Hi there, welcome to my guide on Google Dorking aka Google Hacking.
What is Google Dorking?
Google Dorking is the process of discovering sensitive information or applications online by inputting refined search queries into Google.
If you enter the correct search term into Google, you can find music and videos, unprotected site administration areas, site error logs, specific versions of web applications (useful for hackers), login credentials and more.
How is it done?
Google (and other search engines to) have specific commands or ‘operators’ you can enter into your searches which have special meaning.
E.g. one operator lets you find results with specific text in its page title, another enables you to find webpages that contain a certain string of characters in the URL, there are quite a few operators you can use.
These operators can also be used in conjunction with eachother to refine your search results.
intitle:”Doctor Who” inurl:”.co.uk”
Displays results that have “Doctor Who” in the page title and have “.co.uk” in the URL.
Check out this list of Google Search operators.
By creating search queries using these operators, we can find all sorts of goodies.
Internet-enabled Cameras & other online devices
inurl:”next_file=main_fs.htm” inurl:img inurl:image.cgi
intitle:”WJ-NT104 Main Page”
Hackable/Vulnerable web applications
“Powered by Invision Power Board(U) v1.3 Final”
“Powered by IceWarp Software” inurl:mail
intitle:”WordPress > * > Login form” inurl:”wp-login.php”
“supplied argument is not a valid MySQL result resource”
“Invision Power Board Database Error”
See more interesting and fun google dorks at the official Google Hacking Database.