What is Google Dorking?
Google Dorking, also known as "Google Hacking", is a technique used to discover sensitive information exposed on the internet using advanced Google search queries. Itβs widely used in reconnaissance to locate misconfigurations, exposed files, login portals, and more.
π° Basic Search Operators
These are the building blocks of Google Dorking:
site:β Search within a specific domain (e.g.,site:example.com)filetype:β Look for specific file types (e.g.,filetype:pdf)intitle:β Search keywords in page titlesinurl:β Find keywords within URLscache:β View Googleβs cached version of a page-β Exclude specific keywords (e.g.,-login)
π‘ Advanced Google Dorking Techniques
Find Exposed Login Pages
inurl:admin login site:example.comThis dork searches for URLs containing "admin" and "login" on the target domain.
Discover Open Directories
intitle:"index of" "parent directory" site:example.comReveals directory listings where files might be publicly accessible.
Find Exposed Database Files
filetype:sql site:govSearches for downloadable SQL database files on government domains.
Locate Publicly Exposed Passwords
intext:"password=" filetype:logFinds .log files containing password data exposed in plain text.
Discover Camera Feeds
inurl:view/index.shtmlCommon path used by unsecured network cameras with live feeds.
π§ Step-by-Step Usage Guide
- Identify your objective β e.g., find PDFs, logins, or public IP cams.
- Choose a combination of operators based on your goal.
- Test your dorks on known domains or targets (with permission).
- Analyze the results manually or automate using tools.
- Document useful findings and filter out false positives.
π Real-World Example
Letβs say you're performing recon on a university website:
site:*.edu filetype:xls intext:"student grades"This could potentially uncover Excel files with sensitive data like student grades exposed on public directories.
π Pro Tips
- Always validate the legality of your searches.
- Combine multiple operators for more accurate results.
- Use incognito mode to prevent personalization bias in search results.
- Use
cache:to retrieve deleted pages still indexed by Google. - Bookmark frequently used dorks for quick access.
π οΈ Tools for Automation
- GitHub - Google Dork CLI: Automate dork queries in terminal
- GHDB (Google Hacking Database): https://exploit-db.com/google-hacking-database
- GoogleDorkScanner: GitHub Repo
- H8mail: Use with dork results to find exposed emails/passwords
βοΈ Legal & Ethical Considerations
Google Dorking must always be used within legal boundaries. Searching public content is legal, but accessing, storing, or distributing sensitive data without permission may be considered a cybercrime. Always get written consent before testing real organizations.