search by indexing and fetching links to specific files, directories, or servers.
A search engine, say Google, is very capable of finding information that a user requires in the snap of a finger. While their primary aim is to do just this, a search engine is capable of achieving much more, especially the Google Search Engine.
Table of Contents
Image Source – medium.com
From a hacker's perspective, search engines like Google are significant due to a very important resource; Open-Source Intelligence or OSINT. This usually refers to all freely available information on the internet pertaining to an individual, company, or even government.
Hackers usually use OSINT to reconnaissance of a target victim before performing the actual attack to find any vulnerabilities. While most of this information is useless, there always will exist that one single diamond in the pile of charcoal.
Google Dorking (or Dork) or Google Hacking is the way to find that one piece of diamond from the large pile of charcoal. Google Dorking simply is the process of using Google’s advanced search keywords to filter out results as required by the user.
You would use some extra keywords or operators in your search query to filter your results to your requirement in the simplest terms. It is mainly used to find vulnerabilities in various web services, applications, or even web servers by using the resources provided by Google.
As a simple example, consider the following; imagine looking for the latest news about the DarkSide APT group from BleepingComputer. A basic google search returns the following result.
The search doesn't even return a result remotely related to what we are looking for. This is where Google Dorks come into use. We can specify a particular site that needs to be indexed in order to generate our results, like in the following image.
Now, we get fewer results that are more focused on exactly what we want without any unnecessary links.
Image Source – pandasecurity.com
The part you are most interested in; hacking a website, and the simpler it is, the better. Well, before getting into the "hacking capabilities" of Google Dorks, allow me to hit you with a disclaimer.
Disclaimer: None of the information mentioned in the article should be used for any illegal activity, and this website doesn’t endorse any such activities. While it isn’t illegal to use and play around with Google Dorks, what you do with the information you gather is what determines the legality. Just remember, Google can watch all your searches and activity on the Google Search Engine.
Now that we've had the awkward conversation of legality let's get into the fun part of Google Dorks.
To answer the earlier question, yes, Google Dorks can be used for hacking. Google Dorks can be used to search for vulnerabilities in a web server that can then be exploited to gain access to a said web server.
In short, Google Dorks is one of the world's most powerful reconnaissance tools.
Many keywords can be used in the Google search bar that returns different specific results to the user. These were initially intended for use in advanced search and filtering results to the user's need. Some of the most popular keywords or commands used for Google Dorks are as listed below:
- site – To specify the domain or address of a particular website to be indexed
- intitle – Will search for a given keyword in the title of websites. For example, intitle:Malware Analysis will look for titles that have the keyword “malware”, but “analysis" can appear elsewhere on the page
- allintitle – Does the same as intitle, but the looks for the whole keyword in website titles. For example, allintitle:“Malware Analysis” will look for website titles that have “Malware Analysis” in them
- inurl – This command is used to match a specified keyword to the URL of a website. For example, inurl:admin will return a list of websites whose admin page is accessible
- allinurl – This does the same function as the inurl but can be used with multiple keywords instead of a single one
- filetype – Used to index files about a specific file type as specified in the command. For example, to find pdf files you can use Malware Analysis filetype: pdf
- intext – Useful to see webpages containing a specific keyword in their page content or text
- allintext – The same function as intext but for multiple keywords
- cache – Used to fetch the cached version of any given website, e.g., cache:facebook.com
- “” – The double quotes are used to search for the exact keyword in Google search
- + – The add operator is used to concatenate words as well as search multiple keywords at a time
- - – The minus operator is used to avoid specific keywords from the search
To get more tricks with Google Hacking Database (GHBD), so will be Google Dork also called, you might be interesting to... google ... for list of commands. No, of course not. I have prepared everything for you right here.
You can just look at the Github project called bugbountyDorks from the author, who is famous under shifa123 nickname.
It is not the most recent list, but it will give you some work… perhaps for few weeks.
- Freely Accessible Files
- Live IP Cameras
- SSH Private Keys
- Vulnerable Web Servers
- FTP Servers
- SQL Databases
Below are a few examples of Google Dorks that you can experiment with to learn more about various dork commands. However, do not use the following to bring harm of any sort to any third party or yourself.
Often, web servers will have files that can be accessed freely by anyone, anyone who can actually manage to find it. This file may at times be a simple pdf with some basic website information or at times be a .ini file that can store a lot of important information about web server systems.
A basic dork to recover pdf files from websites is as follows:
This will return links to all .ini files with the keyword 'password' in them, as shown in the figure below.
If you use a web camera, there is a chance that other people on the internet might be able to see you live without your knowledge. While most IP cameras are well protected these days, there are some out there that are still vulnerable.
A simple dork command to find such vulnerable IP cameras is:
Or you can find public webcams using the below:
There are certainly more ways to find such devices, but they are for me to know and you to find out.
SSH Private keys are decryption keys used for encrypted information exchanged in the network SSH protocol. These private keys will always be stored on the decryption systems due to security protocols implemented by the encryption standard.
Such private keys, if indexed by Google can be found with the following:
intitle:index.of id_rsa -id_rsa.pub
Web servers with exposed directories are generally considered vulnerable as these can be exploited to extract important data. Such directories can usually be found with Google using the following Dork:
Websites with this vulnerability can be exploited by simply appending /proc/self/cwd to its URL, which gives access to the 'Currently Working Directory' of the webserver.
FTP Servers are no exception to indexing by Google's web crawlers, and if unchecked, they can also be exploited. Once the FTP server is indexed, it can be fetched using Google Dorks, and lack of any security leads to it being attacked.
The Google Dork for finding such FTP servers is:
intitle:"index of" inurl:ftp
The most common source for free information is SQL data dumps from misconfigured databases or stored incorrectly on a server. Frequently, these data dumps become available to public access due to incorrect practices by the admin team.
The basic Google Dork to access and fetch these dumps is given below:
"index of" "database.sql.zip"
As explained previously, Google Dorking is entirely legal and is used by millions of users on the internet to find the required information. However, the use of the gathered information decides whether the entire process was legal or not.
Image Source – internetmatters.org
You can even Dork yourself to find vulnerabilities in your own web server or applications and fix these. Many companies worldwide do the same process to minimize the OSINT data given out by them to potential threat actors.
The minute the dorked information is used in malicious activity or even to aid one, the whole thing becomes illegal. Tracking down such activity will also be easy since Google keeps a watchful eye on any potentially harmful objects.
However, you can always play around with Google Dorks for research purposes or just to study the process as long as you don’t misuse any information found. A few safe practices are as listed below:
- Do not open any IP camera streams that may have private or illegal content
- Do not login to any profile even if the username and password are available
- Do not open any links that might belong to a government or affiliated agency
- Do not post any sensitive information found for the public to see
- Do not take advantage of any software vulnerabilities found to gain unauthorized access
Furthermore, it is also recommended to use the Tor browser along with a VPN while messing around with Google Dorks to avoid any potential problems. It is possible that you might get flagged by Google for using these Google Dorks, so it is also best to avoid logging into your Google account while Dorking.
For more information about safe practices on the internet, you can read our blog “Internet Safety for Teens, Kids, and Students”
With all the advantages, Google Dorking can be easily misused to bring harm to other individuals or organizations. Google Dorks is like a double-edged sword that can bring you benefits but also harm if misused.
In the above article, we looked at Google Dorks, some of the most popular keywords for Google Dorking, and their examples. Finally, we discussed safe practices to be adopted while using Google Dorks in real life.
If you have any queries or exciting stories about your experience with Google Dorks, please let us know by posting a comment below!