Google Dork: An Information Gathering method
Namaste🙏, I’m Ankita Sinha, an MTech CSE student doing a specialization in Information Security. You can connect with me on LinkedIn, and Github.
Google Dork queries, or just dorks, are searching strings that include advanced search operators to find information that may not be readily available online.
There are a variety of approaches to finding information that is not readily available on the web, such as using advanced searches. It is also considered to be an illegal form of hacking by Google, which hackers use often for purposes like cyberterrorism and theft.
By using Google Dorks, we can discover information hidden in databases and exploit vulnerable websites. A hacker can exploit vulnerabilities on a target by using Google’s search algorithm and index, which indexes nearly all websites. Google’s basic syntax for advanced operators is: operator_name:keyword
Google Dork Syntaxs:
1. Cache: This dork shows you the cached version of any website.
· Syntax: cache:securitytrails.com
· A backup snapshot of each website is taken by Google in case the current one is unavailable. Google then caches these pages.
· You will see a cached version of a site if you click on a link that says “Cached.” or use the above command.
2. allintext: Finds the text contained on any web page.
· Syntax: allintext: hacking tools or allintext: password
· A content search will be conducted on the page. It works somewhat like a plain Google search.
3. allintitle: Identical to allintext, but only displays titles with keywords characters.
· Syntax: allintitle:”Security Companies”
· You will request that Google shows you pages that contain the term in the title of their HTML file.
4. allinurl: A URL that contains all the characters specified can be fetched using this method.
· Syntex: allinurl:ipsystem or allinurl:rhawk.php
· The URL is searched for the specified term.
5. filetype: File extensions of various kinds can be searched for using this feature.
· Syntax: password filetype: txt or email security filetype: pdf
· A search for a specific file type. For instance, filetype:pdf will search for all pdf files on the website.
6. inurl: Exactly the same as allinurl, but for a single keyword-only
· Syntax: inurl:admin
· Displays only the results that contain the specified search key words in the URL.
7. intitle: Searches for various keywords within the title.
· Syntax: intitle:security tools
· intitle:security tools will search for titles beginning with “security” but “tools” may appear elsewhere on the page.
8. intext: It is useful for finding web pages with certain text strings or characters in them.
· Syntax: intext:”safe internet”
9. inanchor: You can use this to search for the anchor text used in all links with an exact match.
· Syntax: inanchor:”cyber security”
10. site: Searches only a specific website.
· Syntax: site:who.int
or site:
· Using the domain or subdomain you specify; you will be shown each URL indexed by Google.
11. allintext:username filetype:log:
· Using this search will return a large number of results including usernames contained inside *.log files.
12. DB_USERNAME filetype:env
· This command allows you to find the list of sites that publicly expose their env file.
13. inurl:/proc/self/cwd:
· These results, along with their exposed directories, will appear in your browser.
· Those servers that allow appending “/proc/self/cwd/” directly to your site’s URL can typically be identified by using the Google Dork listed below.
14. intitle:”index of” inurl:ftp:
· You can explore public FTP servers, which can often reveal interesting things using the above example.
15. intitle:index.of id_rsa -id_rsa.pub:
· A list of SSH private keys was found.
16. filetype:log username putty:
· An easy way to extract SSH usernames from PUTTY logs is to use a simple dork.
17. filetype:xls inurl:”email.xls”:
· The Excel files that contain the email addresses will be fetched.
18. inurl:top.htm inurl:currenttime:
· You can find a list of live cams that are publicly accessible by adding “top.htm” to the URL, together with the current time and date.
19. inurl:”lvappl.htm”:
· The following table lists some of the most common live-view pages hosted by routers.
20. inurl:.gov/index.php?id=:
· Visit all the government websites on this list.
21. intitle:”forum” inurl:http after:2018:
· By simply changing the text in the search title, you can search for online forums that use HTTP.
22. intitle:security + trails:
· A plus sign is used to concatenate words to detect whether a page uses multiple specific keys.
23. intitle:security — trails:
· By using the minus operator, certain words will not appear in results.
Conclusion:
We have demonstrated the ability of Google Dorks (also known as Google hacking) to find sensitive content online that is difficult to find when using Google’s simple search interface. You can use Google Dorks to narrow down or restrict your search. Furthermore, they can detect leaked information and vulnerabilities in websites and applications. You should always consider the possibility of malicious actors exploiting Google Dorks in order to find sensitive information about any given entity (e.g. individual or organization) in order to perpetrate their attacks.