Google Dorks (Hacking Using Google)

2001586155sefira/ April 18, 2018/ Uncategorized

The Google search engine can also be used to search information that was left behind by the sys-admin or the web developer, and the information should not be used for public consumption. Google hacking is considered as a passive attack method to gather information, and it can be used to return username and password, email lists, private and sensitive documents, and the website vulnerabilities. To search for the information, you need a certain keywords so that google can show the private information.

Operators

Google Dorks also have operators, just like mathematics, that we need to understand before hacking using the Google search engine.

Some of the popular operators used for Google Hacking:

  • inurl: ” ” -> Used to find a specified term in the url.
    • Example: Using inurl: “google hacking”, Google will only show the term “google hacking” on their results page.

The image above shows that when we use inurl: “google hacking”, the results page will only show the sites that has “google hacking” as the title.

  • allinurl: ” ” -> Similar to inurl, but show the results for the URL that meet the all the keyword.
  • intitle: ” ” -> Using this operator, Google will only show the results that have the specified term in their website title.
    • Example: When using intitle: “login page”, Google will only show the sites that have the word “login page” in the website’s title text.
  • allintitle: ” ” -> Similar to intitle, but using this operator, Google will show all the specified keywords in the title.
  • site: www.domain.com -> To limit the result to only a specific sites only
  • Related: www.domain.com -> To find similar sites to the term of the domain
  • filetype: -> To find a specific file type (Ex: .pdf, .mp4, .php)
  • ext: -> Similar to filetype, but only shows the results that is based on the searched file extension.

Google Dorks Formula

The basic formula of using Google Dorks:

“inurl:.”domain”/”dorks” “

  • “inurl”: The input URL to find a specified term
  • “.domain” : The domain you want to find. Example: .edu, .co.id,
  • “dorks” : Your choice dork

Other than “inurl”, you can use other terms that don’t require you to only find URL, such as:

  • “intitle”
  • “intext”
  • “define”
  • “site”
  • “info”
  • “link”
  • “book”

Examples:

Example of using index of: filetype sql on google

Useful Websites to Learn More

To learn more about Google Dorks and find out about many new Google Dorks entries, you can access https://www.exploit-db.com/google-hacking-database/

In this website, you can also enter your Google Dork entries, so that other people can learn more about using Google to find information.

Source:

  • https://null-byte.wonderhowto.com/how-to/use-google-hack-googledorks-0163566/
  • https://www.hackingloops.com/google-dorks/
Share this Post