Google Dorks are not for dorks.

All of us have probably used Google Search to search for information at least once in our life. But I bet that most of you (including myself up to the recent time) have never heard of Google dorks.

What is a Google dork?

Google Dork, sometimes known as a dork is a technique of using searching operators in Google Search to find information that is not usually available on a website. This information is normally difficult to locate through simple search queries and might contain sensitive data about the individual or a company. In short, it involves using a searching engine as a hacking tool.

Who is using Google dorks?

You might be wondering who is a common beneficial and user of Google dorks. Dorking (as is the common term for using Google dorks) can be used by penetration testers during for their open-source intelligence (OSINT) gathering. Attackers can also use dorks for some malicious purpose as they are using them to find vulnerabilities and sensitive information.

Is it illegal to use Google dorks?

Using Google dorks is not illegal if used for research, but it is considered illegal when used for malicious purpose and can be punished by legal institutions.

Enough chit-chat, show me the magic!

Well, dorking is not that hard as one might assume. Google Search implements several operators that can be used to accomplish our task.

First of all there is a site command which specifies that the search should return a list of all indexed URLs from a website or domain given as parameter. The site specifying command is often used in conjunction with the inurl command that searches for a specific term in the URL (such as wp-admin.php which is one of the default administration pages for WordPress).

site: www.thenameofthecompany.com inurl: admin

The above query is used for searching the site www.thenameofthecompany.com and looking for the occurrence of admin in the URL.

Hidden from the plain sight doesn’t mean secure

We can also look for specific file extensions using the command filetype as some companies are still storing their internal memos in the PDF files thinking that when they hide them from the plain sight, they are secure. Spoiler alert. They are not.

site: www.thenameofthecompany.com filetype:pdf

I have also encountered companies storing CSV files with the email addresses of their clients. Let’s combine all the commands we have learned so far into another query which would find out these files for us.

site: www.thenameofthecompany.com filetype: csv inurl: email.csv

Interested in some live videos?

Public television cameras are usually connected to the internet and therefore they are common target of hackers and cybercriminals. Using dorks, everyone can fetch live video camera web pages unrestricted by IP. Sometimes it is also possible to snuck into the admin panel remotely and reconfigure the cameras.

inurl: top.htm inurl: currenttime

How to protect yourself against dorking?

Sensitive information must be protected meaning it is crucial to prevent dorking. Here are some tips on how to protect yourself and your company.

  1. IP-based restrictions and password authentication should be used to protect private areas.
  2. All sensitive information (ids, passwords, emails, phone numbers etc.) should be encrypted.
  3. Frequent running of vulnerability scans can help to find and disable Google dorks.
  4. Run dork queries to discover loopholes in your system.
  5. Hide and block sensitive content using the robots.txt file located in the root-level website directory.

If you have read so far, you might want to follow me here on Hashnode. Feel free to connect with me over at LinkedIn or Mastodon.