How to use Google Hacking aka Google Dorking for conducting an advanced search
- 1 How to use Google Hacking aka Google Dorking for conducting an advanced search
- 2 Operator_name:keyword
- 3 Simple Google Dorks
- 4 intitle
- 5 allintitle
- 6 inurl
- 7 allinurl
- 8 filetype
- 9 ext
- 10 intext
- 11 allintext
- 12 site
- 13 Complex Google Dorks
- 14 Dork: inurl:group_concat(username, filetype:php intext:admin
- 15 Dork: intext:@gmail.com filetype:xls
- 16 site:xyz.com -site:www.xyz.com -site:xyz.com
- 17 Dork: intitle:”index of” “admin.jsp”
- 18 Dork: inurl:8443 -intext:8443
We often wonder how the hackers manage to glean information from the Internet when we can’t see it. The hackers use a Google Hacking method known as Google Dorking. Google Dorking has been used by hackers and security researchers ever since Google was launched.
It is well known that the Internet is a vast reservoir of information but it is out there in a split format. Google Dorking enables pro users to stitch their split queries together in a long query and get hitherto unknown information from Google. In this article, we will take a look at how Google Dorking works.
Most people use Google to do a simple search like recipes or the best serial of 2020. While we perform such relatively simple search queries, what most don’t realize that Google can be used for far advanced search. In fact, if used properly, Google can reveal sensitive information about a particular entity. This can be accomplished by using the advanced operator features of Google. The basic syntax for using the advanced operators in Google is as follows:
The syntax shown above is a Google advanced operator followed by a colon, which is again followed by the keyword without any space in the string. Using such a query in Google is called Dorking and the strings are called Google Dorks aka Google Hacks. Dorks come in two forms vis-à-vis Simple dorks and complex dorks.
Simple Google Dorks
The above-mentioned syntax uses a single command so it is classified as simple dork whereas using multiple advanced operators put together in a single search string is called an advanced dork. Each keyword/advance operator has a special meaning to the Google engine. It helps you filter out the unwanted results and narrows your searches by a great margin when these dorks are used. Let’s take a few examples of simple Google dorks.
|Allintext||Searches for occurrences of all the keywords given|
|Intext||Searches for the occurrences of keywords all at once or one at a time|
|Inurl||Searches for a URL matching one of the keywords|
|Allinurl||Searches for a URL matching all the keywords in the query|
|Intitle||Searches for occurrences of keywords in URL all or one|
|Allintitle||Searches for occurrences of keywords all at a time|
|Site||Specifically searches that particular site and lists all the results for that site|
|filetype||Searches for a particular filetype mentioned in the query|
|Link||Searches for external links to pages|
|Numrange||Used to locate specific numbers in your searches|
|Daterange||Used to search within a particular date range|
The below are also used in simple Google dorking:
Let’s take a look at how these special Google search operators are used to construct those high powered google hack search terms.
Specifying intitle, will tell Google to show only those pages that have the term in their HTML title. For example intitle:”login page” will show those pages which have the term “login page” in the title text.
Similar to intitle, but looks for all the specified terms in the title.
Searches for the specified term in the url. For example inurl:”login.php”.
Same as inurl, but searches for all terms in the url.
Searches for specific file types. filetype:pdf will looks for pdf files in websites. Similarly filetype:txt looks for files with extension .txt
Similar to filetype. ext:pdf finds pdf extension files.
Searches the content of the page. Somewhat like a plain google search. For example intext:”index of /”.
Similar to intext, but searches for all terms to be present in the text.
Limits the search to a specific site only. site:androidrookies.com
Complex Google Dorks
When you combine the above simple Google Dorks to form one bigger query and use a higher degree of filtration you can get almost any information from a particular website. Complex Google Dorks can reveal a hidden trove of information if you use the syntax properly.
So what can we find out using Google complex dorks?
- Admin login pages
- Username and passwords
- Vulnerable entities
- Sensitive documents
- Govt/military data
- Email lists
- Bank account details and lots more
Dork: inurl:group_concat(username, filetype:php intext:admin
This is one of the examples of a classic complex Google Dork.
Dork: intext:@gmail.com filetype:xls
This dork can be used to glean emails ids from Google.
Similarly, we can use Google for site crawling/Network mapping. We have to combine a few other keywords to achieve this feat. What is so special about site crawling/Network mapping i.e. enumerating domain and hostnames? Well, all this is done without any probing at the target. The target that you are trying to enumerate cannot get a hint that you have already started plotting your attack against it. Google APIs used with a script combined with search results can give a big boost in this part of your attack.
site:xyz.com -site:www.xyz.com -site:xyz.com
In the above example, you can see the usage of multiple simple dorks. The possibilities for automation and network mapping using Google are infinite.
Dork: intitle:”index of” “admin.jsp”
This Google dork lists out sensitive admin java servlet pages for a web server
Dork: inurl:8443 -intext:8443
This dork lists all the sites running on port 8443. The query calls for sites with 8443 in the URL but excludes the redundant occurrence of 8443 in the text body thereby giving us URLs with respective ports. An automated scan on important ports can give interesting results.
You can visit Exploit Database for more complicated Google Dorks. Kindly note these dorks are to be used only on your own website or home network. Using such techniques on other websites is illegal.