Google Hacking (Dorking) Tutorial for Beginners

Google Hacking (Dorking) Tutorial for Beginners

Google Hacking, also known as Google Dorking, is a computer hacking technique that uses Google Search to locate security vulnerabilities in websites and web-based applications. Hackers use advanced search queries, known as “dorks,” to find information that is not intended to be publicly available. This information can include sensitive data such as login credentials, credit card numbers, and other confidential information. Google Hacking can also be used to find vulnerable websites that can be exploited for malicious purposes, such as launching a denial-of-service attack or installing malware.

It is important to note that Google Hacking is illegal and unethical, and can cause serious harm to individuals and organizations. Therefore, it is not recommended to engage in this activity, and it is important to always use technology responsibly and in accordance with the law.

Using Advanced Search

operator:keyword additional search terms

Advanced Operators

siteConfines keywords to search only within a domain
extFile extension
locMaps location
intitleKeywords in the title tag of the page
allintitleAny of the keywords can be in the title
inurlKeywords anywhere in the URL
allinurlAny of the keywords can be in the URL
incacheSearch Google cache only

Keyword combinations

passsword | passlist | username | user
login | logon
Administrator | Admin | Root
Prototype | Proto | Test | Example

Examples

site:intenseschool.com (ceh ecsa lpt)
intitle:index.of
allinurl:login logon
-ext:html -ext:htm -ext:asp -ext:aspx -ext:php

Vulnerable web servers

The following Google Dork can be used to detect vulnerable or hacked servers that allow appending “/proc/self/cwd/” directly to the URL of your website.

inurl:/proc/self/cwd

The vulnerable server results will appear, along with their exposed directories that can be surfed from your own browser.

Open FTP servers

Google does not only index HTTP-based servers, but also indexes open FTP servers as well.

With the following dork, you’ll be able to explore public FTP servers, which can often reveal interesting things.

intitle:"index of" inurl:ftp

Email lists

It’s pretty easy to find email lists using Google Dorks. In the following example, we are going to fetch excel files which may contain a lot of email addresses.

filetype:xls inurl:"email.xls"

For example, If we want to filter and check out only the german domain names we can type:

site:.de filetype:xls inurl:"email.xls"

Preventing Google Dorks

  • Secure sensitive information: Store sensitive information on a secure server or database and restrict access to it with strong authentication and authorization methods.
  • Use strong passwords: Use strong and unique passwords for all accounts and change them regularly.
  • Disable directory listing: Configure your web server to disable directory listing, so that the contents of your directories are not publicly visible.
  • Monitor your website: Regularly monitor your website for any signs of suspicious activity or unauthorized access.
  • Keep software up to date: Keep your software, including your website and server software, up to date to ensure that any vulnerabilities are patched.
  • Use security plugins: Use security plugins and add-ons for your website to help protect against common attacks and vulnerabilities.
  • Educate yourself and your users: Stay informed about the latest security threats and educate yourself and your users on safe practices to protect against them.

Leave a Reply

Prev
Convert Speech to Text with Python Source Code for Beginners
Convert Speech to Text with Python Source Code for Beginners

Convert Speech to Text with Python Source Code for Beginners

A few weeks ago, we created a Text to Speech project in Python

Next
Create a Hacking Script in BASH – Tutorial for Beginners
Create a Hacking Script in BASH - Tutorial for Beginners

Create a Hacking Script in BASH – Tutorial for Beginners

Bash is a Unix shell, which is a command-line interface for interacting with an

You May Also Like