Google Dorking can technically be defined as a type of hacking by itself. The basic idea of Google Dorking is to used Google’s advanced search features/operators to obtain information about someone, or something.
In general we know that Google Search is a big database of all the webpages that are considered publicly searchable (I’m not going into deep web in this article). Public webpages are websites that googles spider has access to. It is possible to make your website not searchable by telling Google’s search spider that you do not wish for it to crawl and index your website. That being said I think you’ll find that most websites on the internet are intended to be found and as such can be searched using dorks.
How Google Works
When you use Google to search something you’re technically not searching the internet. You’re actually searching Googles database of what it can see on the internet. The algorithm creates a list that ranks the pages using a variety of factors (relevance, keyword density, title, quality of page etc) and provide them back to you in a list.
So What Is Google Dorking?
Dorking is simply using advanced search parameters to obtain information. For example, say we wanted to search http://www.verizonwireless.com for contract documents that are pdf formatted. Entering the string “site:verizonwireless.com filetype:pdf contract” will give us all the PDF documents at Verizonwireless.com with they keyword “contract”.
How Is Google Dorking Useful?
Google Dorking is just a way to simplify and optimize our research of anything! When conducting passive reconnaissance of a target and we think they may have php enabled sites, or maybe running the site via wordpress we can use the dork “inurl” like this. “inurl:wp-admin” or “inurl:php”
Example Dork Operators
- inurl: – searches for keywords within the URL
- ext:csv intext:”password” – searching for .csv documents with “password” keyword
- site: – refine search parameters to come from only the site/domain specified
- link: – find pages that link to the site specified
- filetype: – search for only file types given
A great resource for already created dorks is Exploit-DB. Exploit-DB has pre-made dorks that are categorized and searchable into a database with literally hundreds of dorks.
Dorking is a great way to find information that websites or servers never intended to reveal. Dorking is very powerful, and I encourage anyone to play with various search operators. You’ll probably find that there are a lot more vulnerable web services running that you had imagined. I challenge you to find them and contact the appropriate webmaster/admin to secure their vulnerability. It not only provides you a method of practicing your new ability, but you get the added benefit of helping to secure the internet.