Karl.Fail

Master Google Dorking: A Guide for Beginners – Part 1

Written by

Karl

in

on

(Last update:

)

Disclaimer:

The information provided on this blog is for educational purposes only. The use of hacking tools discussed here is at your own risk.

For the full disclaimer, please click here.

Introduction

Ever found yourself deep in the abyss of the internet, wishing you could uncover more than what’s on the surface? If so, Google Hacking, also known as Google Dorking, might just be your next favorite hobby. This amusing and surprisingly potent skill will turn you into an internet sleuth, uncovering secrets like a digital Sherlock Holmes. By the end of this article, you’ll be ready to create your own Google dorks and impress (or mildly concern) your friends with your newfound abilities.

If you’re interested in OSINT in general you can also check out my other articles:

What is Google Hacking?

Google Hacking , whcih is also called Google Dorking, is the playful art of using Google’s search engine to uncover sensitive information that wasn’t meant for public eyes. From personal data and financial info to website security flaws, Google Hacking can reveal it all. But don’t panic—it’s perfectly legal as long as you don’t misuse the info you stumble upon.

To break it down a bit, Google Hacking isn’t some kind of sorcery. It’s about finding anything that’s been indexed by Google or other major search engines. With the right search queries, you can dig up info that’s not ranking high on Google—often the kind of stuff that wasn’t meant to be easily found. So go ahead, have fun, and happy Googling (responsibly)!

Why the Term “Dorking”?

“Dork” in this context refers to a set of search parameters that expose unprotected information. Think of it as a key that unlocks hidden doors on the internet. The term “dorking” might sound silly, but the results can be pretty serious.

Tools of the Trade

Before we dive into the nitty-gritty, let’s talk about the essential tools and resources you’ll need:

  1. Google Advanced Search Operators: These are special commands you can use in Google’s search bar to filter results more precisely. You can find a comprehensive list of these operators on Ahrefs’ blog.
  2. Google Hacking Database (GHDB): A treasure trove of pre-made Google dorks. Check out the database on Exploit-DB to see what others have discovered.
  3. Alternative Search Engines: Bing, DuckDuckGo, and Startpage also offer advanced search capabilities. Explore their documentation on Bing (and this), DuckDuckGo, and Startpage.
  4. OSINT Tools: Tools like Pentest-Tools and IntelTechniques can enhance your search capabilities.

Pro tip: You can use Dorks from Exploit-DB to play around with them and create new dorks focued on your target or niche.

The Basics of Google Dorking

I will focus on Google here as it is the biggest search engine and will usually give you some solid results. Let’s start with some simple Google search operators:

  1. site: – Restrict results to a specific website.
    • Example: site:example.com
  2. filetype: – Search for specific file types.
    • Example: filetype:pdf
  3. inurl: – Find URLs containing specific text.
    • Example: inurl:login
  4. intitle: – Search for page titles containing specific text.
    • Example: intitle:index.of

Combining these operators can yield powerful results. For instance, to find login pages on example.com, you could use: site:example.com inurl:login

Let’s do another example searching a webiste for a contact email address (or to send them phishing mails (pls don’t)): "@cancom.de" site:"cancom.de"

Useful dorks to get started

Now for some fun! Here are a few beginner-friendly dorks, please feel free to copy and modify them to your liking:

  1. Finding Open Directories:
    • intitle:"index of" "parent directory"
  2. Discovering Public Cameras:
    • intitle:"Live View / - AXIS"
  3. Uncovering Interesting PDFs:
    • filetype:pdf "confidential"
  4. Locating Forgotten Passwords:
    • filetype:log inurl:"password"

Creating Your Own Dorks

Creating your own Google dorks is like cooking a new dish—start with the basics and experiment. Here’s a step-by-step guide:

  1. Identify Your Target: Decide what type of information you’re seeking. Is it emails, passwords, or hidden directories?
  2. Choose the Right Operators: Based on your target, select appropriate search operators.
    • Example: To find Excel files with passwords, you might use filetype:xls inurl:password.
  3. Test and Refine: Enter your dork into Google and see what comes up. Refine your search terms to get more relevant results.
  4. Document Your Findings: Keep a record of effective dorks for future reference. You never know when you might need them again!

You can combine many operators to refine your results.

Final Thoughts

Hooray! You’ve officially unlocked the secrets of Google Dorking. Get ready to dive deeper in the next part, where I’ll dish out more details and examples about other search engines and why they’re worth your time too. But before we move on, here are a few ways to flex your new skills:

  • Become a Digital Bounty Hunter: Track down elusive individuals like a pro (In the U.S. you can check your states State Trooper website fpr active bounties).
  • Debt Detective: Find those who owe you money faster than a speeding algorithm.
  • Hack the Planet: Discover websites with vulnerable software
  • Doxing – Beyond the usual “it’s illegal” disclaimer, doxing can irreversibly ruin someone’s life. Trust me, no matter how much you dislike someone, you do not want to go down this path.
  • Find pirated Software

Stay tuned, because your Google Dorking journey is just getting started!

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *


More posts