top of page
Programming

Finding Vulnerable Info Using Google Dorks — Ethical Hacking

Writer's picture: Gourav DharGourav Dhar

Updated: Oct 13, 2022

Google Dorking is a technique that hackers use to find information that may have been accidentally exposed to the internet.


What is Google Dorking?

Advanced use of Google Search Operator is called Google Dorking. In simple terms, it is using Google to run targeted search queries using specific keywords or commands. Basically narrowing down the search to find what we are looking for.


Google Dorking uses some of google’s inherent abilities to find things on the internet that we can find via specific search strings. These can be log files, error files, webcams opened to the internet, and even internal pages or admin that allow us to get into a device. In some cases, you can also find passwords in error logs. Sometimes even the administration config files are exposed to the internet due to the server being incorrectly set up.


Google Dorking is done by Google Search Operators. A few of them are :

  1. site:<keyword> — used to limit the search results to a particular site. For eg., to google for hacking-related blogs on my website https://gourav-dhar.com. I would write :

hacking site:gourav-dhar.com
  1. inurl:<keyword> — used to specify which keyword should be present in the URL. For the above query if I want to add a filter saying the URL should contain the string ethical I can write it as

hacking site:gourav-dhar.com inurl:ethical

You will get the following result :

  1. intext:<keyword> — This filter will check for the parameters being present in the meta-information of the website(i.e. the information you see on the title and description of a google search).

  2. intitle:<keyword> — Result will return only those pages having the keyword in their HTML title

  3. allintitle :<keyword>— searches for all the specified terms in the title.

  4. allinurl :<keyword> — searches for all terms in the url.

  5. filetype:<keyword> — Looks for explicit document types. filetype:pdf will searches for pdf files in sites

  6. ext:<keyword> — Like filetype. ext:pdf finds pdf extension.

  7. cache :<keyword> — Used to see Google’s cached version of a site


And there are a few other Search Operators as well which can be found via Google Search. Let me show you some of the cool stuff you can do with it.

Let’s look at some of the cool things we can do with it.


1. Checking logs for credentials

allintext:username filetype:log

We will get a list of log files that contain the text “username”. This can be useful (for hackers) if the log by mistake contains the user credentials. If you explore the results a little bit and apply filters, you will be able to find usernames or passwords for further exploitation.


2. Webcamas are super safe right — — Naaaah!

Google — intitle:”webcamxp 5" and you will find a list of webcams you can dive right into.


Look at this, live preview of some random lab it seems. Does anyone happen to know which place this is 😆


A good point to start is the Google Hacking Database. https://www.exploit-db.com/google-hacking-database. If you are not sure about the query strings and how to frame them. Go to this site and search for it. Several people have done it before so you can use their search queries. The Google Hacking Database or the Exploit Database looks like this and you can enter your queries on the top right.


Summarising Google Dorks

Doing whatever I did above is not illegal. We are fetching information that has already been made public. Hackers make use of google dorks to find information that might have accidentally been made public. However, using the information that has been presented to do something which can be troublesome for someone is crossing the line.


This blog was originally published in the personal blog website of Gourav : https://gourav-dhar.com

23 comments

Related Posts

See All

23 Comments


The post on finding vulnerable information using Google Dorks provides valuable insights into the world of ethical hacking. Google Dorks is a powerful tool for security professionals, allowing them to search for sensitive data that may be inadvertently exposed on the internet. The post effectively explains how Google can be used to pinpoint potential vulnerabilities in websites and systems, a technique that can help ethical hackers identify and fix security gaps before malicious actors can exploit them.

Just as using advanced techniques like Google Dorks can enhance security measures, students often seek TAFE assignment answers to better understand complex topics in their coursework. Many TAFE students, particularly those pursuing studies in IT and cybersecurity, can benefit from expert assistance when dealing…


Edited
Like

The post on finding vulnerable information using Google Dorks provides valuable insights into the world of ethical hacking. Google Dorks are a powerful tool for security professionals, allowing them to search for sensitive data that may be inadvertently exposed on the internet. The post effectively explains how Google can be used to pinpoint potential vulnerabilities in websites and systems, a technique that can help ethical hackers identify and fix security gaps before malicious actors can exploit them.

Just as using advanced techniques like Google Dorks can enhance security measures, students often seek TAFE assignment answers to better understand complex topics in their coursework. Many TAFE students, particularly those pursuing studies in IT and cybersecurity, can benefit from expert assistance when dealing…


Like

jack owen
jack owen
Dec 21, 2024

Greatassignmenthelp.com expert in offering Online Assignment Help to students who need help with their exams. Our platform has a team of experts committed to assisting students in comprehending difficult ideas, reviewing key subjects, and getting experience through mock exams to enhance their academic performance. Our customized method of study and prompt feedback guarantee that students are well-equipped and self-assured to achieve academic success in New Zealand. Our samples, which cover a wide range of subjects and topics, showcase excellent work produced by experts in their respective disciplines.

Like

New Email
New Email
Dec 07, 2024

The wps pin brother printer is a secure, unique 8-digit code used to establish a seamless wireless connection between your printer and a Wi-Fi network. Designed to simplify setup, the WPS (Wi-Fi Protected Setup) PIN method eliminates the need for manual network configuration. Once activated, the PIN is displayed on the printer's control panel or configuration page, ensuring easy access. This feature is especially useful for users seeking quick, hassle-free wireless printing. The WPS PIN ensures robust security while enabling efficient communication between devices, making it an essential tool for modern, wireless-enabled Brother printers.


Like

JACK SON
JACK SON
Dec 07, 2024

These are major courses available at the Charles Sturt University Assignment Help. You will receive top class education here by prestigious professors, scientists, and environmentalists, etc. However, Charles Sturt University Assignment Help provides you help with any coursework. You can ask us for the Charles Sturt University assignment help.


Like
download (7)_edited.png
Subscribe to my Youtube Channel @codewithgd

Related Articles

Videos you might like

Let's Get
Social

  • alt.text.label.Twitter
  • alt.text.label.LinkedIn
  • 25231
Subscribe to our NewsLetter

Join our mailing list to get a notification whenever a new blog is published. Don't worry we will not spam you.

bottom of page