Google Dorks

Google Dorks an Easy Way of Hacking - 10 min read

Google Dorks

Google Dorks A frequently asked question to me, “Where should I start learning how to hack ?”. And every time, the first thing I want to answer is: “Why don’t you start by using Google ?”. Personally, Google is one of my best friends in Hacking, and I’m sure Google will be yours too after reading this article.

All you need to carry out to move further with “Google Dork”, is a computer, an internet connection, and knowledge of the appropriate search syntax. A number of examples are given down below and if you need more, you can visit Github, a large number (10.000) of Google Dork can be found here.


How it all started..

The concept of “Google Hacking” dates back to 2002 when Johnny Long began to collect interesting Google search queries that uncovered vulnerable systems and sensitive information, labeling them Google Dorks.


“In the years I’ve spent as a professional hacker, I’ve learned that the simplest approach is usually the best. As hackers, we tend to get down into the weeds, focusing on technology, not realizing there may be non-technical methods at our disposal that work as well or better than their high-tech counterparts. I always kept an eye out for the simplest solution to advanced challenges ~ Johnny Long 2011.


What data can we find using google dorks?

  • Username and passwords
  • Admin login pages
  • Sensitive documents
  • Govt/military data
  • Email lists
  • Bank account details
  • Vulnerable websites
  • So much more …

A Google Dork is a search that uses one or more of these advanced techniques to reveal something interesting. Something important to keep in mind, the web can be crawled by anyone. Google automatically indexes a website, and unless sensitive information is explicitly blocked from indexing (nofollow, robots.txt), all of the content can be searched via Dorks or advanced search operators.

Most of the time, users might post the link, not realizing what they’ve shared. This information will be exposed to the “referrer” header. Consider a web page: “wp-content/uploads/private””, if the browser needs to make a request to another domain to render this web page (for instance, to download an image), a header will be included: “Referer: http://yourdomain.com/wp-content/uploads/private“.


How to use Google dorks

cache: Google will highlight words within the cached document. For instance, [cache:www.google.com] web will show the cached content with the word “web” highlighted. This functionality is also accessible by clicking on the “Cached” link on Google’s main results page. The query [cache:] will show the version of the web page that Google has in its cache.

link

The query [link:] will list web pages that have links to the specified web page. For instance, [link:www.google.com] will list web pages that have links pointing to the Google homepage. Note there can be no space between the “link:” and the web page URL.

related

The query [related:] will list web pages that are “similar” to a specified web page. For instance, [related:www.google.com] will list web pages that are similar to the Google homepage. Note there can be no space between the “related:” and the web page URL.

info

The query [info:] will present some information that Google has about that web page. For instance, [info:www.google.com] will show information about the Google homepage.

define

The query [define:] will provide a definition of the words you enter after it, gathered from various online sources. The definition will be for the entire phrase entered (i.e., it will include all the words in the exact order you typed them).

stocks

If you begin a query with the [stocks:] operator, Google will treat the rest of the query terms as stock ticker symbols and will link to a page showing stock information for those symbols. For instance, [stocks:intc yhoo] will show information about Intel and Yahoo. (Note you must type the ticker symbols, not the company name.)

site

If you include [site:] in your query, Google will restrict the results to those websites in the given domain. For instance, [help site:www.google.com] will find pages about help within www.google.com. [help site:com] will find pages about help within “.com” URL.

allintitle

If you start a query with [allintitle:], Google will restrict the results to those with all of the query words in the title. For instance, [allintitle:google search] will return only documents that have both “google” and “search” in the title.

intitle

If you include [intitle:] in your query, Google will restrict the results to documents containing that word in the title. For instance, [intitle:google search] will return documents that mention the word “google” in their title, and mention the word “search” anywhere in the document (title or no).

inurl

If you include [inurl:] in your query, Google will restrict the results to documents containing that word in the URL. For instance, [inurl:google search] will return documents that mention the word “google” in their URL, and mention the word “search” anywhere in the document (url or no). Note there can be no space between the “inurl:” and the following word. Putting “inurl:” in front of every word in your query is equivalent to putting “allinurl:” at the front of your query: [inurl:google inurl:search] is the same as [allinurl:google search].


Some small examples of Google Dorks

  • intitle:the title you are looking
  • inurl:the website URL you are targeting

As per the examples mentioned above, you can use the same way Google Dork as follows:

  • site:
  • phonebook:
  • maps:
  • book:
  • info:
  • movie:
  • weather:
  • link:

Google dorks lists

I have stored on GitHub a complete list of up to 10.000 different Dorks. If you want to clone this Dork to your machine you can do it using the below commands.

# Once cloned you can use `nano`, `vim`, `cat` or
# Any another text editor to view and edit it
git clone https://github.com/BullsEye0/google_dork_list.git
cd google_dork_list
cat google_Dorks.txt

Google Dorks 10.000

Some examples of dangerous, useful and funny Dorks


Finding PDF Files with Google Dorks

inurl:(htm|html|php) intitle:"index of" + "last modified" +"parent directory" +description +size +(pdf) "hacking"
inurl:(htm|html|php) intitle:"index of" + "last modified" +"parent directory" +description +size +(pdf) "python"


"whoops! there was an error." "db_password"

Personally I highly recommended you to never put your .env files in the web-server directory. As you can see, this can cause serious damage.


db_password filetype:env


db_password ===

With this Dork search, you can find website information as per the below screenshot. It’s something very common to find passwords, website credentials details and even login of payment systems such as PayPal.



Budgets on the US Security website


budget filetype:xls
budget filetype:xlsx OR budget filetype:csv
site:nasa.gov filetype:pdf
budget site:dhs.gov filetype:xls


Finding Directory:

Finding directories can be something very interesting when auditing, since in them you can find files with sensitive information. Through Google Dork, you can find a directory indexed in google that otherwise would go unnoticed.

intitle:index of "parent directory"

intitle:index of name size

intitle:index.of.admin

inttitle:index.of inurl:admin

filetype:log inurl:ws_ftp log

intitle:index.of "server at"

intitle:index.of "Apache/1.3.27 Server at"

Vulnerability SQL injection:

Once you search the website using the above dorks, now its time to check whether the website is vulnerable to SQL injection or not, we simply put in a quote ” ; ” at the end of the URL address. So our site URL will look like this, http://www.site.com/index.php?id=123;


Protect your privacy

In August 2014, the United States Department of Homeland Security (DHS), the FBI and the National Counterterrorism Center issued a bulletin warning agency to guard against the potential for Google Dork on their sites.

If you’re using Google Dork in a country with heavy internet surveillance, it’s possible that your searches could be recorded and used against you in the future. As a protection, we recommend using the Tor Browser or any Anon Surf when you’re using Google Dork. Tor masks your internet traffic and block webpages accessing information about your machine. This article explains to you how to hide your IP while browsing the web using TorPhantom.


Google is blocking me

If you start getting HTTP 503 errors, Google has rightfully detected you as a bot and will block your IP for a set period of time. The solution is to use proxychains.

Install Proxychains4 on Debian and derivated distributions

sudo apt install proxychains4 -y

Output



Edit the /etc/proxychains4.conf configuration file to round robin the look ups through different proxy servers. In the example below, 2 dynamic socks proxies have been set up with different local listening ports (9050 and 9051).

vim /etc/proxychains4.conf
Or
nano /etc/proxychains4.conf


IMPORTANT THINGS TO REMEMBER

  • This article was written for educational purposes and pentest only.
  • The author can not be held responsible for damages caused by the use of these resources.
  • You will not misuse the information to gain unauthorized access.
  • This information shall only be used to expand knowledge and not for causing malicious or damaging attacks.
  • Just remember, Performing any hacks without written permission is illegal ..!

Read also the Disclaimer


Finally

If you have any questions about this article, any feedback, suggestions if you want to share your thoughts, please feel free to do it using the below comment form.


Written by

23   Posts

My name is Jolanda de Koff and on the internet, I'm also known as Bulls Eye. Ethical Hacker, Penetration tester, Researcher, Programmer, Self Learner and forever n00b. Not necessarily in that order. Like to make my own hacking tools and I sometimes share them with you. "You can create art & beauty with a computer and Hacking is not a hobby but a way of life ..." I ♥ open source"
View All Posts

11 thoughts on “Google Dorks an Easy Way of Hacking

  1. Great to find this page so easy to understand and thoroughly explained. Good to see that hackers can also be good with good values and morals. I hope what ur doing spreads to more people that use this for good instead of with malicious intent. Thank u

  2. 786.pdf <–It all started here for me, I have been lost for quite some time now – due to illness. But I'm crawling my way back and start all over again. I hope I can cope with all the new stuff out there. Them Dorks are quite usefull at times. Thank you for sharing.

    Best regards,

    _RED_

Leave a Reply

Your email address will not be published. Required fields are marked *

Do NOT follow this link or you will be banned from the site!