The term “Google Hacking“ certainly does not mean hacking Google company. It means that you can do specially selected queries for the popular Google search engine, which allow you to find information useful for analyzing the security of other websites. With the help of these queries, you will find e.g. vulnerable pages, holes in the code, server and script version, data that should not be published, passwords, databases, etc.
Google Hacks is also called Google Dorks.
Below I share with you some of the interesting Google Dorks I used in the past (one Google Dork per line):
allintext: “Pixie Powered”
Copy and paste each of them to Google Search and check the result. Interesting right? So, how it works?
As you can see there is a lot of operators you can use in search, to narrow your search results to the most interesting ones. Here is the list with some examples. Read it and create some search queries combining several of them.
OR - Search for X or Y. Examples: jobs OR gates / jobs | gates
AND - Search for X and Y. Example: jobs AND gates
- - Exclude a term or phrase. Example: jobs **-**apple
* - Acts as a wildcard and will match any word or phrase. Example: steve ***** apple
( ) - Group multiple terms or search operators to control how the search is executed. Example: (ipad OR iphone) apple
$ - Search for prices. Example: ipad **$**329
define: - A dictionary built into Google, basically. This will display the meaning of a word in a card-like result in the SERPs. Example: **define:**entrepreneur
cache: - Returns the most recent cached version of a web page. Example: **cache:**apple.com
filetype: - Restrict results to those of a certain filetype. E.g., PDF, DOCX, TXT, PPT, etc. Example: apple filetype:pdf / apple **ext:**pdf
site: - Limit results to those from a specific website. Example: **site:**apple.com
related: - Find sites related to a given domain. Example: **related:**apple.com
intitle: - Find pages with a certain word (or words) in the title. Example: **intitle:**apple
allintitle: - Similar to “intitle,” but only results containing all of the specified words in the title tag will be returned. Example: **allintitle:**apple iphone
inurl: - Find pages with a certain word (or words) in the URL. Example: **inurl:**apple
allinurl: - Similar to “inurl,” but only results containing all of the specified words in the URL will be returned. Example: **allinurl:**apple iphone
intext: - Find pages containing a certain word (or words) somewhere in the content. Example: **intext:**apple
allintext: - Similar to “intext,” but only results containing all of the specified words somewhere on the page will be returned. Example: **allintext:**apple iphone
AROUND(X) - Proximity search. Find pages containing two words or phrases within X words of each other. For this example, the words “apple” and “iphone” must be present in the content and no further than four words apart. Example: apple AROUND(4) iphone
weather: - Find the weather for a specific location. This is displayed in a weather snippet, but it also returns results from other “weather” websites. Example: **weather:**san francisco
stocks: - See stock information (i.e., price, etc.) for a specific ticker. Example: **stocks:**aapl
map: - Force Google to show map results for a locational search. Example: **map:**silicon valley
movie: - Find information about a specific movie. Also finds movie showtimes if the movie is currently showing near you. Example: **movie:**steve jobs
in - Convert one unit to another. Works with currencies, weights, temperatures, etc. Example: $329 in GBP
source: - Find news results from a certain source in Google News. Example: apple source:the_verge
_ - Acts as a wildcard for Google Autocomplete. Example: apple CEO _ jobs
During various types of search, it is useful to automate this process. Here are some interesting programs/scripts that will help you to run search using Google Dorks.
Katana-ds (ds for dork_scanner) is a simple python tool that automates Google Hacking/Dorking and support Tor. It becomes a more powerful in combination with GHDB.
This tool search for websites automatically.
python3 kds.py -h (for help)
Scada mode gives interesting results and it is awesome function.
uDork is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files or directories, find IoT devices, detect versions of web applications, and so on. uDork does NOT make attacks against any server, it only uses predefined dorks and/or official lists from exploit-db.com GHDB.
./uDork.sh <Domain/IP> [option] <string> / all
This tool allows you to define specific domain/IP address.
All in one tools for XSS payload generator, XSS Scanner and also XSS Dork Finder.
This tool creates payload for use in xss injection, select default payload tags from parameter or write your payload. It makes xss inj. with Xss Scanner parameter and it finds vulnerable sites url with Xss Dork Finder parameter.
hoek@bughunter:/opt/XSS-LOADER$ python3 payloader.py
Enter your dork and check results.
The use of Google Dorks is completely legal and not prohibited. The question is what you will do with the results you get. Everything that Google indexes becomes public, but in the case of private data it is mostly developer or user error. Perform your searches/scans with the use of a proxy or VPN. Don’t act to harm others. Use the finds to earn money as a bounty hunter.
If you know any interesting programs or scripts that you use, I’ll be happy to hear what.