Google Dorking Is Sweet

Google Icon

If you’ve never heard of Google Dorking, then you’ve come to the right place.

Google Dorking is a way to strip your search results into more precise results with advanced search terms.

In other cases, Google Dorking can be used by hackers to find sensitive data that was accidentally exposed to the internet. Hackers can use Google Dorking to find sensitive information such as emails, passwords and login credentials.

You can also refer to Google Dorking as “Google Hacking”.

Google Dorking is kind of like SQL injectionExcept more deadly if used correctly.

Here’s an example to better understand what Google Dorking is:

Notice there are only search result with the title Lord Of The Rings. That’s because the intitle: tells Google that I only want search results with the text that I’ve included.

Let’s use this method to find some sensitive information.

Find a certain file type

You can use filetype to find files of a certain types that were exposed to the internet.

Find certain text on webpage

You can use allintext to find a webpage with certain text.

The “Allintext Filetype Combo”

You can use both of these operators to locate log files that contain the text username.

Find email lists

You can find email lists in spreadsheets with this search combo.

This is a great way to scrape emails fast. These lists are usually exposed by companies and schools that are trying to organize emails.

Find FTP servers

Let’s try and find some FTP servers with exposed file transfers sometime this year.

I hope you enjoyed this Google Dorking tutorial. If you have any questions, feel free to post a comment.

Tags:

1 thought on “Google Dorking Is Sweet”

  1. Never heard of this before, really cool! I’ve seen people create scanners for github to find credentials that people have accidentally committed.

Leave a Reply

Your email address will not be published. Required fields are marked *