Member-only story
Finding Vulnerable Info Using Google Dorks — Ethical Hacking
Google Dorking is a technique that hackers use to find information that may have been accidentally exposed to the internet.
What is Google Dorking?
Advanced use of Google Search Operator is called Google Dorking. In simple terms, it is using Google to run targeted search queries using specific keywords or commands. Basically narrowing down the search to find what we are looking for.
Google Dorking uses some of google’s inherent abilities to find things on the internet that we can find via specific search strings. These can be log files, error files, webcams opened to the internet, and even internal pages or admin that allow us to get into a device. In some cases, you can also find passwords in error logs. Sometimes even the administration config files are exposed to the internet due to the server being incorrectly set up.
Google Dorking is done by Google Search Operators. A few of them are :
- site:<keyword> — used to limit the search results to a particular site. For eg., to google for hacking-related blogs on my website https://gourav-dhar.com. I would write :
hacking site:gourav-dhar.com- inurl:<keyword> — used to specify which keyword should be present in the URL. For the above query if I want to add a filter saying the URL should contain the string
ethicalI can write it as
hacking site:gourav-dhar.com inurl:ethicalYou will get the following result :
- intext:<keyword> — This filter will check for the parameters being present in the meta-information of the website(i.e. the information you see on the title and description of a google search).
- intitle:<keyword> — Result will return only those pages having the
keywordin their HTML title - allintitle :<keyword>— searches for all the specified terms…
