What Is Google Dorking And How To Use It

ByErma F. Brown

Mar 28, 2022 #Absorbable Modified Polymers Technology, #Advanced Technology Grants Pass, #Aidan'S Professional Technology Services, #Albuquerque Nm Information Technology Recruiters, #Bhd Technology Vr, #Catholic ""Information Technology, #Ceo Comcast Technology, #Computer Technology Electronic, #Current Applications Of Rdna Technology, #Disadvantages Technology Law, #Ferrum Technology Services, #Fundamentals Of Medical Laboratory Technology, #Gmu Department Of Information Technology, #Hornborg Alf Technology Effects, #I'M Done Working In Technology, #James V. Arms Technology, #Jurassic Park Technology Analysis, #Liquidmetal Technology News, #LLC, #Mathey Technology And Engineering, #Medical Technology In 500 Bc, #Musc Library Technology Downloads, #New Jersey Technology Office Space, #Pc Ralley Technology, #Ridge Technology Services, #Technology 3x Reverse Etf, #Technology Abuse Use, #Technology Adoption Three Types, #Technology Advantage Info, #Technology And Improving Menial Jobs, #Technology Classroom Building 311, #Technology Companys In Usa, #Technology Distracting Studying Students, #Technology Docking Stations, #Technology Enablement White Paper, #Technology Images For Ppt, #Technology Impact On Finance Departments, #Technology In Chennai, #Technology In Greek Translation, #Technology Into History Lesson, #Technology Is Electricity Ted Talks, #Technology Professionals Of British Columbia, #Technology Relatesecuirty Topics, #Technology Studies Emu, #Technology To Prevent Medication Errors, #Technology Want What Ails Look, #Tesla Technology Roadmap, #Veterinary Assisting Vs Veterinary Technology, #Wentworth Institute Of Technology Animation, #What Is Today'S Technology, #With The Arise Of Technology

Google has become synonymous with searching the web. Many of us use it on a daily basis but most regular users have no idea just how powerful its capabilities are. And you really, really should. Welcome to Google dorking.

What is Google Dorking?

Google dorking is basically just using advanced search syntax to reveal hidden information on public websites. It let’s you utilise Google to its full potential. It also works on other search engines like Google, Bing and Duck Duck Go.

This can be a good or very bad thing.

Google dorking can often reveal forgotten PDFs, documents and site pages that aren’t public facing but are still live and accessible if you know how to search for it.

For this reason, Google dorking can be used to reveal sensitive information that is available on public servers, such as email addresses, passwords, sensitive files and financial information. You can even find links to live security cameras that haven’t been password protected.

Google dorking is often used by journalists, security auditors and hackers.

Here’s an example. Let’s say I want to see what PDFs are live on a certain website. I can find that out by Googling:

filetype:pdf site:[Insert Site here]

Doing this with a company website recently revealed a weird genealogy relationship chart and a guide to amateur radio that had been uploaded to its servers by members at some point.

I also found another special interest PDF but won’t mention the topic as the document contained a person’s name, email address and phone number.

This is a great example of why Google Dorking can be so important for online security hygiene. It’s worth checking to make sure your personal information isn’t out there in a random PDF on a public site for anyone to grab.

It’s also an important lessons for companies and government organisations to learn – don’t store sensitive information on public facing sites and perhaps considering investing in penetration testing.

You should probably be careful

There is nothing illegal about Google dorking. After all, you’re just using search terms. However, accessing and downloading certain documents – particularly from government sites – could be.

And don’t forget that unless you’re going to extra lengths to hide your online activity, it’s not hard for tech companies and the authorities to figure out who you are. So don’t do anything dodgy or illegal.

Instead, we recommend using Google dorking to assess your own online vulnerabilities. See what’s out there about you and use that to fix your own personal or company security.

And as a general rule — don’t be a dick. If you ever find sensitive information through any means, including Google dorking, do the right thing and let the company or individual know.

Best Google Dorking searches

Google dorking can get quite complex and specific. But if you’re just starting out and want to test this out for yourself for honourable reasons only, here are some really basic and common Google dorking searches:

  • intitle: this finds word/s in the title of a page. Eg – intitle: gizmodo
  • inurl: this finds the word/s in the url of a site. Eg – inurl: “apple” site: gizmodo.com.au
  • intext: this finds a word or phrase in a web page. Eg: intext: “apple” site: gizmodo.com.au
google dorking
  • allintext: this finds the word/s in the title of a page. Eg – allintext:contact site: gizmodo.com.au
  • filetype: this finds a specific file type, like PDF, docx, csv. Eg – filetype: pdf site: gov.au
  • Site: This restricts a search to a certain website like with some of the above examples. Eg – site:gizmodo.com.au filetype:pdf allintitle:confidential
  • Cache: This shows the cached copy of a site. Eg – cache: gizmodo.com.au

Now we have some of the basic operators, here are some useful searches you can do to check your own online security hygiene:

  • password filetype:[insert file type] site:[insert your website]
  • [Insert Your Name] filetype.pdf
  • [Insert Your Name] intext: [Insert a piece of personal information like your email address, home address or phone number]
  • password filetype:[Insert File Type, like PDF] site:[Insert your website]
  • IP: [insert your IP address]