In the vast internet landscape, Google is the gateway to an ocean of information. While most of us use Google for simple searches, a powerful tool known as “Google Dorks” unlocks a deeper level of search capability. In this blog post, we’ll look into what Google Dorks are, how they work, and how to use them ethically and responsibly.
What are Google Dorks?
Google Dorks, or Google hacking or Google-fu, refers to specialized search queries that utilize advanced operators to pinpoint specific information on the web. These operators allow users to narrow down their searches and find hidden data that may not be accessible through our regular search methods.
How does Google Dorking work?
Google Dorking utilizes custom queries with advanced search operators (specific symbols or words) to fetch targeted search results. All you have to do is type in the custom Google dork query in the Google search bar.
When the Google search engine crawls the web, it indexes many parts of websites, some of which may not be readily available to regular internet users. Google Dorking lets you see some of that information using more precise search queries.
Google dork examples
Dork > site:microsoft.com keys
Using ‘site:microsoft.com keys’ in Google helps find specific key-related pages on Microsoft’s site. This simplifies searching for products, licenses, or encryption keys directly from Microsoft’s domain.
We can use different words in which we are interested like keys, emails, passwords, admin, etc. We can specify the website we want to do recon on finding information about.
Dork > “Not for Public Release” + “Confidential” ext:pdf | ext:doc | ext:xlsx
Using “Not for Public Release” + “Confidential” with file extensions pdf, doc, or xlsx helps find potentially sensitive documents not intended for public distribution. This advanced search technique can uncover confidential information across various file types.
There are many file types indexable by Google which are shared in the last part of the blog and can be included for better results.
Dork > allintext:username filetype:log
Using ‘allintext:username filetype: log’ in your search query can reveal log files containing usernames. This approach streamlines finding logs containing user-related information, aiding in security analysis or troubleshooting.
These usernames can be later used by the malicious threat actor for different password attacks like brute force, etc.
Dork > inurl:email.xls ext:xls
Using ‘inurl:email.xls ext:xls’ in your search query helps pinpoint Excel files with ‘email’ in their URL. This method efficiently locates spreadsheet files specifically tailored for email data, streamlining data retrieval tasks.
To make it more efficient use it with the ‘site:’ so that a particular result can be obtained instead of searching for a pin in the straw of hay.
Dork > filetype:txt intext:@gmail.com intext:password
Using ‘filetype: txt intext:@gmail.com intext: password’ in your search query helps find text files containing email addresses with associated passwords.
This search method can reveal potentially compromised accounts or security vulnerabilities. Using tools like DeHashed, and Have I Been Pwned can make it more effective as we can analyse whether the accounts have been breached earlier or not.
Different Dorks Category:
1. Scope-restricting dorks
Scope-restricting dorks help you specify the target range of websites and data types. You can add additional query items to these dorks for more specificity, like in the “filetype:”
Keep in mind that when you want to restrict search results to an exact phrase, you have to enclose the phrase within double quotation marks.
2. Informational dorks
Informational dorks specify the type of information you are looking for and work best without additional query items.
3. Text dorks
Text dorks are useful when you’re looking for pages containing specific text strings.
4. Search-refining operators
This is a list of operators that help you refine your Google search:
5. File types indexable by Google:
Google can index the content of most text-based files and certain encoded document formats. The most common file types we index include:
Adobe Portable Document Format (.pdf)
Adobe PostScript (.ps)
Comma-Separated Values (.csv)
Google Earth (.kml, .kmz)
GPS eXchange Format (.gpx)
Hancom Hanword (.hwp)
HTML (.htm, .html, other file extensions)
Microsoft Excel (.xls, .xlsx)
Microsoft PowerPoint (.ppt, .pptx)
Microsoft Word (.doc, .docx)
OpenOffice presentation (.odp)
OpenOffice spreadsheet (.ods)
OpenOffice text (.odt)
Rich Text Format (.rtf)
Scalable Vector Graphics (.svg)
TeX/LaTeX (.tex)
Text (.txt, .text, other file extensions), including source code in common programming languages, such as:
Basic source code (.bas)
C/C++ source code (.c, .cc, .cpp, .cxx, .h, .hpp)
C# source code (.cs)
Java source code (.java)
Perl source code (.pl)
Python source code (.py)
Wireless Markup Language (.wml, .wap)
XML (.xml)
Google can also index the following media formats:
Image formats: BMP, GIF, JPEG, PNG, WebP, and SVG
Video formats: 3GP, 3G2, ASF, AVI, DivX, M2V, M3U, M3U8, M4V, MKV, MOV, MP4, MPEG, OGV, QVT, RAM, RM, VOB, WebM, WMV, and XAPAI Tools:
No more stressing over syntax — just plug in what you need, and let the magic happen. Memorizing complex queries was not only time-consuming but also prone to human error. So just let the AI do its work!
DorkGenius:
DorkGenius simplifies Google dork creation for cybersecurity pros, streamlining searches for vulnerabilities and sensitive data.
DorkGPT:
DorkGPT generates tailored Google dorks, aiding security experts in pinpointing potential exploits and exposed information.
Bug Bounty Dork:
Targeted at bug bounty hunters, Bug Bounty Dork speeds up vulnerability discovery with optimized Google dorks for web applications.
DorkSearch:
DorkSearch is a centralized engine for Google dorks, aiding security pros in finding relevant queries for assessments and recon.
Google Dork Maker by StationX:
StationX’s Dork Maker offers a user-friendly interface for crafting custom Google dorks, essential for penetration testing and data gathering.
Advanced Google Dorking Commands and Operators
Along with several Google Dork commands and operators, there are some advanced combinations of operators too that you can use to filter search results to maximize efficiency.
However, you can refer to the Google Hacker database to avoid typing these operators and combinations every time to search for any information. This database contains hundreds of combinations of multiple and advanced operators.
1. Searching for Vulnerable Webcams
Find webcams with known vulnerabilities:intitle:"D-Link" inurl:"/view.htm"
2. Finding Open Elasticsearch Instances with Specific Data
Search for Elasticsearch instances containing specific data:intext:"kibana" intitle:"Kibana"
3. Exploring Open MongoDB Instances with Authentication Bypass
Search for MongoDB instances without authentication:intext:"MongoDB Server Information" intitle:"MongoDB" -intext:"MongoDB Server Version"
4. Identifying Exposed OpenCV Instances
Search for OpenCV instances with exposed data:intitle:"OpenCV Server" inurl:"/cgi-bin/guestimage.html"
5. Finding Exposed InfluxDB Instances
Search for InfluxDB instances with default configurations:intitle:"InfluxDB - Admin Interface"
6. Locating Exposed RabbitMQ Management Interfaces
Search for RabbitMQ management interfaces:intitle:"RabbitMQ Management"
7. Discovering Exposed Jenkins Builds
Search for Jenkins builds with specific information:intitle:"Console Output" intext:"Finished: SUCCESS"
8. Finding Exposed Grafana Dashboards
Search for Grafana dashboards:intitle:"Grafana" inurl:"/dashboard/db"
9. Exploring Open NVIDIA Jetson Devices
Search for NVIDIA Jetson devices with open ports:intitle:"NVIDIA Jetson" intext:"NVIDIA Jetson"
10. Locating Open Fortinet Devices
Search for Fortinet devices with open interfaces:intext:"FortiGate Console" intitle:"Dashboard"
11. Discovering Exposed OpenEMR Installations
Search for OpenEMR installations with specific data:intitle:"OpenEMR Login" inurl:"/interface"
12. Finding Exposed Jenkins Script Console
Search for Jenkins script consoles with default credentials:intitle:"Jenkins Script Console" intext:"Run groovy script"
These advanced commands for Google dorking can be useful for specific security assessments and research purposes. Always ensure you have proper authorization and follow ethical guidelines when using advanced Google Dorking commands. Unauthorized or malicious use can have serious legal and ethical consequences.
Summary:
Is Google Dorking safe?
Google Dorking is safe as long as you use it responsibly and ethically. Attempting to exploit security vulnerabilities in the configuration and code of websites without authorization is against the terms of service of most websites and might lead to legal consequences.
Even though Google dorking is legal, you should apply this method responsibly and adhere to the legal guidelines of websites. Misusing Google dorks for breaching security and accessing unauthorized information is illegal.
Google Dorking is also called “Google hacking” for a reason — cybercriminals sometimes use Google hacking as a form of passive attack to find and exploit security vulnerabilities and access sensitive content on poorly protected websites. Hackers might carry out cyberattacks to get hold of usernames, passwords, and personally identifiable information by using advanced Google dorks. So be careful what Google dorks you use and never abuse them for accessing private information without proper authorization.
Hey! If you enjoyed this blog, hop over to my other blogs too! There’s a whole world of fascinating content waiting for you to explore. Let’s dive in and soak up knowledge together!
“With Google Dorks, we’re not just hackers; we’re digital commandos, wielding information as our weapon to penetrate the impenetrable.”