Google hacking, also named Google dorking, is a hacker technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites are using. Google dorking could also be used for OSINT.
"Google hacking" involves using advanced operators in the Google search engine to locate specific errors of text within search results. Some of the more popular examples are finding specific versions of vulnerable Web applications. A search query with
intitle:admbook intitle:Fversion filetype:php would locate all web pages that have that particular text contained within them. It is normal for default installations of applications to include their running version in every page they serve, for example, "Powered by XOOPS 2.2.3 Final".
Devices connected to the Internet can be found. A search string such as
inurl:"ViewerFrame?Mode=" will find public web cameras.
Another useful search is following
intitle:index.of followed by a search keyword. This can give a list of files on the servers. For example,
intitle:index.of mp3 will give all the MP3 files available on various types of servers.
You can use symbols or words in your search to make your search results more precise.
Many similar advanced operators can be used to exploit insecure websites:
|Operator||Example||Purpose||Mixes with Other Operators?||Can be used Alone?||Web||Images||Groups||News|
|site||site:wikipedia.org||Search specific site||yes||yes||yes||yes||yes||yes|
|related||related:wikipedia.org||Search for related sites||yes||yes|
|cache||cache:wikipedia.org||Search with Google's cached version of a site||yes||yes|
|intitle||intitle:wikipedia||Search page Title||yes||yes||yes||yes||yes||yes|
|allintitle||allintitle:wikipedia||Search page title||yes||yes||yes||yes||yes||yes|
|subject||Group subject search||yes||yes||yes||yes||yes||yes|
|filetype||filetype:pdf||Search results will only be of this file type||yes||yes||yes||yes||yes|
|intext||intext:wiki||Search text of page only||yes||yes||yes||yes||yes||yes|
|allintext||allintext:wiki||Search text of page only||no||yes||yes||yes||yes||no|
|""||"Wikipedia"||Search for exact word match||yes||yes|
|+||jaguar + car||Search for more than one specific key||yes||yes|
|-||jaguar speed -car||Exclude words from your search||yes||yes|
|OR||jaguar OR car||Combines two searches||yes||yes|
|*||how to * to Wikipedia||Wildcard operator||yes||yes|
|link||link:wikipedia||Search for links to pages||yes||yes||yes||yes||yes||yes|
|inanchor||inanchor:wikipedia||Search link anchor text||yes||yes||yes||yes||yes||yes|
|daterange||Search in date range||yes||yes||yes||yes||yes||yes|
|author||Group author search||yes||yes||yes||yes||yes||yes|
|group||Group name search||yes||yes||yes||yes||yes|
|msgid||Group msgid search||yes||yes||yes||yes|
|imagesize||imagesize:320x320||Image results will only be of this size||yes||yes||no||yes|
|@||@wikipedia||Search Social Media||yes||yes|
|#||#wiki||Search for hashtags||yes||yes|
|$||camera $400||Search for a price||yes||yes|
|..||camera $50..$100||Search within a range of numbers||yes||yes|
For a list of operators, refer to Google Search Help. To limit the misuse of the advanced google search feature, Google makes use of CAPTCHA after every few advanced searches which restricts bots from automating the process.
Google also provides a GUI version for Advanced Google searching available here which supports most common advanced search operators.
The concept of "Google hacking" dates back to 2002, when Johnny Long began to collect Google search queries that uncovered vulnerable systems and/or sensitive information disclosures – labeling them googleDorks.
Since its heyday[when?], the concepts explored in Google hacking (sometimes referred to as Google Dorking) have been extended to other search engines, such as Bing and Shodan. Automated attack tools use custom search dictionaries to find vulnerable systems and sensitive information disclosures in public systems that have been indexed by search engines.
Robots.txt is a well known file for search engine optimization and protection against Google dorking. It involves the use of robots.txt to disallow everything or specific endpoints (hackers can still search robots.txt for endpoints) which prevents google bots from crawling sensitive endpoints such as admin panels.