Open in app

Sign in

Write

Sign in

How To Find Anything Through Google Dorking

Cyber Lab1
10 min readSep 23, 2022

--

What is Google Dorking?

Google Dorking is a hacking technique that utilizes Google’s advanced search facilities to seek useful data or material that is difficult to find.

Instead of scanning the entire Web, users can collect photos or obtain information about a single site by clicking on tags like “image” or “site.” Other commands, such as “filetype” and “datarange,” can be used to generate more particular search results.

Hackers can use these sorts of Google Dorking and other cyber criminals to access illegal data or exploit security flaws in websites, which is why the phrase is gaining a negative connotation in the security community.

Google Dorking Commands

1. intitle Command

Sometimes you want to filter out the documents based on HTML page titles. The main keywords exist within the title of the HTML page, representing the whole page. So, we can use this command to find the required information.

✔️ Finding exposed FTP servers

Google can index open FTP servers. This means you can use Google Dorking to find open/exposed FTP servers.

✔️ Finding websites that use HTTP:

In order to search for a list of websites that uses HTTP protocol, you can simply type the following dork command.

You can also be more specific and search for online forums that use HTTP by simply changing the text in the search title.

✔️ Email lists

Finding email lists is pretty simple using Google Dorks. In the following example, we are going to search for excel files that may contain massive lists of email addresses.

This google dorking technique is often used by Spammers to build and grow their spamming email lists.

✔️ WordPress Admin

The view on whether to obfuscate your WordPress login page has arguments on both sides. Some researchers say it’s unnecessary and that using tools like a web application firewall (WAF) can prevent attacks much better than obfuscation would.

But Finding WP Admin login pages is not too difficult with a dork:

✔️ Apache2

This can be considered a subset of “vulnerable web servers” mentioned above, but we’re discussing Apache2 specifically because:

  • LAMP (Linux, Apache, MySQL, PHP) is a popular stack for hosted apps/websites
  • These Apache servers could be misconfigured/forgotten or in some stage of being set up, making them great targets for botnets

Let's find Apache2 web pages with the following dork:

✔️Accessing Online Cameras

Remember, information access is sometimes limited to cyber security teams despite our walkthrough of this Google Dorks cheat sheet. You can use the dork commands to access the camera’s recording. Some people make that information available to the public, which can compromise their security.

The following is the syntax for accessing the details of the camera.

Intitle:”webcamXP 5”’

2. inurl Command

This command works similarly to the intitle command; however, the inurl command filters out the documents based on the URL text. Those keywords are available on the HTML page, with the URL representing the whole page. You can use this command to filter out the documents.

3. Intext and Allintext Command

To find a specific text from a webpage, you can use the intext command in two ways. First, you can provide a single keyword in the results. Second, you can look for multiple keywords.

4. Site Command

Site command will help you look for the specific entity. At first, you can try for keywords that will provide you with a broad range of information that may or may not be as per your need. Then, you can narrow down your search using other commands with a specific filter.

Suppose you want to buy a car and are looking for various options available from 2020. You’ll get a long list of options. Now, you can apply some keywords to narrow down your search and gather specific information that will help you buy a car. Here, you can use the site command to search only for specific websites.

For example:

site: https://global.honda/

5. Filetype Command

This is one of the most important Dorking options as it filters out the most important files from several files. For example, you can apply a filter just to retrieve PDF files. If you are a developer, you can go for the log files, allowing them to keep track easily by applying the right filter.

To access simple log files, use the following syntax:

5. Cache Command

It is used to find the cached version of a page. Google generates a cached version of the website for accessing the web page even if the site isn’t available. It opens the most recent cached version of a web page — providing that the page is indexed.

6. Allintitle command

Say you run a blog, and want to research other blogs in your niche. This command will help you look for other similar, high-quality blogs.

For example:

7. Allinanchor command

You can use this command to do research on pages that have all the terms after the “inanchor” in the anchor text that links back to the page.

For example:

8. Inanchor command

You can use this command to find pages with inbound links that contain the specified anchor text.

For example:

9. Around command

Looking for super narrow results? This command will provide you with results with two or more terms appearing on the page.

For example:

10. @command

If you want your search to be specific to social media only, use this command. It’ll show results for your search only on the specified social media platform.

For example:

11. Related command

In some cases, you might want specific data from more than one website with similar content. You can provide the exact domain name with this Google Dorking command:

12. Info command

You can use this command to find the information related to a specific domain name. It lets you determine things, such as pages with the domain text, similar on-site pages, and the website’s cache.

For example:

13. Weather command

Curious about meteorology? Use this command to fetch Weather Wing device transmissions.

intitle:"Weather Wing WS-2"

You will see several devices connected worldwide that share weather details, such as wind direction, temperature, humidity, and more.

14. Zoom Videos

On the hunt for a specific Zoom meeting? You may find it with this command, but keep in mind that Zoom has since placed some restrictions to make it harder to find/disrupt Zoom meetings. However, as long as a URL is shared, you can still find a Zoom meeting.

The only drawback to this is the speed at which Google indexes a website. By the time a site is indexed, the Zoom meeting might already be over.

inurl:zoom.us/j and intext:scheduled for

15. SQL Dumps

Your database is highly exposed if it is misconfigured. You can also find these SQL dumps on servers that are accessible by domain. Sometimes, such database-related dumps appear on sites if there are no proper backup mechanisms in place while storing the backups on web servers. To find a zipped SQL file, use the following command.

"index of" "database.sql.zip"

16. phpMyAdmin

This tool is another method of compromising data, as phpMyAdmin is used to administer MySQL over the web. The Google dork to use is:

"Index of" inurl:phpmyadmin

17. JIRA/Kibana

You can use Google Dorks to find web applications hosting important enterprise data (via JIRA or Kibana).

inurl:Dashboard.jspa intext:"Atlassian Jira Project Management Software"
inurl:app/kibana intext:Loading Kibana

18. cPanel Password Reset

You can reset the passwords of the cPanel to control it:

inurl:_cpanel/forgotpwd

Some Extra Operators

To narrow down and filter your results, you can use operators for better search. The following are some operators that you might find interesting.

1. Search term

You can use this operator to make your search more specific so the keyword will not be confused with something else. For example, if you are specifically looking for “Italian foods,” then you can use the following syntax.

“Italian foods”

2. OR

Using this operator, you can provide multiple keywords. You will get results if the web page contains any of those keywords. You can separate the keywords using “|.” For example.

site:facebook.com | site:twitter.com

3. AND

This operator will include all the pages containing all the keywords. The keywords are separated by the ‘&’ symbol. You can use the following syntax.

site:facebook.com & site:twitter.com

Operators Combinaison

Not only this, you can combine both ‘or’ and ‘and’ operators to refine the filter. For example-

(site:facebook.com | site:twitter.com) & intext:"login"(site:facebook.com | site:twitter.com) (intext:"login")

1. Include Results

To get the results based on the number of occurrences of the provided keyword. For example-

-site:facebook.com +site:facebook.*

2. Exclude Results

You can also exclude the results from your web page. For example-

site:facebook.* -site:facebook.com

3. Synonyms

If you want to search for the synonyms of the provided keyword, then you can use the “~” sign before that keyword. Then, Google will provide you with suitable results. For example, if you want to search for the keyword “set” along with its synonym, such as configure, collection, change, etc., you can use the following:

~set

4. Glob Pattern

You can use the glob pattern (*) when you are unsure what goes there and tell Google to make the search accordingly. For example”

site:*.com

How to Prevent Google Dorks

You can use any of the following approaches to avoid falling under the control of a Google Dork. The following are the measures to prevent Google dork:

  • You must encrypt sensitive and personal information such as usernames, passwords, payment details, and so forth.
  • Also, check your website by running inquiries to check if you have any exposed sensitive data. If you find any exposed information, just remove them from search results with the help of the Google Search Console.

Protect sensitive content using robots.txt document available in your root-level site catalog. It will prevent Google to index your website.

User-agent: * Disallow: /

You can also block specific directories to be excepted from web crawling. If you have an /admin area and you need to protect it, just place this code inside:

User-agent: * Disallow: /admin/

Restrict access to specific files:

User-agent: * Disallow: /privatearea/file.html

Restrict access to dynamic URLs that contain ‘?’ symbol:

User-agent: * Disallow: /*?

Conclusion

Today, Google Dorks is one of the most convenient ways to find hard-to-reach data. You must find the correct search term and understand how the search engine works to find out valuable information from a pool of data. Despite several tools in the market, Google search operators have their own place.

We’ve covered commonly used commands and operators in this Google Dorks cheat sheet to help you perform Google Dorking. This Google-fu cheat sheet is suitable for everyone, from beginners to experienced professionals.

Next time you need specialized or specific research, refer to this handy Google Dorks cheat sheet. Interested in learning more about ethical hacking?

Google Dork
Information Security
Cybersecurity
Cyber Security Solutions
Ethical Hacking

--

--

Cyber Lab1

Written by Cyber Lab1

6 Followers

Cyberlab1 is a cybersecurity company that provides top-of-the-line penetration testing, defensive security, and consultancy services.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams