Last updated: December 15, 2022
While companies often spend considerable sums on ensuring their IT security, hackers often resort to extremely minimalist means to prepare their attacks.
This asymmetry is quite striking, in fact a good number of hackers find their prey thanks to a simple query on the Google search engine. These queries are called in the jargon Google dorks.
What are Google Dorks?
A request Google Dork is the use of a search term that incorporates advanced search operators to find information on a website that is not available using a conventional search.
Le google sleeping, also called Google hacking, may return information that is difficult to locate through so-called simple searches. Often, the search results returned by Google are information that the website owner did not intend to reveal to the public.
But this information has not been adequately protected to prevent these risks.
By practicing this type of passive attack, Googles dorks can provide the following information:
- Usernames and passwords.
- Email lists.
- Sensitive documents.
- Personal, transactional or financial information (PIFI).
- Vulnerabilities of websites, servers or plugins.
This information obtained can be used for many illegal purposes including cyber-terrorism, industrial espionage, identity theft, Facebook account hacking and cyber harassment.
In order to perform these passive attacks, hackers use specific search operators. And as you will see, it does not require knowledge of computer programming. Indeed, they are within the reach of any Google user.
The main search operators
| Operator | Description | Example of use |
|---|---|---|
| website | return files located on a particular domain | site: www.funinformatique.com VPN will find all pages containing the word VPN in their text and located in the domain www.funinformatique.com |
| filetype ext | followed without space by the extension of the desired file such as DOC, PDF, XLS or other. Limit results to one type of document given |
filetype: pdf anonymity will return PDF documents containing the word anonymity |
| inurl | followed by a given phrase returns all results with that same phrase placed in the URL. | inurl: VPN will find pages containing the word VPN in the url |
| intext | followed by the word or phrase you are looking for returns all results where the phrase or text is present in the text of a web page. | intitle: VPN will find pages containing the word VPN only in text |
You can perform searches by combining all these operators in order to be able to make extremely precise and targeted searches.
For example if you want search documents PDF or the word "top secret" is included on the site funinformatique, you will probably have to do a search like this: "top secret" filetype: pdf site: www.funinformatique.com
Google Dorks non-exhaustive list
Find passwords
| Question | Result |
|---|---|
| "http: // *: * @ www" site | the passwords for the "site" page saved as "Http: // username: password @ www ..." |
| filetype: bak inurl: "htaccess | passwd | shadow | htusers " |
backup copies of files that may contain information on usernames and passwords |
| filetype: mdb inurl: "account | users | admin | admi nistrators | passwd | password " |
mdb type files which may contain information about passwords |
| intitle: "Index of" pwd.db | pwd.db files can contain user names and encrypted passwords |
| "Index of /" "Parent Directory" "WS _ FTP.ini "filetype: ini WS _ FTP PWD |
the configuration files of the WS_FTP software which may contain passwords for FTP servers |
| inurl: wp-config -intext: wp-config "'DB_PASSWORD'" | The WordPress CMS wp-config file contains the site administration login and password |
Search for personal data and confidential documents
| Question | Result |
|---|---|
| filetype: xls inurl: "email.xls" | email.xls files that can contain addresses |
| "phone * * *" "address *" "e-mail" intitle: "curriculum vitae " |
CV documents |
| intitle: index.of finances.xls | finances.xls files that may contain information on bank accounts, financial reports and credit card numbers |
| intitle: "Index Of" -inurl: Maillog Maillog size | Maillog files that can contain e-mail messages |
| intext: "Dumping data for table 'orders'" | files containing personal information |
| filetype: reg reg + intext: "internet account manager" | This Google search reveals user names, pop3 passwords, email addresses, connected servers, and more. The IP addresses of users may also be revealed in some cases. |
Google dorks appeared in 2004, they are still relevant and every day new dorks are born! To check out the full list of Google dorks, check out this link: https://www.exploit-db.com/google-dorks/
How to protect yourself from Google dorks?
As you can see, it is therefore relatively easy for hackers to find sensitive documents on the internet. Then how to protect yourself ?
Avoid posting sensitive information online
Search engines tirelessly scan the internet indexing and checking every device, port, IP address, pages etc.
While the publication of most of this collected data does not pose a problem to be publicly disclosed. Some of the data is made publicly available unintentionally through search robots. As a result, a poorly configured intranet can leak confidential documents unintentionally.
So trivially, the easiest way to protect yourself from this kind of leak is to do not put sensitive information online.
Make sure that your sites or web pages containing sensitive information cannot be indexed by search engines. For example, GoogleUSPER provides tools to remove entire sites, URLs or caches from Google indexing.
Another option is touse the robots.txt file to prevent search engines from indexing sites.
Regularly test and monitor the vulnerabilities of your sites
Enjoy Google dorks to proactively implement regular vulnerability testing procedures. You can use the Google Hacking Database which lists the growing number of queries that find files including usernames, vulnerable servers, or even files containing passwords.
So as you can see, the myth of the genius hacker in programming is not necessarily a reality. singles queries on google can allow access to passwords, confidential documents or to find servers or plugins with flaws known to all. So be vigilant. 😉