What is a Google Dork?
Google Dorks are nothing but simple search operators that are used to refine our search.
Okay so let’s pretend you’re wanting to search the world wide web for ebooks on the topic of ‘cooking’, most people would search google for “Cooking eBooks” or “eBooks on cooking”, etc. This usually results in clicking link after link to get to a valid download link.
Now let’s try something a little different. Google search “ext:pdf cooking” (without quotes) and see what kinda results you get. Usually google returns DDL’s (Direct Downloading Links) of eBooks on Cooking with the file extension *pdf. This is an example of a basic Google Dork.
Here are a few other basic search operators, including a descriptions and examples.
1. site – It returns the websites of specified domains .
Example- site:blooplace.eu will return the links of webpages of domain lethemfind.us. site:blooplace.eu cooking will return all the webpages of domain blooplace.eu which contain word ‘cooking’. Suppose you want google to return only government websites, you can use site:gov or say pakistani websites use site:pk
2. intitle and allintitle – It restricts the results to pages whose title contain specified word/phrase.
intitle:admin will return only those pages whose title contains word ‘admin’.
intitle:admin login will return only those pages whose title contains word ‘admin’ and word ‘login’ can be in anywhere in page.
allintitle:admin login will return those pages whose title contains both words admin and login. This is simply equivalent to intitle:admin intitle:login
3.inurl – as clear from name, it restricts the results to sites whose URL’s contains specified phrase.
inurl:adminlogin will return only those pages whose URL contains ‘adminlogin’.
Like allintitle, you can similarly use allinurl. I dont feel there is need to explain allinurl.
4. related– It returns the websites similar to specified websites.
related:www.mobivox.com , now mobivox.com provides free/cheap calls facility. This search query would return results containing websites which provide such kind of services.
related:www.hidemyass.com , now hidemyass.com provides services to maintain anonymity using proxies.This search query would return results containing websites which provide services related to proxies.
5. cache – It returns the cached webpage that is kept with google.
cache:www.explorehacking.com, this dork is useful very when actually the website is down and
you can still view its contents (from cached pages).
6. ext – It specifies the extension .
You can use ‘filteype‘ at place of ‘ext’.:
ext:ppt hacking – this will return powerpoint presentations (ppt files) on topic ‘hacking’.
ext:doc hacking – this will return microsoft word files on topic ‘hacking’
Extensions that google supports are pdf,swf,rtf,doc,ppt,dwf,ps,kml,kmz,xls.
Note: Undoubtedly,you can combine these search operators for example
site:gov inurl:adminlogin will return the government site webpages who have word ‘adminlogin’ in URL.Google Dorks can help you search the World Wide Web in depth for sensitive data, passwords, specific info, etc. Great for hunting targets . Below are some examples of the power behind a Google Search.
Files Containing Usernames
Google Search: filetype:conf inurl:proftpd.conf -sample
(A standard FTP configuration file that provides far too many details about how the server is setup, including installation paths, location of logfiles, generic username and associated group, etc)
Google search: inurl:/xampp
(Looks for servers with xampp installed)
Web Server Detection
Google search: intitle:”Apache Status” “Apache Server Status for”
(New Apache Server Status Dork)
Google Dork “allinurl:forcedownload.php?file=”
(Sites that use the forcedownload.php script are vulnerable to url manipulation, and will spit out any file on the local site, including the PHP files themselves with all server side code, not the rendered page, but the source itself. This is most commonly used on wordpress sites to grab the wp-config.php file to gain access to the database, but is not limited to wordpress sites. I only list it as an example, so people understand the weight of flaw.)
Google search: intitle:awen+intitle:asp.net
(This google dork exposes any already uploaded asp.net shells which are available in BackTrack.)
Google search: inurl:”*.php?*=*.php” intext:”Warning: include” -inurl:.html -site:”php.net” -site:”stackoverflow.com” -inurl:”*forums*”
(PHP Error Messages.)
Files Containing Juicy Info
Google search: inurl:.com/configuration.php-dist
(Finds the configuration files of the PHP Database on the server.)
Files Containing Juicy Passwords
Google search: filetype:xls “username | password”
(This search reveals usernames and/or passwords of the xls documents.)
Sensitive Online Shopping Info
Google search: intext:”Powered by X-Cart: shopping cart software” -site:x-cart.com
(X-Cart (version 4.0.8) has multiple input validation vulnerabilities. There doesn’t seem to be any way to search for specific versions of the software with Google)
Network & Vulnerability Data
Google search: site*.*.*/webalizer intitle:”Usage Statistics”
(Shows usage statistics of sites. Includes monthy reports on the IP addresses, user agents, and more, of the viewers of the sites, the most active first.)
Pages Containing Login Portals
Google Search: inurl:phpliteadmin.php
(The Default password is admin)
Various Online Devices
Google search: intitle:”hp laserjet” inurl:info_configuration.htm
(HP LaserJet printers)
Advisories & Vulnerabilities
Google search: “Powered by kryCMS”
(kryCMS Version 3.0 SQL Injection)
This is an incredible post, found on the LetThemFindUs.com forums.