Post

Mastering Google Dorking: The Ultimate Guide

Posted
Preview Image
By Diogo Lages
5 min read
Mastering Google Dorking: The Ultimate Guide

Mastering Google Dorking: The Ultimate Guide

Google Dorking, also known as Google Hacking, is a technique used to uncover sensitive information exposed on the internet. This guide covers everything from the basics to advanced techniques, including automation, OSINT gathering, vulnerability exploitation, and ethical considerations. Whether you’re a beginner or an experienced cybersecurity professional, this guide will help you master Google Dorking.

Table of Contents

  1. Introduction to Google Dorking
  2. Fundamentals of Google Dorking
  3. Understanding Google Dork Operators
  4. Common Google Dork Queries
  5. Advanced Techniques
  6. Case Studies
  7. Preventing Google Dorking
  8. Google Dorking Tools and Resources
  9. Legal Considerations
  10. Conclusion

Introduction to Google Dorking

Google Dorking is a technique used to find sensitive information accidentally exposed on the internet. This can include:

  • Log files with usernames and passwords
  • Exposed cameras and IoT devices
  • Sensitive documents (e.g., financial records, confidential files)
  • Website vulnerabilities (e.g., SQL injection points)

While Google Dorking is a powerful tool for information gathering, it is often misused for malicious purposes such as cyberattacks, identity theft, and digital espionage. This guide emphasizes ethical use and encourages readers to use these techniques for security testing and vulnerability assessment.

Fundamentals of Google Dorking

Google Dorking relies on advanced search operators to refine search results. These operators allow you to target specific types of information. Below are the seven fundamental types of queries used in Google Dorking:

  1. intitle: Searches for pages with specific text in their HTML title.
    • Example: intitle:"login page"
  2. allintitle: Similar to intitle, but requires all keywords to be in the title.
    • Example: allintitle:"login page admin"
  3. inurl: Searches for pages based on text in the URL.
    • Example: inurl:login.php
  4. allinurl: Similar to inurl, but requires all keywords to be in the URL.
    • Example: allinurl:admin login
  5. filetype: Filters results by specific file types.
    • Example: filetype:pdf
  6. ext: Filters results by file extensions.
    • Example: ext:log
  7. site: Limits search results to a specific website.
    • Example: site:example.com

Understanding Google Dork Operators

Google Dork operators are the building blocks of effective queries. Here’s a breakdown of the most commonly used operators:

OperatorDescriptionExample
intitleSearches for pages with specific text in the title.intitle:"login page"
allintitleSearches for pages with all specified keywords in the title.allintitle:"admin login"
inurlSearches for pages with specific text in the URL.inurl:admin
allinurlSearches for pages with all specified keywords in the URL.allinurl:admin login
filetypeFilters results by specific file types.filetype:pdf
extFilters results by file extensions.ext:log
intextSearches for pages containing specific text in the body.intext:"username"
allintextSearches for pages containing all specified keywords in the body.allintext:"username password"
siteLimits search results to a specific domain.site:example.com
cacheDisplays the cached version of a page.cache:example.com

Common Google Dork Queries

Below are some commonly used Google Dork queries for various purposes:

General Dorks

1
2
3
4
5
6

intitle:"Index of"
intitle:"Index of" site:example.com
filetype:log inurl:"access.log"
intext:"Welcome to phpMyAdmin"
intitle:"Login — WordPress"
intext:"Powered by WordPress"

1
2
3
4

inurl:/phpmyadmin/index.php
inurl:/db/websql/
inurl:/phpPgAdmin/index.php
intext:"phpPgAdmin — Login"

Search for Vulnerabilities

1
2

intext:"Error Message" intext:"MySQL server" intext:"on * using password:"
intext:"Warning: mysql_connect()" intext:"on line" filetype:php

Exposed Documents and Files

1
2
3
4

filetype:pdf intitle:"Confidential"
filetype:doc intitle:"Confidential"
filetype:xls intitle:"Confidential"
filetype:ppt intitle:"Confidential"

Directory Listings

1
2
3
4
5

intitle:"Index of" inurl:/parent-directory
intitle:"Index of" inurl:/admin*
intitle:"Index of" inurl:/backup
intitle:"Index of" inurl:/config
intitle:"Index of" inurl:/logs

Exposed Webcams and Cameras

1
2
3

inurl:"view/index.shtml"
intitle:"Live View /-AXIS"
intitle:"Network Camera NetworkCamera"

1
2
3

intitle:"Login" inurl:/admin
intitle:"Login" inurl:/login
inurl:"/admin/login.php"

Exposed Control Panels

1
2

intitle:"Control Panel" inurl:/admin
intitle:"Control Panel" inurl:/cpanel

Exposed IoT Devices

1
2

intitle:"Smart TV" inurl:/cgi-bin/login
intitle:"Router Login" inurl:/login

Finding PHP Info Pages

1

intitle:"PHP Version" intext:"PHP Version"

Exposing Sensitive Files on Government Sites

1

site:gov (inurl:doc | inurl:pdf | inurl:xls | inurl:ppt | inurl:rtf | inurl:ps)

Exposed Network Devices

1
2
3

intitle:"Brother" intext:"View Configuration"
intitle:"Network Print Server" filetype:html
intitle:"HP LaserJet" inurl:SSI/index.htm

File Upload Vulnerabilities

1
2

inurl:/uploadfile/ filetype:php
intext:"File Upload" inurl:/php/

Advanced Techniques

Advanced Query Crafting

Combine multiple operators for precise searches. Use parentheses () to group conditions and logical operators (OR, AND, -) to refine results.

Example:

1

site:example.com (intitle:"login" OR inurl:"admin") filetype:php

Exploiting Specific Vulnerabilities

  • SQL Injection: inurl:index.php?id=
  • XSS Vulnerabilities: inurl:search.php?q=
  • File Inclusion Vulnerabilities: inurl:index.php?page=

Using Google Dorking for OSINT

  • Gathering Information: site:linkedin.com intitle:"John Doe"
  • Finding Leaked Credentials: filetype:txt "username" "password"

Automation and Scripting

Automate Google Dorking using Python and the requests library.

Example Script:

1
2
3
4
5
6
7
8
9
10
11

import requests

def google_dork(query):
    url = f"https://www.google.com/search?q={query}"
    headers = {"User-Agent": "Mozilla/5.0"}
    response = requests.get(url, headers=headers)
    return response.text

query = 'inurl:index.php?id='
results = google_dork(query)
print(results)

Case Studies

Real-World Example 1: Finding Exposed Admin Panels

A penetration tester used the following query to find exposed admin panels:

1

intitle:"Admin Login" inurl:/admin

Real-World Example 2: Exploiting SQL Injection

A bug bounty hunter used the following query to find SQL injection vulnerabilities:

1

inurl:index.php?id=

Preventing Google Dorking

To protect your website from Google Dorking:

  1. IP-based Restrictions: Limit access to sensitive areas.
  2. Vulnerability Scans: Regularly scan for vulnerabilities.
  3. Google Search Console: Remove sensitive content from search results.
  4. robots.txt: Use this file to block search engines from indexing sensitive directories.
  5. Secure Passwords: Change default passwords on devices and systems.
  6. Disable Remote Logins: Prevent unauthorized access to network devices.

Google Dorking Tools and Resources

Here are some tools and resources to help you get started:

Google Dorking can be a legal gray area. Ensure you have explicit permission before testing any website. Unauthorized access to systems is illegal and punishable by law.

Conclusion

Google Dorking is an invaluable skill for cybersecurity professionals, but it must be used responsibly. By mastering advanced techniques, automating queries, and understanding legal boundaries, you can leverage Google Dorking to enhance security and uncover vulnerabilities. Always prioritize ethical use and obtain proper authorization before performing any tests.

OSINT, Google Dorking
Google Dorking Advanced Search
This post is licensed under CC BY 4.0 by the author.