Google dorks

A Google dork (also referred to as Google hacking) really is a specially crafted search string that returns information that isn't readily available on the website that's being targeted. It does this by leveraging advanced search operators.

Using Google dorks is an excellent way to perform information gathering on your target. You are able to return data such as usernames and passwords, sensitive information, login portals, and more.

Search operators within Google can be used to query specific information. Examples of such search operators are as follows:

• site: Provides an output of URLs that are specific to the website you define.
• inurl: With this query, you can define a certain string, and the results will return websites that have that string in them.
• filetype: Here, you can define specific filetypes that you are looking for. For example, you can specify PDF, XLS, DOC, or any other file extension you want.

Search operators can be used together to perform crafty searches. An example of this is when looking for files with the .doc extension on microsoft.com. Here, you would accomplish this using the search query filetype:doc site:microsoft.com within Google.com.

Exploit-DB houses the Google Hacking Database, which is shown in the following screenshot (Figure 1). Here, you will find a vast collection of Google dorks that are constantly being updated:

You will notice that there are multiple categories where you can find various Google dorks. Let's perform information gathering using one of the dorks:

intext:password "Login Info" filetype:txt

The results from Google show how many websites have passwords exposed in clear text, as shown in Figure 2:

As you gather information on your target, you can leverage crafted search queries within Google to discover what information is available.