Google Dorks: The Powerup for the Search Engine
Published at – 8 min read – 1961 words
It is estimated that Google has downloaded more pages than any other search engine in the field. With over billions of pages and a relatively low execution time, the popular Californian search engine is able to satisfy all research, both for educational purposes and for purely curiosity purposes.
The search engine is so powerful that it can categorize more than 15 million pages in less than a minute. But it was not always like this: in 1999 it took more than a month for such operation. In addition, it is assumed that more than 60,000 searches are conducted per second through the popular Google search engine. This means over 1000 billion searches a year! Astronomical numbers to which Google manages to stay behind with the huge infrastructure.
Search engines have improved the lives of many people: having so much information within 1 minute is a point of reflection for anyone. Yet not everyone is able to take full advantage of the popular Google search engine. In the last days, from a research conducted by an important company seems to have emerged the inability of many people, students and not, to find something on a specific topic through search engines.
Google Dorks
Dorks are defined as research texts, prepared in a limited way for the purpose, made up of different keywods, which are fed into a search engine to obtain specific results. Those are also called “query”.
googleDorking has been used in a documented way since the early 2000s. Like many of the most successful hacks, googleDorking is not technically sophisticated. It simply requires the use of certain operators - special keywords supported by a particular search engine - in a correct and sometimes creative way. Johnny Long, aka j0hnnyhax, was a pioneer of googleDorking.
Purposes
The dorks are mainly used to refine the search results, in order to have more specific links.
A very concrete example could be the searching of Neapolitan pizza. The keyword pizza, searched on Google, has over 1,010,000,000 results while the keywords combined Neapolitan pizza have already several results in less. This is already an attempt to refine our research. Having many different results both for quality and for origin, we always need to narrow down the search field.
Assuming that some technician may not have applied some security rules, you can looking for some confidential files, not intended for the public of the Internet. But not only that, vulnerabilities are sought by kiddie scripts right through Google. A careful query in fact looks for error messages, configuration files or other that could in some way expose the software version or other.
Dorking can be employed across various search engines, not just on Google. In everyday use, search engines like Google, Bing, Yahoo, and DuckDuckGo accept a search term, or a string of search terms and return matching results. But search engines are also programmed to accept more advanced operators that refine those search terms. An operator is a key word or phrase that has particular meaning for the search engine.
Syntax
The google dorks are really syntactically basic, they all follow the same syntax:
namedork: parameter
Specials characters
| Dork | Description | Example |
|---|---|---|
| Double apexes [ “search string” ] | Double quotes are used to search for a specific word or a set of words written exactly that way. | “gelato” |
| Minus sign [ -string ] | The minus sign in front of the word tells Google to exclude that specific word from the search. | -cripto |
| Tilde [ ~string ] | Specifically, it indicates a Google to search its synonyms over a word. | ~car |
| Operator “OR” [string OR string_2] | This logical operator tells Google to look for a word or the other. It can also be used more than once. | [monero OR serhack] |
Helpful and Useful Dorks
| Dork name | Description | Example |
|---|---|---|
| site: domain | search results will be files and pages in the domain specified by domain | site:w3school.com |
| intitle: word | the search results will contain in the title the word after the dork “intitle” | intitle:hi |
| inurl : word | the search results will contain in the URL the word after the dork “inurl” | inurl:gallery |
| filetype: type | search results will contain files of the extension specified by type | filetype:pdf |
| cache: url | redirect the user to the Google cache of the url specified | cache:serhack.me |
| info: root domain | the search result will contain the root domain ( root domain ) and all the information that Google has | info:amazon.com |
Personal feedback
Personally, I think that the Google dorks help a lot, both those who have good intentions and those who, unfortunately, it has bad. In fact, there are more and more social engineering attacks, using confidential and internal data discovered through a simple search.
A list of random google dorks
parent directory /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
parent directory DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
parent directory Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
parent directory Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
parent directory MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
parent directory Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
filetype:config inurl:web.config inurl:ftp
“Windows XP Professional” 94FBR
ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext:confidential salary | intext:"budget approved") inurl:confidential
ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext:confidential salary | intext:”budget approved”) inurl:confidential
ext:inc "pwd=" "UID="
ext:ini intext:env.ini
ext:ini Version=... password
ext:ini Version=4.0.0.4 password
ext:ini eudora.ini
ext:ini intext:env.ini
ext:log "Software: Microsoft Internet Information Services *.*"
ext:log "Software: Microsoft Internet Information
ext:log "Software: Microsoft Internet Information Services *.*"
ext:log \"Software: Microsoft Internet Information Services *.*\"
ext:mdb inurl:*.mdb inurl:fpdb shop.mdb
ext:mdb inurl:*.mdb inurl:fpdb shop.mdb
ext:mdb inurl:*.mdb inurl:fpdb shop.mdb
filetype:SWF SWF
filetype:TXT TXT
filetype:XLS XLS
filetype:asp DBQ=" * Server.MapPath("*.mdb")
filetype:asp "Custom Error Message" Category Source
filetype:asp + "[ODBC SQL"
filetype:asp DBQ=" * Server.MapPath("*.mdb")
filetype:asp DBQ=\" * Server.MapPath(\"*.mdb\")
filetype:asp “Custom Error Message” Category Source
filetype:bak createobject sa
filetype:bak inurl:"htaccess|passwd|shadow|htusers"
filetype:bak inurl:\"htaccess|passwd|shadow|htusers\"
filetype:conf inurl:firewall -intitle:cvs
filetype:conf inurl:proftpd. PROFTP FTP server configuration file reveals
filetype:dat "password.dat
filetype:dat \"password.dat\"
filetype:eml eml +intext:"Subject" +intext:"From" +intext:"To"
filetype:eml eml +intext:\"Subject\" +intext:\"From\" +intext:\"To\"
filetype:eml eml +intext:”Subject” +intext:”From” +intext:”To”
filetype:inc dbconn
filetype:inc intext:mysql_connect
filetype:inc mysql_connect OR mysql_pconnect
filetype:log inurl:"password.log"
filetype:log username putty PUTTY SSH client logs can reveal usernames
filetype:log “PHP Parse error” | “PHP Warning” | “PHP Error”
filetype:mdb inurl:users.mdb
filetype:ora ora
filetype:ora tnsnames
filetype:pass pass intext:userid
filetype:pdf "Assessment Report" nessus
filetype:pem intext:private
filetype:properties inurl:db intext:password
filetype:pst inurl:"outlook.pst"
filetype:pst pst -from -to -date
filetype:reg reg +intext:"defaultusername" +intext:"defaultpassword"
filetype:reg reg +intext:\"defaultusername\" +intext:\"defaultpassword\"
filetype:reg reg +intext:â? WINVNC3â?
filetype:reg reg +intext:”defaultusername” +intext:”defaultpassword”
filetype:reg reg HKEY_ Windows Registry exports can reveal
filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS
filetype:sql "insert into" (pass|passwd|password)
filetype:sql ("values * MD5" | "values * password" | "values * encrypt")
filetype:sql (\"passwd values\" | \"password values\" | \"pass values\" )
filetype:sql (\"values * MD\" | \"values * password\" | \"values * encrypt\")
filetype:sql +"IDENTIFIED BY" -cvs
filetype:sql password
filetype:sql password
filetype:sql “insert into” (pass|passwd|password)
filetype:url +inurl:"ftp://" +inurl:";@"
filetype:url +inurl:\"ftp://\" +inurl:\";@\"
filetype:url +inurl:”ftp://” +inurl:”;@”
filetype:xls inurl:"email.xls"
filetype:xls username password email
index of: intext:Gallery in Configuration mode
index.of passlist
index.of perform.ini mIRC IRC ini file can list IRC usernames and
index.of.dcim
index.of.password
intext:" -FrontPage-" ext:pwd inurl:(service | authors | administrators | users)
intext:""BiTBOARD v2.0" BiTSHiFTERS Bulletin Board"
intext:"# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd
intext:"#mysql dump" filetype:sql
intext:"#mysql dump" filetype:sql 21232f297a57a5a743894a0e4a801fc3
intext:"A syntax error has occurred" filetype:ihtml
intext:"ASP.NET_SessionId" "data source="
intext:"About Mac OS Personal Web Sharing"
intext:"An illegal character has been found in the statement" -"previous message"
intext:"AutoCreate=TRUE password=*"
intext:"Can't connect to local" intitle:warning
intext:"Certificate Practice Statement" filetype:PDF | DOC
intext:"Certificate Practice Statement" inurl:(PDF | DOC)
intext:"Copyright (c) Tektronix, Inc." "printer status"
intext:"Copyright © Tektronix, Inc." "printer status"
intext:"Emergisoft web applications are a part of our"
intext:"Error Diagnostic Information" intitle:"Error Occurred While"
intext:"Error Message : Error loading required libraries."
intext:"Establishing a secure Integrated Lights Out session with" OR intitle:"Data Frame - Browser not HTTP 1.1 compatible" OR intitle:"HP Integrated Lights-
intext:"Fatal error: Call to undefined function" -reply -the -next
intext:"Fill out the form below completely to change your password and user name. If new username is left blank, your old one will be assumed." -edu
intext:"Generated by phpSystem"
intext:"Generated by phpSystem"
intext:"Host Vulnerability Summary Report"
intext:"HostingAccelerator" intitle:"login" +"Username" -"news" -demo
intext:"IMail Server Web Messaging" intitle:login
intext:"Incorrect syntax near"
intext:"Index of" /"chat/logs"
intext:"Index of /network" "last modified"
intext:"Index of /" +.htaccess
intext:"Index of /" +passwd
intext:"Index of /" +password.txt
intext:"Index of /admin"
intext:"Index of /backup"
intext:"Index of /mail"
intext:"Index of /password"
intext:"Microsoft (R) Windows * (TM) Version * DrWtsn32 Copyright (C)" ext:log
intext:"Microsoft CRM : Unsupported Browser Version"
intext:"Microsoft ® Windows * ™ Version * DrWtsn32 Copyright ©" ext:log
intext:"Network Host Assessment Report" "Internet Scanner"
intext:"Network Vulnerability Assessment Report"
intext:"Network Vulnerability Assessment Report"
intext:"Network Vulnerability Assessment Report" 本文来自 pc007.com
intext:"SQL Server Driver][SQL Server]Line 1: Incorrect syntax near"
intext:"Thank you for your order" +receipt
intext:"Thank you for your order" +receipt
intext:"Thank you for your purchase" +download
intext:"The following report contains confidential information" vulnerability -search
intext:"phpMyAdmin MySQL-Dump" "INSERT INTO" -"the"
intext:"phpMyAdmin MySQL-Dump" filetype:txt
intext:"phpMyAdmin" "running on" inurl:"main.php"
intextpassword | passcode) intextusername | userid | user) filetype:csv
intextpassword | passcode) intextusername | userid | user) filetype:csv
intitle:"index of" +myd size
intitle:"index of" etc/shadow
intitle:"index of" htpasswd
intitle:"index of" intext:connect.inc
intitle:"index of" intext:globals.inc
intitle:"index of" master.passwd
intitle:"index of" master.passwd 007电脑资讯
intitle:"index of" members OR accounts
intitle:"index of" mysql.conf OR mysql_config
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" spwd
intitle:"index of" user_carts OR user_cart
intitle:"index.of *" admin news.asp configview.asp
intitle:("TrackerCam Live Video")|("TrackerCam Application Login")|("Trackercam Remote") -trackercam.com
intitle:(“TrackerCam Live Video”)|(“TrackerCam Application Login”)|(“Trackercam Remote”) -trackercam.com
inurl:admin inurl:userlist Generic userlist files
inurl:php?=id1
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num= andinurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
