Google Dorks, also known as Google hacking, is a technique that uses advanced search operators to find specific information on the internet. This method can reveal data that isn’t typically visible through standard search queries. While it can be an invaluable tool for researchers and cybersecurity professionals, it also carries significant risks if misused.
What are Google Dorks?
Google Dorks utilize advanced search operators to narrow down search results and find precise information. These operators allow users to filter search results in ways that standard queries cannot, revealing data that is often hidden or overlooked. Common operators include:
- site: Limits the search to a specific domain
- filetype: Searches for the specific filetype (PDF, DOCX, XSLX, etc.)
- intitle: Searches for pages with (a) specific word(s) in the title of the page
- inurl: Searches for specific words in a URL
Practical application & Examples
You could use Google Dorks for several reasons. One might be (security) audits, but it could also be OSINT (Open Source Intelligence) or reconnaissance for an upcoming red teaming exercise. If you know what you’re looking for, but can’t find it in the normal Google search results, using Google Dorks might be a good way to get the information you’re after.
Let’s take a look at a few examples:
- A search like “inurl:admin login site:domain.com” might reveal admin login pages that are not showing in the regular search results
- A query including like “
intitle:"index of" "private"“ can expose open directories or pages that are not supposed to be seen in the regular search results - A query including “Signed Contract filetype:PDF” can expose signed contract from companies that you wouldn’t find in the regular search results
Overview of operators
Basic operators:
| Example | Explanation |
|---|---|
| “site: domain.com” | Restrict results to pages and files on domain.com |
| “intitle: admin” | Finds pages with “admin” in the title |
| “inurl: contract” | Finds URL’s containing “admin” |
| “filetype: PDF” | Finds PDF files |
| “ext: docx” | Finds files with the specific extension “.docx” |
Advanced operators:
| Example | Explanation |
|---|---|
| “link: domain.com” | Finds pages that link to “domain.com” |
| “cache: domain.com” | Finds a cached version of “domain.com” |
| “related: domain.com” | Finds pages similar to “domain.com” |
| “allintitle: admin login” | Finds pages that have both the words admin and login in the title |
| “allinurl: loginpage” | Finds pages that have both the words admin and login in the URL |
| intext:”admin” | Finds pages that have “admin” in the contents of the page |
Improving the results by combining operators
You can improve the results in Google by combining multiple operators in a single search. For example, if you know the domain of your target, use the “site” operator to limit the results for that specific URL only. Are you looking for a PDF on that domain, add the “filetype” operator. Do you want to narrow it down even further, add a “regular” search to the query to look for NDA’s for example.
| Example | Explanation |
|---|---|
| “Login Portal” | Searches for the exact phrase “login portal” |
| “site:domain.com -site:sub.domain.com” | Restricts results to “domain.com” and excludes “sub.domain.com” |
| “login or admin” | Searches for pages that include either “login” or “admin”. |
| “admin * portal” | Uses wildcard “*” to substitute any word in the phrase. |
| intext:”admin” filetype:txt | Finds text files that contain the word “admin” |
There’s also the pages and directories that are not indexed by Google due to the implementation of a robots.txt. So if your Google Dorks don’t give you the results you expected, it might be worth checking this out to see if the pages or directories aren’t indexed.
Sans created a PDF with more operators called “Google Hacking and Defense Cheat Sheet“, that you can use as reference as well.
Conclusion
Google Dorks are a powerful tool for uncovering information that is often hidden or overlooked by standard search queries. They can be incredibly useful for cybersecurity audits, research and reconnaissance. By understanding how to use Google Dorks effectively and taking steps to protect your own websites from potential exposure, you can leverage this advanced search method for constructive and legitimate purposes.
Disclaimer
This post is for informational purposes only, and we are not liable for any loss or damage resulting from its use.
Also: don’t be a skiddie, or an a-hole, and stay vigilant!
No responses yet