Google dorking is a method that leverages Google Search and other Google tools to uncover security vulnerabilities in website configurations and code. It involves using specific operators in the Google search engine to pinpoint sections of text on websites that indicate vulnerabilities, such as particular versions of vulnerable web applications.
History
The concept of "Google hacking" originated in 2002 when Chris Sullo introduced the Nikto vulnerability scanner. In the same year of 2002, Johnny Long began compiling Google search queries that revealed vulnerable systems or exposed sensitive information, which he dubbed "googleDorks."
CheatSheet
The following Sheet of filters are from Raphaël Cerveaux
Search filters
| Filter | Description | Example |
|---|---|---|
| allintext | Searches for occurrences of all the keywords given. | allintext:"keyword" |
| intext | Searches for the occurrences of keywords all at once or one at a time. | intext:"keyword" |
| inurl | Searches for a URL matching one of the keywords. | inurl:"keyword" |
| allinurl | Searches for a URL matching all the keywords in the query. | allinurl:"keyword" |
| intitle | Searches for occurrences of keywords in title all or one. | intitle:"keyword" |
| allintitle | Searches for occurrences of keywords all at a time. | allintitle:"keyword" |
| site | Specifically searches that particular site and lists all the results for that site. | site:"www.google.com" |
| filetype | Searches for a particular filetype mentioned in the query. | filetype:"pdf" |
| link | Searches for external links to pages. | link:"keyword" |
| numrange | Used to locate specific numbers in your searches. | numrange:321-325 |
| before/after | Used to search within a particular date range. | filetype:pdf & (before:2000-01-01 after:2001-01-01) |
| allinanchor (and also inanchor) | This shows sites which have the keyterms in links pointing to them, in order of the most links. | inanchor:rat |
| allinpostauthor (and also inpostauthor) | Exclusive to blog search, this one picks out blog posts that are written by specific individuals. | allinpostauthor:"keyword" |
| related | List web pages that are “similar” to a specified web page. | related:www.google.com |
| cache | Shows the version of the web page that Google has in its cache. | cache:www.google.com |
Search Term
This operator searches for the exact phrase within speech marks only. This is ideal when the phrase you are using to search is ambiguous and could be easily confused with something else, or when you’re not quite getting relevant enough results back. For example:
"Tinned Sandwiches"
OR
This self explanatory operator searches for a given search term OR an equivalent term.
site:facebook.com | site:twitter.com
AND
site:facebook.com & site:twitter.com
Operators combinaison
(site:facebook.com | site:twitter.com) & intext:"login"
(site:facebook.com | site:twitter.com) (intext:"login")
Include results
This will order results by the number of occurrence of the keyword.
-site:facebook.com +site:facebook.*
Exclude results
site:facebook.* -site:facebook.com
Synonyms
Adding a tilde to a search word tells Google that you want it to bring back synonyms for the term as well. For example, entering “~set” will bring back results that include words like “configure”, “collection” and “change” which are all synonyms of “set”. Fun fact: “set” has the most definitions of any word in the dictionary.
~set
Glob pattern (*)
Putting an asterisk in a search tells Google ‘I don’t know what goes here’. Basically, it’s really good for finding half remembered song lyrics or names of things.
site:*.com
Demonstration
In this demo I will show how dorking can find me a TV series file I want to watch from an http server over the internet.
Let's query it to google search:
intitle:"Index of /" intext:Ozark intext:.mkv
This shows me a list of http directories which has "Ozark" directory that contains ".mkv" files
Similarly google dorking can be used to find different sort of information or different purposes
Conclusion
Just like Google Dorking there are more search engines providing such functionalities like Bing or GoDuckGo Search Engine. The only difference would be the syntax. For example:
Searching for Ozark file with extension of mkv
- Google: intitle:index.of? Ozark.mkv -html -htm -php -asp -jsp
- Bing: filetype:mkv Ozark