Are you looking to unlock the full potential of Google Search? With the right techniques, you can uncover hidden web pages and access information that’s not readily visible through standard search queries. This is where Google Dorks come into play—a powerful tool for advanced searches that can help you find specific files, hidden pages, and much more.
Google Dorking, a technique that utilizes advanced search operators to uncover hidden information on the web. Learn how to use search commands like ‘site:’, ‘filetype:’, and ‘inurl:’ to enhance your online research and security analysis. This method not only helps in identifying vulnerabilities but also provides efficient access to documents and data for academics and professionals alike.
Explore the benefits and effective strategies for utilizing Google Dorking to maximize your search capabilities and gain deeper insights from the internet.
In this guide, we’ll walk you through how to use Google Dorks effectively to find hidden web pages. Whether you’re a researcher, cybersecurity enthusiast, or just curious about exploring the web’s hidden corners, this guide will help you master the art of advanced search techniques.
What is Google Dorking?
Google Dorking, also known as Google hacking, is a technique used to find specific information by utilizing advanced search operators. This method allows users to query Google with precise parameters, enabling them to uncover hidden information on websites that may not be easily accessible. It’s a powerful tool for researchers, security professionals, and anyone looking to gain deeper insights from the vastness of the web.
Benefits of Google Dorking
One of the primary benefits of Google Dorking is its ability to uncover information that is often not indexed or is buried deep within a website. This method can help security specialists identify vulnerabilities by discovering sensitive files or data exposures. Moreover, it aids researchers and students in gathering resources or information for their projects by offering a focused approach to online queries.
A Google Dork or Google Dorking also known as Google hacking, is a valuable resource for security researchers. For the average person, Google is just a search engine used to find text, images, videos, and news. However, it can find anything that is left behind by sysadmin or web developer, which is not meant to be public consumption.
Here are special Google search operators you can use:
- intitle: This will ask google to show pages that have the term in their HTML
(Hyper Text Markup Language) title. Example: intitle:security too ls will
search for titles beginning with “security”, but “tools” can be somewhere
else in the page. - inurl: Searches for specified term in the URL (Uniform Resource Locator).
Example: inurl:register.php - filetype: Searched for a certain file type. Example: filetype:pdf will search
for all the pdf files on the websites. - ext: It works like filetype. Example: ext:pdf finds pdf extension files.
- intext: This will search the content of the page. This works like plain google
search. Example: intext:”safe internet” - site: This limits the search to a specific site only. Example: site:[email protected]
will limit search to only [email protected]. - Cache: This will show you cached version of any website. Example: cache:
aa.com - * : This works like a wildcard. Example: How to * sites, will show you all the
results like “how to…” design/create/hack, etc.… “sites” - | : This is a logical operator. Example: “security” “tips” will show all the sites
which contain “security” or “tips,” or both words. - + : Used to concatenate words, useful to detect pages that use more than
one specific key. Example: security + trails - – : Minus operator is used to avoid showing results that contain certain
words. Example: security -trails will show pages that use “security” in their
text, but not those that have the word “trails.” - allintext: Searches for specific text contained on any web page. Example:
allintext: hacking tools - allintitle: Exactly the same as allintext, but will show pages that contain
titles with X characters. Example: allintitle:”Security Companies” - inanchor: This is useful when you need to search for an exact anchor text
used on any links. Example: inanchor:”cyber security”
Google Dork examples:
MP3, Movie, and PDF files
Nowadays almost no one downloads music after Spotify and Apple Music appeared
on the market. However, if you’re one of those classic individuals who still
download legal music, you can use this dork to find mp3 files:
intitle: index of mp3
intitle: index of pdf intext: .mp4 Email lists
It’s pretty easy to find email lists using Google Dorks. In the following example, we
are going to fetch excel files which may contain a lot of email addresses.
filetype:xls inurl:"email.xls"Log files
Log files are the perfect example of how sensitive information can be found within
any website. Error logs, access logs and other types of application logs are often
discovered inside the public HTTP space of websites. This can help attackers find
the PHP version you’re running, as well as the critical system path of your CMS or
frameworks.
For this kind of dork, we can combine two Google operators, allintext and filetype,
for example:
allintext:username filetype:log This will show a lot of results that include username inside all *.log files.
Vulnerable web servers
The following Google Dork can be used to detect vulnerable or hacked servers that
allow appending “/proc/self/cwd/” directly to the URL of your website.
inurl:/proc/self/cwd Open FTP servers
Google does not only index HTTP-based servers, but it also indexes open FTP
servers. With the following dork, you’ll be able to explore public FTP servers, which
can often reveal interesting things.
intitle:"index of" inurl:ftpENV files
.env files are the ones used by popular web development frameworks to declare
general variables and configurations for local and online dev environments.
One of the recommended practices is to move these .env files to somewhere that
is not publicly accessible. However, as you will see, there are a lot of devs who do
not care about this and insert there .env file in the main public website directory.
SSH private keys
SSH private keys are used to decrypt information that is exchanged in the SSH
protocol. As a general security rule, private keys must always remain on the system
being used to access the remote SSH server and should not be shared with anyone.
With the following dork, you’ll be able to find SSH private keys that were indexed
by Google.
intitle:index.of id_rsa -id_rsa.pubLive cameras
The following Google hacking techniques can help you fetch live camera web pages
that are not restricted by IP.
Here’s the dork to fetch various IP based cameras:
inurl:top.htm inurl:currenttimeTo find WebcamXP-based transmissions:
intitle:"webcamXP 5" And another one for general live cameras:
inurl:"lvappl.htm" Weather
Google hacking techniques can be used to fetch any kind of information, and that
includes many different types of electronic devices connected to the Internet.
In this case, we ran a dork that lets you fetch Weather Wing device transmissions.
If you’re involved in meteorology stuff or merely curious, check this out:
intitle:"Weather Wing WS-2" Zoom videos
“Zoom-bombing” became a popular means of disrupting online meetings in 2020
during the initial lockdown. The company has since placed some restrictions to
make it harder to find/disrupt Zoom meetings, but long as a URL is shared, a Zoom
meeting can still be found:
inurl:zoom.us/j and intext:scheduled for SQL dumps
Misconfigured databases are one way of finding exposed data. Another way is to
look for SQL dumps that are stored on servers and accessible via a domain/IP.
Sometimes, these dumps appear on sites through incorrect backup mechanisms
used by site admins who store backups on web servers. To find a zipped SQL file,
we use:
"index of" "database.sql.zip" WordPress Admin
The view on whether to obfuscate your WordPress login page has arguments on
both sides. Some researchers say it is unnecessary and using tools like a web
application firewall (WAF) can prevent attacks much better than obfuscation
would.
Finding WP Admin login pages is not too difficult with a dork:
intitle:"Index of" wp-admin Apache2
This can be considered a subset of “vulnerable web servers” mentioned above, but
we are discussing Apache2 specifically because:
LAMP (Linux, Apache, MySQL, PHP) is a popular stack for hosted apps/websites
These Apache servers could be misconfigured/forgotten or at some stage of being
setup, making them great targets for botnets
Find Apache2 web pages with the following dork:
intitle:"Apache2 Ubuntu Default Page: It works" phpMyAdmin
Another risky yet frequently discovered tool on LAMP servers is phpMyAdmin
software. This tool is another method of compromising data, as phpMyAdmin is
used for the administration of MySQL over the web.
"Index of" inurl:phpmyadmin JIRA/Kibana
Google dorks can also be used to find web applications hosting important
enterprise data (via JIRA or Kibana).
inurl:Dashboard.jspa intext:"Atlassian Jira Project Management Software"
inurl:app/kibana intext:Loading Kibana cPanel password reset
Another dork that can be used as the first step in reconnaissance is to be hosted
cPanels and then exploit various weaknesses in password resets to take over the
cPanel (along with all the websites hosted on it).
inurl:_cpanel/forgotpwdGovernment documents
Sensitive government documents are the last thing that should be exposed on the
internet, but with dorks they are not too hard to find, as shown below:
allintitle: restricted filetype:doc site:gov >> Explore More Google Dorking Database
Preventing Google Dorks Using robots.txt configurations
The following configuration will deny all crawling from any directory within your
website, which is useful for private access websites that do not rely on publicly
indexable Internet content.
User-agent: *Disallow: /
You can also block specific directories to be excepted from web crawling.
If you have an /admin area and you need to protect it, just place this code inside:
User-agent: *Disallow: /admin/
This will also protect all the subdirectories inside.
Restrict access to specific files:
User-agent: *Disallow: /privatearea/file.htm
Restrict access to dynamic URLs (Uniform Resource Locator) that contain ‘?’ symbol
User-agent: *Disallow: /*?
To restrict access to specific file extensions you can use:
User-agent: *Disallow: /*.php$/
In this case, all access to .php files will be denied.
Bottomline
Google Dorks is a powerful technique that can transform the way you search the web. From finding hidden web pages to locating specific files, this method opens up a world of possibilities for advanced users. Remember to use this knowledge responsibly and ethically to stay within the bounds of the law.
Thank you for reading this post. We hope you found our Softrick content insightful! Explore more articles on our website for in-depth tutorials, tech guides, and tips to enhance your digital skills.
