A Google dork query is a search string that uses advanced search operators to find information that is not readily available on a website. Google Dorking, also known as Google hacking, can return information that is difficult to locate through simple search queries.
In this tutorial, we will use Google to gather more sensitive information about the target.
Please remember that google dorks are only working with google browsers.
Queries
A query is basically the thing that tells google where you want to search. I’m going to introduce the most common ones, then I will show some examples, and then explain how you can custom your searches.
The syntax is the same for all queries :
queryOne:"keywords" queryTwo:"other keywords"
Now let’s see what are the different queries you can use.
InUrl is used to search for any text inside the url. Many times used by hackers to search for vulnerable scripts and plugins or sensitive information in the website. It is used a lot for SQL injections, as it allows you to detect vulnerable websites.
Example: inurl:/status?full=true will return all url contain keyword “status?full=true”
If you search with allinurl: Google restricts results to those containing all the query terms you specify in the URL.
Example: allinurl:google dork will return all URL contain keyword “google” and “dork”
InText is used to search for any text in the body or the source code of the website. It is many times used by hackers to search for the particular version of the application that is exploitable.
Example: intext: google dork will return the website contains the keyword “google dork” in the HTML page.
If you search with allintext: Google restricts results to those containing all the query terms you specify in the text of the page.
FileType is used to search for any type of file which you want to locate in a particular website or on any particular subject or you can search for any type of file freely. Used by hackers to search for files containing Sensitive information to exploit the websites.
InTitle is used to search for titles of web pages. Hackers use to search for vulnerable pages or index on a website.
If search with allinurl: Google restricts results to those containing all the query terms you specify in the title.
Using this dork you can minimize the area of search to a particular website. Hackers use it to target and search for sensitive information on a website.
This dork checks other websites containing links to a website. Hackers use to search for any other information related to their target.
The URL will display Google’s cached version of a web page, instead of the current version of the page.
Usage example
The following examples are not targetting a specific website. If you want to use dorks on one single website, just add the site:example.com query.
The most common use of google dorks is to find an open index, which basically means that the website owners didn’t secure the information that is stored on its site. You can view it by using this dork
intitle:"index of /" Parent Directory
We are grabbing every page with titles containing “index of /” and/or “parent directory”. Why? because these sentences are used in every website’s file storage.
Now let’s say you want to look for admin directories
You can use this dork
intitle:"Index of /admin"
This is pretty easy to understand. We’re looking if the page’s title contains ‘index of /admin’. Remember that putting a ‘/’ before a keyword is used to search for directories, not for files.
You can replace “admin” with whatever you’re looking for! mails, passwords, payment information, …
Okay, that’s cool, but now I want to search for files. You can do it by filtering files’ names…
intitle:"Index of /" password.txt
… or file’s extension!
intitle:"index of ftp" .jpg
This way you can very easily get personal information, pictures, even ID scans.
Now we can also search for pages that are reserved for admins, or that contain login features. You can use different methods, based on the page’s title, the URL, or even file extensions.
intitle: "login" "admin"
inurl: "admin" "login"
inurl:admin filetype:db
The possibilities are endless!
I hope this tutorial helped you, and remember that dorks are made to be customized. Don’t do the same queries as everyone, or the ‘sensitive’ content you will find will already be leeched by others. Find new ways in, new possibilities!
Disclaimer
This content has been shared under Educational And Non-Profit Purposes Only.
Hacksnation.com cannot be liable for what a person decides to do with this knowledge.
Hacksnation.com has no control over the shared content and nature of the external sites.
Keywords -
Ethical hacking, Ethical hacker, Cyber security, Cyber awareness, Hacking