The idea of using Google as a hacking tool or platform certainly isn’t a novel idea, and hackers have been leveraging this incredibly popular search engine for years. In fact, Google Dorks have their roots in 2002 when a man by the name of Johnny Long started using custom queries to search for elements of certain websites that he could leverage in an attack. At its core, that’s exactly what Google Dorks are – a way to use the search engine to pinpoint websites that have certain flaws, vulnerabilities, and sensitive information that can be taken advantage of. As a side note, some people refer to Google Dorks as Google Hacking (they’re more or less synonymous terms).
Believe it or not, Google Dorks can uncover some incredible information such as email addresses and lists, login credentials, sensitive files, website vulnerabilities, and even financial information (e.g. payment card data). In fact, in our WordPress hacking tutorial, we listed a few Google Dorks that could be used to find SQLi (SQL injection) vulnerabilities. And the wonderful thing is that this is an incredibly passive form of attack that doesn’t draw much attention to the hacker. Unfortunately, some people use these techniques for illicit and nefarious activities such as cyberwarfare, digital terrorism, identity theft, and a whole host of other undesirable activities.
If you are reading this to learn how to break into a website and harm others just for kicks, perhaps you should pursue other interests. Let me caution you by stating that breaking into websites is an illegal activity, and it violates not only laws bur moral codes as well. If you get caught, the consequences could be dire. Then why learn this to begin with, you ask? Well, the first place any white hat hacker needs to start is with understanding how hackers operate. Only then can they plug up security holes to prevent future attacks.
Understanding Google Dorks Operators
Just like in simple math equations, programming code, and other types of algorithms, Google Dorks has several operators that aspiring white hat hackers need to understand. There are far too many to include in this guide, but we will go over some of the most common:
- intitle – this allows a hacker to search for pages with specific text in their HTML title. So intitle: “login page” will help a hacker scour the web for login pages.
- allintitle – similar to the previous operator, but only returns results for pages that meet all of the keyword criteria.
- inurl – allows a hacker to search for pages based on the text contained in the URL (i.e. “login.php”).
- allinurl – similar to the previous operator, but only returns matches for URLs that meet all the matching criteria.
- filetype – helps a hacker narrow down search results to specific types of files such as PHP, PDF, or TXT file types.
- ext – very similar to filetype, but this looks for files based on their file extension.
- intext – this operator searches the entire content of a given page for keywords supplied by the hacker.
- allintext – similar to the previous operator, but requires a page to match all of the given keywords.
- site – limits the scope of a query to a single website.
Custom Crafting Google Dork Queries
Now that we have a basic understanding of some of the operators and how Google Dorks can be used to scour the web, it’s time to look at query syntax. The following is the high level structure of Google Dorks that targets a specific domain:
- “inurl: domain/” “additional dorks”
A hacker would simply plug in the desired parameters as follows:
- inurl = the URL of a site you want to query
- domain = the domain for the site
- dorks = the sub-fields and parameters that a hacker wants to scan
If a hacker wishes to search by a field other than the URL, the following can be effectively substituted:
These options will help a hacker uncover a lot of information about a site that isn’t readily apparent without a Google Dork. These options also offer ways to scan the web to located hard to find content. The following is an example of a Google Dork:
Making Effective Use of Operators
It may seem a little cryptic at first, so let me provide a few examples that show how the different operators can be used to locate content and website data. A user can make effective use of the intitle operator to locate anything on a website. Perhaps they are scraping email addresses and want to scan sites for the “@” symbol, or maybe they are looking for an index of other files.
Furthermore, the intext operator can basically be used to scan individual pages for any text you want, such as a target’s email address, name, the name of a web page (like a login screen) or other personal information to collect data about them.
The more you practice, the further you’ll be able to hone your queries to pinpoint different types of websites, pages, and vulnerabilities. Again, I need to caution you not to use these queries to attack another website, because that would be illegal and could get you into a lot of trouble. Still, Google Dorks are a great way to locate hidden information on the web, which is why hackers love to use them to find security flaws in websites.
If you want to dig into some more queries, there are some great Google Dork resources on the web.