Google Dorks: what is it and how to use it?

google dorks
google dorks

Dernière mise à jour: 24 mai 2024

While companies often spend considerable sums on ensuring their IT security, hackers often resort to extremely minimalist means to prepare their attacks.

This asymmetry is quite striking, in fact a good number of hackers find their prey thanks to a simple query on the Google search engine. These queries are called in the jargon Google dorks.

What are Google Dorks?

A request Google Dork is the use of a search term that incorporates advanced search operators to find information on a website that is not available using a conventional search.

Le google sleeping, also called Google hacking, may return information that is difficult to locate through so-called simple searches. Often, the search results returned by Google are information that the website owner did not intend to reveal to the public.

But this information has not been adequately protected to prevent these risks.

By practicing this type of passive attack, Googles dorks can provide the following information:

  • Usernames and passwords.
  • Email lists.
  • Sensitive documents.
  • Personal, transactional or financial information (PIFI).
  • Vulnerabilities of websites, servers or plugins.

This information obtained can be used for many illegal purposes including cyber-terrorism, industrial espionage, identity theft, account hack Facebook and cyber harassment.

In order to perform these passive attacks, hackers use specific search operators. And as you will see, it does not require knowledge of computer programming. Indeed, they are within the reach of any Google user.

The main search operators

Operator Description Example of use
website return files located on a particular domain site: www.funinformatique.com VPN will find all pages containing
the word VPN in their text and located in the
domain www.funinformatique.com
filetype ext followed without space by the extension of the desired file such as DOC, PDF, XLS or other. Limit results to one type of
document given
filetype: pdf anonymity will return PDF documents
containing the word anonymity
inurl followed by a given phrase returns all results with that same phrase placed in the URL. inurl: VPN will find pages containing the word VPN in the URL address
intext followed by the word or phrase you are looking for returns all results where the phrase or text is present in the text of a web page. intitle: VPN will find pages containing the word VPN only in text

You can perform searches by combining all these operators in order to be able to make extremely precise and targeted searches.

Example of a Google Dorks query
Example of a Google Dorks query

For example if you want search documents PDF or the word "top secret" is included on the site funinformatique, you will certainly have to carry out a search of this type: “top secret” filetype:pdf site:www.funinformatique.com

Google Dorks non-exhaustive list

 Find passwords

Question Result
“http://*:*@www” site the passwords for the "site" page saved as
“http://username:password@www…”
filetype:bak inurl: »htaccess|passwd|shadow|
htusers »
backup copies of files that may contain information
on usernames and passwords
filetype:mdb inurl: »account|users|admin|admi
nistrators|passwd|password »
mdb type files which may contain information about
passwords
intitle: »Index of » pwd.db pwd.db files may contain user names and
encrypted passwords
“Index of/” “Parent Directory” “WS_
FTP.ini » filetype:ini WS_FTP PWD
the configuration files of the WS_FTP software which may contain
passwords for FTP servers
inurl:wp-config -intext:wp-config “'DB_PASSWORD'” The wp-config file of the WordPress CMS contains the site administration login and password

Search for personal data and confidential documents

Question Result
filetype:xls inurl: »email.xls » email.xls files that can contain addresses
“phone * * *” “address *” “e-mail” intitle: »curriculum
vitae »
CV documents
intitle: index.of finances.xls finances.xls files that may contain information
on bank accounts, financial reports and
credit card numbers
intitle: »Index Of » -inurl:maillog maillog size Maillog files that can contain e-mail messages
intext: »Dumping data for table 'orders' » files containing personal information
filetype:reg reg +intext: »internet account manager » This Google search reveals user names, pop3 passwords, email addresses, connected servers, and more. The IP addresses of users may also be revealed in some cases.

Google dorks appeared in 2004, they are still relevant and every day new dorks are born! To check out the full list of Google dorks, check out this link: https://www.exploit-db.com/google-dorks/

How to protect yourself from Google dorks?

As you can see, it is therefore relatively easy for hackers to find sensitive documents on the internet. Then how to protect yourself ?

Avoid posting sensitive information online

Search engines tirelessly scan the internet, indexing and monitoring every device, port, IP address, page, etc.

While the publication of most of this collected data does not pose a problem to be publicly disclosed. Some of the data is made publicly available unintentionally through search robots. As a result, a poorly configured intranet can leak confidential documents unintentionally.

So trivially, the easiest way to protect yourself from this kind of leak is to do not put sensitive information online.

Make sure that your sites or web pages containing sensitive information cannot be indexed by search engines. For example, GoogleUSPER provides tools to remove entire sites, URLs or caches from Google indexing.

Another option is touse the robots.txt file to prevent search engines from indexing sites.

Regularly test and monitor the vulnerabilities of your sites

Enjoy Google dorks to proactively implement regular vulnerability testing procedures. You can use the Google Hacking Database which lists the growing number of queries that find files including usernames, vulnerable servers, or even files containing passwords.

So as you can see, the myth of the genius hacker in programming is not necessarily a reality. singles queries on google can allow access to passwords, confidential documents or to find servers or plugins with flaws known to all. So be vigilant. 😉