What is Google dorking?
Published on
Google dorking, also known as Google hacking, is the practice of using advanced search operators to find information that is not readily available on the internet. This is specific to Google search, hence the name, but other search engines may provide similar functionality.
By using specific keywords and operators, Google makes it possible for users to search for specific files, documents, and websites that may be hidden or not easily accessible. This technique can be used for a variety of purposes, including finding sensitive information, identifying security vulnerabilities, and uncovering hidden content on the internet.
Below are some examples of Google dorks:
- Use
site:to limit the search results to a specific domain, e.g.site:inkyvoxel.com - Use
inurl:to search for specific text in the URL, e.g.inurl:admin - Use
intitle:to search for a specific word or phrase in the title of a website, e.g.intitle:index of / - Use
intext:to find pages that contain a specific word or phrase, e.g.intext:password - Use
filetype:to find specific file extensions, e.g.filetype:pdf
You can also combine these operators together to make your search more specific. For example, you could use site:github.com intext:API_KEY to search GitHub for pages which have API_KEY in the body.
There are many resources that provide a list of operators that can be used for Google dorking. Some great resources include:
- A list of Google search operators on the Google website: https://support.google.com/websearch/answer/2466433?hl=en
- The Google Hacking Database (GHDB), which has examples of advanced Google dorks, maintained by Offensive Security: https://www.exploit-db.com/google-hacking-database
Closing thoughts
Google dorking can be a powerful tool, but it can also be used for nefarious purposes. Please use some caution while you're exploring the internet!
This post was tagged: