Google Dorks’ Guide

Google Dorks is a hacking technique that utilizes Google Search Engine and other Google applications to find security holes in the configuration and computer code that websites use. Since Google has a searching algorithm and indexes most websites, it can be useful for a hacker to find vulnerabilities, hidden information, and access pages on the target.

In today’s post, I’m going to show you how to utilize Google for your hacking experience.

The basic syntax for advanced operators in Google is:

operator_name: keyword

We can combine more than two operator names in the search field to get more specific results.

MOST COMMON USED OPERATOR NAMES

intext/allintext —  Google will only show results to those containing all the query terms that we specify in the text of the page. Intext is used for one word only, whereas allintext can be used for multiple words. allintext: ayam goreng is the same as intext:ayam intext:goreng

inurl/allinurl — Google will only show results to those containing all the query terms that we specify in the URL. allinurl:chicken wings is the same as inurl:chicken inurl:wings.

intitle/allintitle — Google will only show results to those containing all the query terms that we specify in the title. intitle:ayam bakar is the same as intitle:ayam intitle:bakar

Combining intitle(green), inurl(yellow), and intext(red) altogether.

You might be wondering how do you hack into a website using Google Dorks. There are so many ways: one of them is finding an admin page by typing inurl:admin.php. It will usually show you all the results of an admin login page. If you are lucky, you will find admin configuration page to create a new user.

Admin page that I’ve found using Google Dorks

You can find so many sensitive information with Google Dorks that the website application developer does not want you to see via the Internet. I have inserted Google Dorks Cheat Sheet at the end of the page that might be useful for us as an attacker.

site — Google will show the search results to the site or domain we specify. For example, If I insert windows security site:microsoft.com, it will show information about windows security in Microsoft’s site.

We can also combining all search operators +OR, and " " in the operator name to get more specific result. For instance, I added- infront of site operator to find windows security information from all sites except microsoft.com.

Index of /… — Google will show the index of a website. Index of / can be very fruitful for attackers since there might be important files (password, database, config file) saved inside the index folder.

For example, we can search password files that might be in the Index of some website by typing index of /password.  See Google Dorks’ Cheat Sheet at the end of the page for more syntax.

Index of  bonus1’s website containing passwords.

cache — the query cache:url will display Google’s cached version of a web page, instead of the current version of the page. This can be advantageous for the attacker since the cached version may contain information that normally would be unavailable to the casual user. There can also be important information left, such as external images or links to the text of the URL used to access the cached version of the page, in the page’s header which is initially not intended for public view.

Google’s cached version of Twitter.com by typing cache:twitter.com

filetype — Google will only show the results of a web page ending with the file type we specify. For example, If you want to find a file in .pdf format, you can type filetype:pdf

Searching for files about ‘Spaghetti Bolognese’ with .pdf format

Here is the Google Dorks’ Cheat Sheet that some attacker can find it useful. It can be used to find some confidential information related to database, password, login page, etc., that the application developer does not want you to see.

Google Dorks’ Cheat Sheet

There are still so many operators that we can use in Google Dorks. You can read more by clicking here. I really hope you find this post useful and can use Google more efficiently starts from now since it will saves much more time if you use all the syntax that I have covered today.

References

  • http://www.googleguide.com/advanced_operators_reference.html
  • Lecturer’s Material
  • https://www.cybrary.it/0p3n/google-dorks-easy-way-of-hacking/