Google Dorking is a technique of finding information on Google which cannot be returned using simple search queries. You can even search for information which is not intended for public view with the help of this technique.
Let’s do some Dorking!
If you want to search for a blog on a particular topic, say “Software Testing”. A simple search query would be “Blog on Software Testing”.
However, this query returns the results that do not just contain blogs but related links as well. As you can see in the screenshot, there are more than 10 Million results. It is not humanly possible to go through all the links.
In this case, Google Dorking comes to the rescue and can be used to filter these results. Instead of simple search query try the following:
Inurl:”/blog” intitle:“Software Testing”
Notice, how the results got filtered and went down from 10 Million to just 8200. You can also see that most of the results are blog links.
We have used Google Dorks in the above query to filter our results. Google Dorks, sometimes also referred to as just Dorks is a search string that uses advanced search operators and helps us in finding information which is not easily available on a website. Below are some more Dorks:
If you want to filter these results further and look for a blog on a particular site, say otothenew.com, you can try the following query:
Inurl:”/blog” site:tothenew.com intitle:“Software Testing”
You can observe that Google filters the results from 10 Million to just 12. Isn’t it amazing?
Unleash the power of Google Dorking
Google Dorking is not limited to providing you with a refined search result but with also a lot of interesting hidden information too.
Let us see what else you can search with the help of Google Dorking.
- Robots.txt : This file contains instructions for Web Robots. It tells the pages which pages should be shown and the ones which should not be. Following is a query for searching robots.txt files:
- Public Google Drives: You can also find files and folders on Google Drive with public access. Try the below query:
- Sites with Mysql Warnings/Errors : Results containing the list of websites with MySQL warnings or errors. Instead of mysql_fetch_assoc(), you can try other warnings and errors too.
inurl:"id=" & intext:"Warning: mysql_fetch_assoc()"
Google Dorking and Cyber Attacks
In the years 2012 and 2013 there were several cyber attacks carried out by Iranian hackers. One of the attack was on the New York City dam. The attackers used Google Dorking to fetch out sensitive information related to water level and dam’s sluice gate. However the attack was foiled as the dam’s sluice gate were offline for maintenance work at the time of hack.
Google Dorking is just as good as it is bad. It totally depends on the side you are on. You can either choose to be good, that is, use this technique to test system’s security to see if it can be breached by hackers or you can choose to use it for malicious activities. The choice is yours.
Word of Advice
This blog is only for the purpose of educating about Google Dorking. As mentioned, this technique is as good as it is bad and should NOT be used for any malicious activity. Hacking is an illegal activity and I strongly condemn it and advise everyone to refrain from it.