Ethical Hacking

“Google Dorking” the Smart Searching Technique to Find the Sensitive data!!

“Google Dorking” the Smart Searching Technique to Find the Sensitive data!!

Hello Hackers,

Let’s read some Cybersecurity Blogs

Today we will learn how attackers and researchers find Sensitive Data using Google Dorking.

Google Dorking is also famous by another name called Google Hacking.

What is Google Dorking ?

Google Dorking is a Gold mine for Security Researchers as well as for the attackers to grab Sensitive Information of a target/victim. Google Dorking is used to find the data of web applications that are not maintained properly by the website owners.

Usually, Google is a search engine to search for normal things for an ordinary person but Security researchers, & attackers take benefit of it by searching some Extraordinary strings.

Why this Happens ?

This happens because website owners did not block some specific and important files in the robots.txt” directory from google bots… and when bots Crawl the website and they found such important files after that some legendry searches strings on google show all the sensitive files.

If you need more things then you can access theGoogle Hacking Database (GHDB)” which contains all the google dorks and sensitive data of the web servers…

Which strings are used for Google Dorking ?

allintext

It is used to search any specific text.

allintitle

It is used to search specific titles.

allinurl

This is used to find a URL that contains specific characters

cache 

This will reveal the cached version of a website.

inurl

It is the same as allinurl but it is used for a single keyword search.

intext

It is the same as allintext but it is used for single text keyword search

filetype

It is used to search any specific type of file like docs, csv, .env, pdf, xlsx, etc…

site

This is used for any specific site or just “.com, .in, .edu” etc…

*

This is a wildcard used for blank space that can contains any things. (E.g-Security research papers of * company) now “*” can be any company here.

+

Used for concatenation.

Some Examples

"index of "database.sql.zip"

SQL dump string

intitle:"index of" wp-admin 

Finding WordPress admin

intitle:"index of" inurl:"ftp"

Find FTP server

site:.com filetype:log

Find Logs of website

intitle:"webcamXP 5" 
inurl:"lvappl.htm"

Find Open Webcams…

"index of" inurl:phpmyadmin

PHP admin panel.

inurl:/proc/self/cwd

Vulnerable Web servers

What are Preventive Measures ?

To protect your sensitive website data from google dorks you need to block the sensitive and some useful files using robots.txt, which will not allow the crawlers to crawl those files, and after that, it will not reveal on google and even after googling dork searches…

User-agent: *
Disallow:  /admin/
Disallow: /*.php/

It’s Done for today, time to say GOODBYE

Happy Hacking!!

Share this post

About the author

Leave a Reply

Your email address will not be published. Required fields are marked *