What is a Google Dork?

A Google Dork, also known as Google Dorking or Google hacking, is a valuable resource for security researchers. For the average person, Google is just a search engine used to find text, images, videos, and news. However, in the infosec world, Google is a useful hacking tool.

How would anyone use Google to hack websites?

Well, you can’t hack sites directly using Google, but as it has tremendous web-crawling capabilities, it can index almost anything within your website, including sensitive information. This means you could be exposing too much information about your web technologies, usernames, passwords, and general vulnerabilities without even knowing it.

In other words: Google “Dorking” is the practice of using Google to find vulnerable web applications and servers by using native Google search engine capabilities.

Unless you block specific resources from your website using a robots.txt file, Google indexes all the information that is present on any website. Logically, after some time any person in the world can access that information if they know what to search for.

Important note: while this information is publicly available on the Internet, and it is provided and encouraged to be used by Google on a legal basis, people with the wrong intentions could use this information to harm your online presence.

Be aware that Google also knows who you are when you perform this kind of query For this reason and many others, it’s advised to use it only with good intentions, whether for your own research or while looking for ways to defend your website against this kind of vulnerability.

While some webmasters expose sensitive information on their own, this doesn’t mean it’s legal to take advantage of or exploit that information. If you do so you’ll be marked as a cybercriminal. It’s pretty easy to track your browsing IP, even if you’re using a VPN service. It’s not as anonymous as you think.

Google’s search engine has its own built-in query language. The following list of queries can be run to find a list of files, find information about your competition, track people, get information about SEO backlinks, build email lists, and of course, discover web vulnerabilities.

Let’s look at the most popular Google Dorks and what they do.

  • cache: this dork will show you the cached version of any website, e.g. cache: decdeg.com
  • allintext: searches for specific text contained on any web page, e.g. allintext: hacking
  • allintitle: exactly the same as allintext, but will show pages that contain titles with X characters, e.g. allintitle:"Secure"
  • allinurl: it can be used to fetch results whose URL contains all the specified characters, e.g: allinurl client area
  • filetype: used to search for any kind of file extensions, for example, if you want to search for jpg files you can use: filetype: log
  • inurl: this is exactly the same as allinurl, but it is only useful for one single keyword, e.g. inurl: admin
  • intitle: used to search for various keywords inside the title, for example, intitle:security tools will search for titles beginning with “security” but “tools” can be somewhere else in the page.
  • inanchor: this is useful when you need to search for an exact anchor text used on any links, e.g. inanchor:"cyber security"
  • intext: useful to locate pages that contain certain characters or strings inside their text, e.g. intext:"safe internet"
  • link: will show the list of web pages that have links to the specified URL, e.g. link: microsoft.com
  • site: will show you the full list of all indexed URLs for the specified domain and subdomain, e.g. site:decdeg.com
  • *: wildcard used to search pages that contain “anything” before your word, e.g. how to * a website, will return “how to…” design/create/hack, etc… “a website”.
  • |: this is a logical operator, e.g. "security" "tips" will show all the sites which contain “security” or “tips,” or both words.
  • +: used to concatenate words, useful to detect pages that use more than one specific key, e.g. decdeg + secure
  • : minus operator is used to avoiding showing results that contain certain words, e.g. secure -coding will show pages that use “security” in their text, but not those that have the word “trails.”

Preventing Google Dorks

There are a lot of ways to avoid falling into the hands of a Google Dork. These measures are suggested to prevent your sensitive information from being indexed by search engines.

  • Protect private areas with a user and password authentication and also by using IP-based restrictions.
  • Encrypt your sensitive information (user, passwords, credit cards, emails, addresses, IP addresses, phone numbers, etc).
  • Run regular vulnerability scans against your site, these usually already use popular Google Dorks queries and can be pretty effective in detecting the most common ones.
  • Run regular dork queries against your own website to see if you can find any important information before the bad guys do. You can find a great list of popular dorks at the Exploit DB Dorks database.
  • If you find sensitive content exposed, request its removal by using Google Search Console.
  • Block sensitive content by using a robots.txt file located in your root-level website directory.

Final thoughts

Google is one of the most important search engines in the world. As we all know, it has the ability to index everything unless we explicitly deny it. Today we learned that Google can be also used as a hacking tool, but you can stay one step ahead of the bad guys and use it regularly to find vulnerabilities in your own websites. You can even integrate this and run automated scans by using custom third-party Google SERPs APIs. If you’re a security researcher it can be a practical tool for your cybersecurity duties when used responsibly.

While Google Dorking can be used to reveal sensitive information about your website that is located and indexable via HTTP protocol, you can also perform a full DNS audit by using the DNS toolkit.

LEAVE A REPLY

Please enter your comment!
Please enter your name here