What is Google Dorks and How Hackers Use Them

Google is a Hacking Tool. The idea of using Google as a hacking tool or platform certainly isn’t a novel idea, and hackers have been leveraging this incredibly popular search engine for years. In fact, Google Dorks have their roots in 2002 when a man by the name of Johnny Long started using custom queries to search for elements of certain websites that he could leverage in an attack.It’s not a new concept, but your website could be advertising its own vulnerabilities on Google’s search engine. The term is called “Google Dorking,” and the process of finding vulnerable web servers through the search engine is easier than you think.

How It Works

One aspect of good web programming is returning user-friendly errors. If your application doesn’t catch coding bugs, the web server returns error details in the browser. In some cases, the error details contain user names, passwords, and database specifics that you don’t want visitors to see. Most users bounce from a website that serves errors, but not Google. Googlebot is just a crawler meant to scan the web for content, index it, and then present results to searchers. If your web server returns errors from coding bugs, Google indexes the content of these errors, which could mean that sensitive login information is indexed. The result is that your web server provides searchable content that can be used to hack your website.

Google Dorking refers to the process of using common error phrases that relate to a specific response code generated by a programming language. For instance, your PHP application might have the wrong database user name and password stored in your backend code. PHP returns a specific database login error that must be handled when coding an application.”Handling” an error refers to trapping it and sending a user-friendly response back to the browser. If you don’t handle the error, the database login credentials are returned to the browser. When Googlebot visits your pages, it sees the PHP errors and indexes the content. This content is then available to anyone who knows what PHP phrases to search for.

Understanding Google Dorks Operators

Just like in simple math equations, programming code, and other types of algorithms, Google Dorks has several operators that aspiring white hat hackers need to understand. There are far too many to include in this guide, but we will go over some of the most common:

• intitle – this allows a hacker to search for pages with specific text in their HTML title. So intitle: “login page” will help a hacker scour the web for login pages.
• allintitle – similar to the previous operator, but only returns results for pages that meet all of the keyword criteria.
• inurl – allows a hacker to search for pages based on the text contained in the URL (i.e. “login.php”).
• allinurl – similar to the previous operator, but only returns matches for URLs that meet all the matching criteria.
• filetype – helps a hacker narrow down search results to specific types of files such as PHP, PDF, or TXT file types.
• ext – very similar to filetype, but this looks for files based on their file extension.
• intext – this operator searches the entire content of a given page for keywords supplied by the hacker.
• allintext – similar to the previous operator, but requires a page to match all of the given keywords.
• site – limits the scope of a query to a single website.

Custom Crafting Google Dork Queries

Now that we have a basic understanding of some of the operators and how Google Dorks can be used to scour the web, it’s time to look at query syntax. The following is the high level structure of Google Dorks that targets a specific domain:

• “inurl: domain/” “additional dorks”

A hacker would simply plug in the desired parameters as follows:

• inurl = the URL of a site you want to query
• domain = the domain for the site
• dorks = the sub-fields and parameters that a hacker wants to scan

If a hacker wishes to search by a field other than the URL, the following can be effectively substituted:

• intitle:
• inurl:
• intext:
• define:
• site:
• phonebook:
• maps:
• book:
• info:
• movie:
• weather:
• related:
• link:

These options will help a hacker uncover a lot of information about a site that isn’t readily apparent without a Google Dork. These options also offer ways to scan the web to located hard to find content. The following is an example of a Google Dork:

inurl:login.jsp intitle:login

Making Effective Use of Operators

It may seem a little cryptic at first, so let me provide a few examples that show how the different operators can be used to locate content and website data. A user can make effective use of the intitle operator to locate anything on a website. Perhaps they are scraping email addresses and want to scan sites for the “@” symbol, or maybe they are looking for an index of other files.

Furthermore, the intext operator can basically be used to scan individual pages for any text you want, such as a target’s email address, name, the name of a web page (like a login screen) or other personal information to collect data about them.

The more you practice, the further you’ll be able to hone your queries to pinpoint different types of websites, pages, and vulnerabilities. Again, I need to caution you not to use these queries to attack another website, because that would be illegal and could get you into a lot of trouble. Still, Google Dorks are a great way to locate hidden information on the web, which is why hackers love to use them to find security flaws in websites.