A Google dork query is a search string that uses advanced search operators to find information that is not readily available on a website. Google Dorking, also known as Google hacking, can return information that is difficult to locate through simple search queries.
In this tutorial, we will be using Google to gather more sensitive information about the target.
Please remember that Google dorks are only working with Google browser.
A query is basically the thing that tells google where you want to search. I’m going to introduce the most common ones, then I will show some examples, and then explain how you can custom your searches.
The syntax is the same for all queries :
queryOne:"keywords" queryTwo:"other keywords"
Now let’s see what are the different queries you can use.
InUrl is used to search for any text inside the uri. Many times used by hackers to search for vulnerable scripts and plugins or sensitive information in the website. It is used a lot for SQL injections, as it allows you to detect vulnerable websites.
Example: inurl:/status?full=true will return all url contain keyword “status?full=true”
If you search with allinurl: Google restricts results to those containing all the query terms you specify in the URL.
Example: allinurl:google dork will return all url contain keyword “google” and “dork”
InText is used to search for any text in the body or the source code of the website. It is many times used by hackers to search for particular version of application which is exploitable.
Example: intext: google dork will return website contain keyword “google dork” in HTML page.
If you search with allintext: Google restricts results to those containing all the query terms you specify in the text of the page.
Filetype is used to search for any type of file which you want to locate in a particular website or on any particular subject, or you can search for any type of file freely. Used by hackers to search for files containing Sensitive information to exploit the websites.
InTitle is used to search for titles of the webpages. Hackers use to to search for vulnerable pages or the indexing on a website.
If search with allinurl: Google restricts results to those containing all the query terms you specify in the title.
Using this dork, you can minimize the area of search to a particular website. Hackers use it to target and search sensitive information in a website.
This dork checks other websites containing links to a website. Hackers use to search any other information related to their target.
The URL will display Google’s cached version of a web page, instead of the current version of the page.
The following examples are not targeting a specific website. If you want to use dorks on one single website, just add the site:example.com query.
The most common use of google dorks is to find an open index , which basically means that the website owners didn’t secure the information that are stored on its site. You can view it by using this dork
intitle:"index of /" Parent Directory
We are grabbing every page with titles containing “index of /” and/or “parent directory”. Why? Because these sentences are used in every website’s file storage.
Now let’s say you want to look for admin directories
You can use this dork
intitle:"Index of /admin"
This is pretty easy to understand. We’re looking if the page’s title contains ‘index of /admin’. Remember that putting a ‘/’ before a keyword is used to search for directories , not for files.
You can replace “admin” by whatever you’re looking for! Mails, passwords, payment information, …
Okay, that’s cool, but now I want to search for files . You can do it by filtering files’ names…
intitle:"Index of /" password.txt
… or file’s extension!
intitle:"index of ftp" .jpg
This way you can very easily get personal information, pictures, even ID scans.
Now we can also search for pages that are reserved to admins, or that contains login features. You can use different methods, based on the page’s title, the URL, or even files extensions.
intitle: "login" "admin" inurl: "admin" "login" inurl:admin filetype:db
The possibilities are endless!
I hope this tutorial helped you, and remember that dorks are made to be customized. Don’t do the same queries as everyone, or the ‘sensitive’ content you will find will already be leeched by others. Find new ways in, new possibilities!
Thanks to SaM for compiling all information!
Thanks to Ituriel for the examples!
ENJOY & HAPPY LEARNING!