Google search engine find answer to our question which is helpful in our daily lives, search about our school assignments, reports, presentation and more. Before i start the tutorial on how we are going to use Google Dorks in Penetration Testing and Ethical Hacking i am going to define this, in some website or article give the definition in this matter.
According to techtarget.com:
A Google dork query, sometimes just referred to as a dork, is a search string that uses advanced search operators to find information that is not readily available on a website.
So in other words we can use Google dorks to find vulnerabilities, hidden information, and access page in the certain websites. Because google have an searching algorithm and indexing some website it can useful to an attacker to find vulnerabilities in the target. The basic syntax to use advanced operator in Google as Follow:
For example this operator_name:keyword syntax such as ‘filetype:xls intext:username’ in the standard search box and the result of this is the excel file which we can find the Username.
Simple Google Dorks:
site – it return website on following domain
allintitle and intitle – is contain title specified phrase in the page.
inurl: its restrict the results contain of URLS in specified phrase
filetype: search for specified filetype format
See picture below:
The question is what data we can find using google dorks?
- Admin login pages
- Username and passwords
- Vulnerable entities
- Sensitive documents
- Govt/military data
- Email lists
- Bank account details and lots more
Other capabilities of using google dorks is the network mapping, we are able to find the subdomain of the target site using a simple dorks. Because information gathering and network mapping is useful in Ethical hacking like the image below:
site:wipro.com -site:www.wipro.com -site:careers.wipro.com
So we can see about we try the wipro.com to scan and we can find some of the sub domains using the master website, and we see other login pages other system administrator and webmaster is using sub domain for login pages so based on the results its not full secured. That’s why in site mapping google dorks is good.
How about a port scanning? Available port for intrusion and open ports? Can the google dorks find it?
The answer is yes. See image below
Dork: inurl:8443 -intext:8443
We use the port 8443 and its open, we find some websites enable the port 8443. The queries above search the website using port 8443.
In this article we present some uses of google dorks for testing our own website if its searchable in the Google and leak some confidential information.