What Are Google Dorks?
Table of Contents
- By Greg Brown
- Aug 26, 2022
Hundreds of unique expressions and idioms enter the world’s lexicon daily. Google Dorking is a phrase that demands further attention.
Dorking is a hacking approach applying advanced search operators to identify confidential material not thoroughly protected on a website or server. The information is generally not accessible for public viewing when applying familiar search queries. Hackers use Dorking to exploit security holes and open vulnerabilities of internet assets.
The Technique
Dorking is nothing more than using advanced search syntax to reveal hidden information on public websites. At its core, Google Dorking is a way to use the search giant to pinpoint vulnerabilities, flaws, and sensitive information from websites that can be taken advantage of.
Dorking can work on platforms like Bing, Yahoo, and DuckDuckGo, exposing PDFs and forgotten documents still available if you know how to search. As a passive cyber-attack, Google Dorking returns valuable intelligence, such as usernames and passwords, email lists, and personally identifiable financial information.
The search giant’s advanced syntax is used to discover the forgotten. Of course, cyber-criminals quickly took advantage of the technology. Dorks had its roots in 2002 when a man named Johnny Long searched for specific website elements using custom queries.
Johnny Long Changed Everything
Johnny Long gained fame as a prolific author and well-known speaker on computer security. Long is known for his expertise in Google hacking and was one of the earliest pioneers in the field. Johnny’s current endeavor is his deep involvement with Hackers for Charity.
Long coined Google dorks, which initially referred to “an incompetent or foolish person as revealed by Google.” The term illustrated Dork is not a Google issue but rather the result of unintentional misconfiguration on the administrator’s part.
Over time, Dorks became synonymous with search queries that located sensitive information and the vulnerability of web applications.
Long was an early pioneer in Dorking using the search giant’s syntax. In his prior work with Computer Sciences Corporation, he determined it was feasible to locate servers running unprotected software with specifically constructed search queries. Johnny also realized he could discover servers and websites that openly shared personal financial information, including social security and credit card numbers.
The Birth of GHDB
The efforts by Long grew into the extraordinary Google Hacking Database. The GHDB is an ever-expanding assortment of Dorks used to identify publicly accessible information hidden from view. The hacking database is a categorized index of search engine queries. Each Dork brings to light interesting, and usually, sensitive information made publicly available.
The GHDB is part of CVE.org, the government’s global endeavor to define and catalog cybersecurity vulnerabilities. There are currently 182,410 CVE records available for download.
Is Google Dorking Good or Bad?
Dorking lets hackers use the search engine’s syntax to its full potential, exposing confidential information on various public websites and servers. Live security cameras and similar assets can be successfully hacked if they have no passwords. Unprotected electronic devices and sensitive information from the new camera-enabled devices can be accessed easily. If no password or protective entry is enabled for any of these electronics, Dorking is the way to get in.
Google Dorking is not illegal; however, accessing and downloading sensitive data from any government website might be. It is easy for Google, tech companies, and government authorities to figure out what you are downloading and viewing.
Be Careful When Dorking!
If used correctly, Google Dorks can be a valuable resource to web admins and others. Dorks can uncover long-forgotten email addresses and lists. Web admins can use Dorks to find vulnerable files and folders in their websites.
There are presently 7,527 Dorks in the GHDB database, with new entries added all the time. Each entry and syntax are unique, offering all types of individualized intelligence.
Here are just a few examples of what Google Dorking could look like:
Intitle:’olt web management interface’ Portals | Pages containing management Login |
Inurl:viewer/live/index.html | Various Online devices |
Intitle:index of”/venv” | Sensitive Directories |
Inurl:’admin/default.aspx | Pages containing login portals |
Intitle:” index of” intext:”Apache/2.2.3” | Files containing juicy info |
Intitle:”Welcome to Windows 2000 Internet Services” | Web server detection |
Filetype: vsd vsd network -samples -examples | Network Vulnerability |
A Google Dork query is a search string using advanced analytical operators to locate information. Dorks may have criteria embedded in the sequence, narrowing the search. Multiple search parameters can return specific files from a particular website or domain.
In 2011, a group of hackers discovered 43,000 social security numbers of people associated with Yale University using Google Dorking. Another event transpired in October 2013 when approximately 35,000 websites were compromised by hackers working with Google Dorking.
In August 2014, The United States Department of Homeland Security, FBI, and the National Counterterrorism Center warned against Google Dorking of their sites. Proposals were submitted to measure possible attack parameters and discover the information intruders were accessing.
Most online users accept Google as purely a search engine for locating websites, videos, and keeping up with current events. However, Google can be an effective hacking tool in the wrong hands. The search giant does not condone its services being used harmfully. Using Dorks to hack websites and servers illegally is unacceptable to Google.
Get Paid to Hack
Companies such as Google, Apple, and Microsoft pay white hat hackers big bucks to identify flaws in their systems and applications. White-hats search for bugs while running the software in everyday situations. As recently as 2019, Google dished out over a million dollars to white-hats who found an abundance of security defects in the system.
Join Google’s Bug Hunting Community and discover company product vulnerabilities. Get started with Bug Hunter University to access tips, brush up on skills, and grow with the community.
Three Steps To Start Bug Hunting
- Prep and gain inspiration from the community or start hunting.
- Share your findings with Google.
- Collect your Bugs as Digital Trophies and earn money from the big G.
A vast number of bugs and viruses affect every computer system on earth. Significant technology-driven companies such as Google and Apple find it highly beneficial to have individuals and communities tracking down these bugs. There are thousands of different viruses that hit computer systems every day.
Dorking becomes more sophisticated with each new person that becomes involved.