Google dorking 101
Google dorks: are advanced search queries to find information easily that are not available on the websites and it is most of the time used by security researchers for recon
Google is a very useful hacking tool because of its capabilities of crawling web pages it can deliver to you a great amount of sensitive data that might help you find vulnerabilities of any website.
So let’s begin:
Before starting the search it’s recommended to use a vpn or change your ip.
Operators:
1. intitle: searching pages that contain the term in their html title
2. inurl searching pages that contain the term in their url or allinurl for many words
3. filytype: search for certain file type ex:
"blogger" "email" filetype:csv OR filetype:xls OR filetype:xlsx
Find backlinks:
“dofollow” OR “nofollow” OR “backlink” “contact” OR “email” filetype:csv OR filetype:xls OR filetype:xlsx4. ext: find extention
5. intext search for text content in page
6. site: filter the search by one site only
LinkedIn profiles of influencers in Growth:
site:linkedin.com/in/ "growth"
7. cache: facebook . com this dork will show you the cached version of any website ex. facebook
Logical operators:
| : for ex “ensias” | “um5” this will show you sites that contain “ensias” or “um5” or both
+ concatenates two words
– this operator is used to exclude the word from the search results
Application examples :
ssh private keys:
intitle:index.of id_rsa -id_rsa.pubFinding Emails, Admin users
1-intext:@gmail.com
2-filetype:xls inurl:”email.xls”
3-filetype:php inurl:catalog/admin/get databases
“intitle:index of”
intitle:”Index of..etc” passwdex. intitle:index of hacking
Enjoy free Defcon’s slides
And also Black hat talks of 2021
site:i.blackhat.com inurl:/USA-21/
I personally tried some and they still work😁
The most basic one to find groups :
inurl : http://chat.whatsapp.com
to find directories that contain backups images here you go:
intitle: “WhatsApp Images”
Access login pages directly:
site:target.com intext:login intext:username intext:password
other variant: (site:facebook.com | site:twitter.com) & intext:”login”
And the king:
site:* . target .com inurl:url
The Power of combining Advanced Operands:
site:target . com –site:www . target . com— shows all websites NOT from the official Webserver.
We will talk later about another powerful tool : Shodan.io
and more on github dorks because it’s handy.
And finally a great resource for google dorks that are updated everyday can be found here: https://www.exploit-db.com/google-hacking-database
and here is another searching tool if you want to apply it on target https://pentest-tools.com/information-gathering/google-hacking#
Pro tip: You can 👏 up to 50 times on a post to show how much you liked it.
Adios❤
Twitter:- https://twitter.com/4rr4ys
Club links:
Facebook:- https://www.facebook.com/ensiasinsec
Youtube:- https://www.youtube.com/channel/UCQ_DuJJtTg05hjntfwVEy0Q
Instagram:- https://www.instagram.com/insec_club/
Linkedin:- https://www.linkedin.com/company/insec-ensias/
writer: Ikram Bourhim
