What is Google Dorking
Google Dorking is when you use Google search queries to gain access to hidden information on websites. Some of this information google was not meant to index. This can be things such as log files, passwords, ssh-keys, etc. Google Dorking is a useful skill everyone should know.
How does it work
Before we get into Google Dorking we need first to understand how Google works. This article talks about how search engines work, but here is a quick run down.
Google sends out bots to a bunch of different websites. It indexes everything on the website it is allowed. Using specific search queries on Google you can get that hidden information.
Legal Note
Google Dorking is not illegal along as you don't log in to pages. As soon as you try to log in to a protected page then it becomes illegal and you can get into serious trouble. Always check your local laws.
Furthermore, I would always recommend a VPN when Dorking just as an extra set of protection. You don't need it but it is always good to use. Also, be careful about what you click on, as the stuff you see may not be family-friendly.
Google Dorking
This is a very simple example of what a Google Dork would be:
site:hashnode.com filetype:pdf
Google will search https://hashnode.com
for all PDF files hosted under that domain name. And as you see below it comes up with a bunch of interesting results
I am just going to dump a bunch of useful syntaxes you can go refer to. If you want to see a larger list go here.
Term | Action |
"" | The specified term must be an exact match |
OR | Operator OR |
AND | Operator AND |
- | Excludes a term |
* | Wildcard, it can be anything |
site: | The specified site must be the host |
filetype: | Search for a file by its extension (e.g. PDF) |
cache: | View Google's Cached version of a specified URL |
intitle: | The specified phrase MUST appear in the title of the page |
inurl: | Pages with a certain phrase in the url |
ip: | The specified IP must be the host |
after: | after certain period |
Advanced searches
These are some fun advanced searches.
Finding passwords
There are lots of different queries for passwords but here is a couple:
password filetype:doc | filetype:docx | filetype:pdf | filetype:xls site:Your site
"admin_password" ext:txt | ext:log | ext:cfg
filetype:log intext:password after:2016 intext:@gmail.com | @yahoo.com | @hotmail.com
Finding Webcams
There are many dorks to find webcams around the world. Here are a few:
inurl:"view.shtml" "Network Camera"
"Camera Live Image" inurl:"guestimage.html"
alt_text
intitle:”webcamXP 5”
An example of what you can get is:
Penetration Test Documents
Now, this is my favourite one. Why bother doing recon when you can get someone elses work:
intitle: "report" ("qualys" | "nessus" | |acunetix" | "netsparker" | "nmap") filetype:pdf
An example of what you can get is:
Other
Bellow is a collection of dorks. Try them out yourselves. If you want even more their is a ton on exploit-db
Sources:
tryhackme.com/room/googledorking
boxpiper.com/posts/google-dork-list