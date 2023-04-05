



Google processes over 8.5 billion searches every day. We know how much you use Google every day.

Google’s crawling capabilities also make it a powerful tool for pen testers. Google can help you find files, scripts, and other important resources published by your web application.

To find this kind of confidential information, hackers use specific search terms on Google. We call them Google Dorks.

Google Dorks are special search terms that help you find information you can’t find with regular web searches.

In this article, we’ll take a look at what Google Dorks are and how they can help you in your penetration testing.

Google Dork is a special search term. When used in conjunction with regular search terms, these terms help discover hidden resources that Google has crawled.

These resources include sensitive information such as usernames, passwords, credit card numbers, email addresses, shell scripts and user accounts.

These Dorks aren’t limited to Google. It can also be used with search engines such as Bing and Yahoo. The results may differ, but the purpose is still the same.

To take full advantage of Google Dorking’s potential, you’ll need to master a few specialized search operators. These operators help you fine-tune your search results and find exactly what you’re looking for.

Try some Google dorks.

Common query operators in Google Doking include search modifiers. These search modifiers allow you to find specific information that is not accessible through traditional search methods.

Here are some of the most common operators used in Google Doking.

title operator

The intitle operator finds web pages that contain a specific phrase in their title tag. For example, if you’re looking for pages that contain the word password and have index of in the title, use the search term :intitle:index of password.

in the title.Image by author.Inurl operator

The inurl operator finds web pages that have a specific word in their URL. For example, if you’re looking for pages with admin.php in the URL, use the search term :inurl:admin.php.

by URL. Image by author.site operator

Site operators let you search within a specific website or domain. For example, if you’re looking for pages in the example.com domain that contain the word Steganography, use this search term:site:yeahhub.com Steganography

within the site.Image by author .Filetype operator

You can use the filetype operator to search for specific file types such as PDFs and Word documents. For example, if you’re looking for PDF files that contain the phrase Confidential Report, use this search term: filetype:pdf “Advanced Network Security”

File type.Image by author.Intext operator

The intext operator finds pages that contain a specific word or phrase within the body of the page. For example, if you’re looking for pages that contain both login and password in the body of the page, use the search term :intext:”about” contact.

in text. Image by author. Link operator

The link operator finds web pages that link to a specific URL. For example, if you’re looking for web pages that link to the example.com domain, use this search term: link:example.com

link operator. Image by author. Cache operator

The cache operator is used to get a cached version of a web page. When you use Google to search his website, Google creates a cached version of that page in your system. This version is useful if the original website is temporarily down or if you want to view an older version of his website.

The syntax for finding the cached version of yahoo.com.cache is: https://www.yahoo.com

A cached version of yahoo.com. Image by author.

The related operator is used to search for web pages related to a specific URL. The syntax to search for sites similar to yahoo.com using the related operator is:

Associated operator. Image by author.

By combining these operators in creative ways, you can find specific types of information on the web that are useful for penetration testing and other purposes.

Google Doking query operators have a similar structure to regular Google search query operators. This technique uses advanced operators and search queries to reveal information not normally available through normal searches.

The general structure of a Google Doking query operator includes three elements:

Operators: Specific keywords or symbols that tell Google what to search for. For example, the inurl operator finds pages with specific keywords in the URL. Keywords: Search terms or phrases to search for. password is the keyword if you are looking for a specific password file. Modifiers: Additional search parameters that can be used to further refine your search. For example, the filetype modifier searches for a specific file type, such as PDF.

Here’s an example query operator structure for Google Doking: intitle: index of site:example.com password filetype:pdf

This query uses the intitle operator to find pages with index of in the title, the site operator to find within the example.com domain, and the keyword password and filetype modifier to find PDF Search for files.

Query operators in Google Doking allow you to find useful and vulnerable information that is not accessible through regular searches.

The Google Hacking Database (GHDB) is a collection of useful search queries and query operators in Google Doking.

Google hacking database. Image generated by the author.

Renowned security researcher and author Johnny Long founded GHDB. Since then, it has been an invaluable resource for security engineers like you and me.

GHDB has several search queries and operators that can discover numerous sensitive files, vulnerable web servers, and applications. It can also detect default login pages and credentials, as well as network and security devices susceptible to attacks.

GHDB falls into categories such as files containing passwords, scaffolding of vulnerable servers, and error messages. Each category contains several search queries and operators crafted to reveal specific information about your target.

Be aware that GHDB’s search queries and operators can generate false positives and outdated information. Always check the information you get from these search operators.

Let’s assume we need to conduct a pentest audit for a client. Below is an example of a Dorking scenario.

Use the site operator to limit the search to your company’s website: site:example.com. This will return all pages on the example.com website. Use the intitle operator to find pages with specific keywords in the title: intitle:login site:example.com. This helps identify potential login pages that are vulnerable to attack. Search for a specific file type using the filetype operator: filetype:pdf site:example.com. This helps identify documents and reports that may contain sensitive information. To search for a specific URL, use the inurl operator: inurl:admin site:example.com. This helps identify potential admin pages that are vulnerable to attack. Shows the cached version of a web page indexed by Google using the cache operator: cache:example.com/login.php. This allows you to access the content of the page even if the original page has been deleted or is no longer accessible. This helps identify potential partners or third-party her vendors with access to the company’s network.

Google Doking is a powerful technique for performing advanced searches on Google. You can use Google Dorks to find specific information and public vulnerabilities. This is an essential tool in the Pentester Toolkit.

Google Hacking Database (GHDB) provides a collection of predefined Google Dorks. Given that someone can use dorking to cause harm, it is important to use it ethically and with permission. If you use doking for security audits, make sure you have permission and follow ethical guidelines.

