Introduction to Google Hacking (Dorking)

Search engines are filled with more and more data and information every day. Search engines are your best friend when you want to gather information.

This article has been prepared to show you how to find the information you are looking for in search engines and how this process works.

What is Google Dorking?

Basically, Google Dorking is trying to find necessary (or random) information about a target by limiting the search query.

Various useful information such as which technologies the target is using and key data required for social engineering can be obtained by this method.

Is Google Dorking Legal?

One of the first questions that come to mind is whether this business is legal. There is nothing technically illegal (but not 100% legal).

There are some exceptions, for example collecting information is a passive process, unless you use them you are not considered to have engaged in any illegal business (which may vary in some cases).

For example, if you found a PDF file on Google, saving it to your computer may cause you problems. Or trying passwords you find on a page can also cause problems.

Although what you’re doing is usually legal, it’s important to be careful if you think you’ve crossed the line, back off cautiously.

Google Operators For Advanced Searching

There are some operators at Google to focus search queries on a specific target and topic (to push unnecessary information out of the field).

1 – site operator

The site: operator is used to aggregate the search query into a known site. It is added after the query.

site operator

The site operator has limited my search query to Microsoft website and its subdomains only so that I can take information from 1 source.

If the keywords next to the site operator are on the site (not necessarily found in the title), they will be listed.

2 – filetype operator

It searches the query you provide on the search engine like a file. When you type filetype:pdf, the query is searched as a pdf file.

filetype operator

The domain of your search query has started to decrease. Now, pdf files containing visual studio code keywords on microsoft.com are being searched.

Remember that each word with a space is a separate keyword, for example, visual studio code represents 3 separate keywords, these are code, visual, and studio.

3 – intitle operator

With the help of this operator, you can request pages with a title with the string you specify.

intitle operator

We got rid of the keywords here and now we only see files that contain the Azure text in the title.

Since there is no keyword next to the intitle operator, even if the file contains Azure, it is not listed if there is no Azure in the title.

4 – inurl operator

This operator is used to search on the URL, for example, it can be used to examine the website URL parameter.

inurl operator

Here, the inurl operator filters URLs that do not contain office365 parameters and thus helps you reach the resource you want.

Using Google Hacking Database

You can use Google Hacking Database for search queries. This database offers google queries to gather useful information.

For instance, we need some pdf documents about our target and we don’t know how to get them. We can find queries about this in GHDB.

Google Hack Database Template

The website template looks like this, pretty simple. All queries are listed in this section, we have a query search bar at the left-top.

Now, let’s search query for getting pdf files from the target website. Since this query is a basic query, the results will be similar.

Google Hack Database – Pdf Dorks

You can get more information by clicking on the dork. Dork offers the author’s name, added date, etc.

Of course, this database just is not searching for basic queries. This database lists complex google queries that allow you to access sensitive information.

Conclusion

We are going to learn how to use Google for gathering information. The solutions here are all manual solutions.

With the help of tools such as TheHarvester and DataSploit, you can complete your work one click faster.

Although automation has made collecting information easier, it is important to always perform manual searching.

Leave a Reply

Your email address will not be published. Required fields are marked *