If you’ve never heard of Google Dorking, then you’ve come to the right place.
Google Dorking is a way to strip your search results into more precise results with advanced search terms.
In other cases, Google Dorking can be used by hackers to find sensitive data that was accidentally exposed to the internet. Hackers can use Google Dorking to find sensitive information such as emails, passwords and login credentials.
You can also refer to Google Dorking as “Google Hacking”.
Google Dorking is kind of like SQL injection–Except more deadly if used correctly.
Here’s an example to better understand what Google Dorking is:
Notice there are only search result with the title Lord Of The Rings. That’s because the intitle: tells Google that I only want search results with the text that I’ve included.
Let’s use this method to find some sensitive information.
Find a certain file type
You can use filetype to find files of a certain types that were exposed to the internet.
Find certain text on webpage
You can use allintext to find a webpage with certain text.
The “Allintext Filetype Combo”
You can use both of these operators to locate log files that contain the text username.
Find email lists
You can find email lists in spreadsheets with this search combo.
This is a great way to scrape emails fast. These lists are usually exposed by companies and schools that are trying to organize emails.
Find FTP servers
Let’s try and find some FTP servers with exposed file transfers sometime this year.
I hope you enjoyed this Google Dorking tutorial. If you have any questions, feel free to post a comment.