Google Dorks
- 3. 2
Quick Survey
• How many people have heard of Google Dorks before this Meet
up ?
• How many people have tried Google Dorks?
• How many people are using Google Dorks for hacking purpose ?
- 4. Google Dorks
• “Using public sources openly and without
resorting to illegal means, it is possible to
gather at least 80 percent of all information
required about the enemy” - Al Qaeda
training manual
- 6. What is Google Hacking
• It's not hacking into Google servers!
• Google hacking is using different Google operators to
effectively optimize search results.
• It also involves using Google to identify vulnerabilities
in websites.
• Results are highly customizable. All Web site content is
exposed to Google
• Sensitive content might be available for months before
the compromise is discovered
• Even after sensitive pages are removed, they will be
stored in Google Cache
- 7. Google Hacking
• Google hacking is a term that refers to the art
of creating complex search engine queries in
order to filter through large amounts of search
results for information related to computer
security.
- 8. How it Works ?
• Google Search indexes everything that is
made public including “virtual notebooks” and
the information stored within that notebook
in their search results.
• Google is one of the most powerful databases
in the world
- 9. Information disclosure with Google
• Private information
• Remote Admin Interface
• Configuration management
• Error messages
• Backup files
• Public vulnerabilities
• Technology Profile
- 12. Google Operators
“Operators are used to refine the
results and to maximize the
search value. They are your tools
as well as hackers’ weapons”
- 13. Google Operators
• Basic Operators
+, -, ~ , ., *, “”, |, OR
• Advanced Operators
allintext:, allintitle:, allinurl:, bphonebook:,
cache:, define:, filetype:, info:, intext:, intitle:,
inurl:, link:, phonebook:, related:, rphonebook:,
site:, numrange:, daterange
- 14. Basic Operators
• (+) force inclusion of something common
– Google ignores common words (where, how, digit, single letters) by default:
– Example: StarStarWars Episode +I
• (-) exclude a search term
– Example: apple –red
• (“) use quotes around a search term to search exact phrases:
– Example: “Robert Masse”
– Robert masse without “” has the 309,000 results, but “robert masse” only has 927 results.
Reduce the 99% irrelevant results
• (~) search synonym:
– Example: ~food
– Return the results about food as well as recipe, nutrition and cooking information
• ( . ) a single-character wildcard:
– Example: m.trix
– Return the results of M@trix, matrix, metrix…….
• ( * ) any word wildcard
- 15. Advance Operators “Site”
• Advance Operator : “Site”
– Find Web pages only on the specified domain. If
we search a specific site, usually we get the Web
structure of the domain
– Examples:
• site:com
• site:osscube.ca
• site:www.osscube.ca
- 16. Advance Operators “Filetype”
• Advanced Operators: “Filetype:”
– Filetype: extension_type
– Find documents with specified extensions
– Example
• filetype:pdf
• filetype:xls
• Site:osscube.com filetype:pdf
• Site:osscube.com filetype:txt
• Budget filetype: xls
- 17. Advance Operators “Intitle”
• Advanced Operators “Intitle:”
– Intitle: search_term
– Find search term within the title of a Webpage
– Allintitle: search_term1 search_term2 search_term3
– Find multiple search terms in the Web pages with the
title that includes all these words
– These operators are specifically useful to find the
directory lists
– Example:
• Find directory list:
• Intitle: Index.of “parent directory”
- 18. Advance Operators “Inurl”
• Advanced Operators “Inurl:”
– Inurl: search_term
– Find search term in a Web address
– Allinurl: search_term1 search_term2
search_term3
– Find multiple search terms in a Web address
– Examples:
• Inurl: cgi-bin
• Allinurl: cgi-bin password
- 19. Advance Operators “Intext”
• Advanced Operators “Intext;”
– Intext: search_term
– Find search term in the text body of a document.
– Allintext: search_term1 search_term2
search_term3
– Find multiple search terms in the text body of a
document.
– Examples:
• Intext: Administrator login
• Allintext: Administrator login
- 20. Advance Operators “Cache”
• Advanced Operators: “Cache:”
– Cache: URL
– Find the old version of Website in Google cache
– Sometimes, even the site has already been
updated, the old information might be found in
cache
– Examples:
• Cache: www.osscube.com
- 21. Advance Operators “<number1>..<number2>”
• Advanced Operators
– <number1>..<number2>
– Conduct a number range search by specifying two
numbers, separated by two periods, with no
spaces. Be sure to specify a unit of measure or
some other indicator of what the number range
represents
– Examples:
• Computer $500..1000
• DVD player $250..350
- 22. Advance Operators “Link”
• Advanced Operators “Link:”
– Link: URL
• Find the Web pages having a link to the specified URL
– Related: URL
• Find the Web pages that are “similar” to the specified Web page
– info: URL
• Present some information that Google has about that Web page
– Define: search_term
• Provide a definition of the words gathered from various online sources
– Examples:
• Link: osscube.com
• Related: osscube.com
• Info: osscube.com
• Define: Network security
- 24. Google “Friend or Enemy”
• Google is everyone’s best friend (yours or
hackers)
• Information gathering and vulnerability
identification are the tasks in the first phase
of a typical hacking scenario
• Passitive, stealth and huge data collection
• Google can do more than search
• Have you used Google to audit your
organization today?