Exploring Google Dorks

Note: This article is strictly for educational purpose only.

If you have not read my previous article on BITB attack, here is the link.

What is Browser In The Browser (BITB) Attack?

Google Dorking

Google search based hacking, sometimes referred as Google Dorking, is an information gathering technique. Advanced Google search operators have their place in this ecosystem of tools.

Dork

A search criteria/filter which returns results according to the dork specified.

Point to keep in mind

Google knows who you are and when you perform such activities. Though the information will be freely available, one should refrain from using it illegally.

Lets look at some popular dorks:

1. cache: Will present you with a cached version of any website.
   eg: cache:orkut.com
2. intitle: Will present you with the webpages which have the word mentioned in the dork.
   eg: intitle:security
3. allintitle: Will present you the webpages with the mentioned title(Will consider all the words mentioned).
   eg: allintitle:cyber offence
4. intext: Will present you with the webpages which contain the specified word in the dork.
   eg: intext:github
5. allintext: Will present you the webpages which have all the mentioned text.
   eg: allintext:tools hacker
6. inurl: Will present you with the webpages which have the mentioned word in the URL.
   eg: inurl:ac.in
7. allinurl: Will present you with the webpages which have all the mentioned words in the URL.
   eg: allinurl:tech lead
8. filetype: Will return links to files that are accessible, depending on the file format given as input. The filetypes can be doc, odt, xlsx, csv, pdf, etc.
   eg: filetype:pdf
9. inanchor: Will return anchor texts/links to pages for the mentioned words.
   eg: inanchor:“cyber security”
10. site: Will present you with the full list of all the indexed URLs for the specified domain/sub-domain.
    eg: site:demo.testfire.net
11. *: The wildcard acts as “anything”. This can be placed before, after or in between words to find interesting results.
    eg: “Conquering the * and * of Grief”
12. |: The logical operator OR(“|”) can be used to get result in between two or multiple words.
    eg: The search “security” | “skills” will give you results containing the keyword security or skills.
13. +: The operator will add any two or more words to give results which contain all of them.
    eg: security + attacks will give results where both the keywords security and attacks are present.
14. -: The operator is used to avoid a particular keyword while searching.
    eg: The search query “security -cve” will provide results which do not have the keyword cve.
15. @: The result can restrict the outputs to a particular social media platform defined.
    eg: Bikes @facebook
16. info: This helps in finding information related to the domain you are searching for.
    eg: info:domainname.com
17. before/after: Used to search within a particular date range.
    eg: twitter after:2018

Using multiple dorks — Usage in real world

In the real world, one can search using multiple dorks and there is no limit to it. Lets see a few examples.

1. Excluding error and xml sitemaps: technical seo -“404 errors” -“xml sitemaps”
2. Excluding irrelevant sites: security -site:pinterest.com
3. Excluding subdomains: site:domainname.com -inurl:stage -inurl:dev -inurl:staging
4. Finding open files with passwords of colleges: inurl:ac.in filetype:xlsx password
5. Explore Configurations Using ENV files: DB_USERNAME filetype:env
6. Finding Live cameras(Looks scary, I know):
   inurl:top.htm inurl:currenttime
   or one can also use inurl:”lvappl.htm” or inurl:”view.shtml” “camera”
   You can also try for webcapxp-based transmission camers with: intitle:”webcamXP 5"
7. Looking for FTP servers: intitle:”index of” inurl:ftp (You can also try for forced http search with: intitle:“index of” inurl:http after:2018)
8. Look for videos, mp3: You can look out for open videos with “index of friends”(Yeah you get all Friend’s episodes). For mp3: intitle: index of mp3
9. Zoom videos: inurl:zoom.us/j and intext:scheduled for
10. SQL Dumps: “index of” “database.sql.zip”
11. WordPress Admin: intitle:”Index of” wp-admin
12. phpMyAdmin page: “Index of” inurl:phpmyadmin
13. Government docs: allintitle: restricted filetype:doc site:gov
14. Apache2 webpages: intitle:“Apache2 Ubuntu Default Page: It works”

Mitigation/Prevention from Google Dorks

As an ethical cybersecurity professional we also need to provide remediation with the problems we encounter. Here is for Google Dorks.

Data can be restricted from being indexed by search engines. Following are a few of them:

1. Encrypt sensitive information(Username, Passwords, Card details, etc.)
2. Run periodic vulnerability scan. These use Google Dork and can thus detect sensitive data accessible to public.
3. Restrict important data with authentication and if possible with IP based authentication.
4. Block sensitive content to be crawled by using robots.txt.

Note: This is for educational purpose only.

Thank you for your time.

If you enjoyed the article then do clap and follow me. :)

Happy Hacking!