What Are Google Dorks?

  • By Greg Brown
  • Aug 26, 2022

Google Dorks

Hundreds of unique expressions and idioms enter the world’s lexicon daily. Google Dorking is a phrase that demands further attention.

Dorking is a hacking approach applying advanced search operators to identify confidential material not thoroughly protected on a website or server. The information is generally not accessible for public viewing when applying familiar search queries. Hackers use Dorking to exploit security holes and open vulnerabilities of internet assets.

The Technique

Dorking is nothing more than using advanced search syntax to reveal hidden information on public websites. At its core, Google Dorking is a way to use the search giant to pinpoint vulnerabilities, flaws, and sensitive information from websites that can be taken advantage of. 

Google Dorks Technique

Dorking can work on platforms like Bing, Yahoo, and DuckDuckGo, exposing PDFs and forgotten documents still available if you know how to search. As a passive cyber-attack, Google Dorking returns valuable intelligence, such as usernames and passwords, email lists, and personally identifiable financial information.

The search giant’s advanced syntax is used to discover the forgotten. Of course, cyber-criminals quickly took advantage of the technology. Dorks had its roots in 2002 when a man named Johnny Long searched for specific website elements using custom queries.

Johnny Long Changed Everything

Johnny Long gained fame as a prolific author and well-known speaker on computer security. Long is known for his expertise in Google hacking and was one of the earliest pioneers in the field. Johnny’s current endeavor is his deep involvement with Hackers for Charity.

Long coined Google dorks, which initially referred to “an incompetent or foolish person as revealed by Google.” The term illustrated Dork is not a Google issue but rather the result of unintentional misconfiguration on the administrator’s part. 

Over time, Dorks became synonymous with search queries that located sensitive information and the vulnerability of web applications. 

Long was an early pioneer in Dorking using the search giant’s syntax. In his prior work with Computer Sciences Corporation, he determined it was feasible to locate servers running unprotected software with specifically constructed search queries. Johnny also realized he could discover servers and websites that openly shared personal financial information, including social security and credit card numbers.

The Birth of GHDB

The efforts by Long grew into the extraordinary Google Hacking Database. The GHDB is an ever-expanding assortment of Dorks used to identify publicly accessible information hidden from view. The hacking database is a categorized index of search engine queries. Each Dork brings to light interesting, and usually, sensitive information made publicly available.

The GHDB is part of CVE.org, the government’s global endeavor to define and catalog cybersecurity vulnerabilities. There are currently 182,410 CVE records available for download.

Is Google Dorking Good or Bad?

Dorking lets hackers use the search engine’s syntax to its full potential, exposing confidential information on various public websites and servers. Live security cameras and similar assets can be successfully hacked if they have no passwords. Unprotected electronic devices and sensitive information from the new camera-enabled devices can be accessed easily. If no password or protective entry is enabled for any of these electronics, Dorking is the way to get in.

Google Dorking is not illegal; however, accessing and downloading sensitive data from any government website might be. It is easy for Google, tech companies, and government authorities to figure out what you are downloading and viewing.

Be Careful When Dorking!

If used correctly, Google Dorks can be a valuable resource to web admins and others. Dorks can uncover long-forgotten email addresses and lists. Web admins can use Dorks to find vulnerable files and folders in their websites.

There are presently 7,527 Dorks in the GHDB database, with new entries added all the time. Each entry and syntax are unique, offering all types of individualized intelligence.

Here are just a few examples of what Google Dorking could look like:

Intitle:’olt web management interface’ Portals Pages containing management Login
Inurl:viewer/live/index.html Various Online devices
Intitle:index of”/venv” Sensitive Directories
Inurl:’admin/default.aspx Pages containing login portals
Intitle:” index of” intext:”Apache/2.2.3” Files containing juicy info
Intitle:”Welcome to Windows 2000 Internet Services” Web server detection
Filetype: vsd vsd network -samples -examples Network Vulnerability

A Google Dork query is a search string using advanced analytical operators to locate information. Dorks may have criteria embedded in the sequence, narrowing the search. Multiple search parameters can return specific files from a particular website or domain. 

In 2011, a group of hackers discovered 43,000 social security numbers of people associated with Yale University using Google Dorking. Another event transpired in October 2013 when approximately 35,000 websites were compromised by hackers working with Google Dorking. 

In August 2014, The United States Department of Homeland Security, FBI, and the National Counterterrorism Center warned against Google Dorking of their sites. Proposals were submitted to measure possible attack parameters and discover the information intruders were accessing.

Most online users accept Google as purely a search engine for locating websites, videos, and keeping up with current events. However, Google can be an effective hacking tool in the wrong hands. The search giant does not condone its services being used harmfully. Using Dorks to hack websites and servers illegally is unacceptable to Google.

Get Paid to Hack

what is dorking

Companies such as Google, Apple, and Microsoft pay white hat hackers big bucks to identify flaws in their systems and applications. White-hats search for bugs while running the software in everyday situations. As recently as 2019, Google dished out over a million dollars to white-hats who found an abundance of security defects in the system.

Join Google’s Bug Hunting Community and discover company product vulnerabilities. Get started with Bug Hunter University to access tips, brush up on skills, and grow with the community. 

Three Steps To Start Bug Hunting

  • Prep and gain inspiration from the community or start hunting.
  • Share your findings with Google.
  • Collect your Bugs as Digital Trophies and earn money from the big G.

A vast number of bugs and viruses affect every computer system on earth. Significant technology-driven companies such as Google and Apple find it highly beneficial to have individuals and communities tracking down these bugs. There are thousands of different viruses that hit computer systems every day. 

Dorking becomes more sophisticated with each new person that becomes involved.

About the Author
IDStrong Logo

Related Articles

The Anatomy Of Amazon Data Breach Explained

Along with being an online merchant, Amazon also supplies cloud servers to some heavy hitters in t ... Read More

What is Data Leak and How to Prevent Accidental Data Leakage

Data breaches take many forms, and one of them is through data leak and accidental web exposure. M ... Read More

The Saga of T-Mobile Data Breach

T-Mobile Data Breach incident occurred many times. Once from September 1, 2013, and September 16, ... Read More

Anthem Data Breach Exposed 78 Million Records

In the Anthem Data Breach of 2015, hackers were able to steal 78.8 million member’s records. Wha ... Read More

Everything You Need to Know About Insider Data Breach

Data breaches are on the news frequently, but the average person doesn’t really know that mu ... Read More

Latest Articles

Nelnet Data Breach Impacts 2.5 Million Students

Nelnet Data Breach Impacts 2.5 Million Students

Nelnet is a student loan service based out of Lincoln, Nebraska. Recently, it suffered a data breach that revealed the personal information of over 2.

Facebook has Been Receiving a Plethora of Medical Information

Facebook has Been Receiving a Plethora of Medical Information

In early June of 2022, the nonprofit news reporter The Markup discovered that an ad-based service, Meta Pixel, was being used by 33 of the top 100 hospitals in the US. Meta is now being sued for allegedly sending sensitive medical information to Facebook, along with two of the involved hospitals.

What is the Geek Squad Email Scam and How to Avoid It

What is the Geek Squad Email Scam and How to Avoid It

Computers are, arguably, one of the most essential items necessary for life in modernity. Through them, not only can we be entertained, but we can be informed or critiqued.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an email address
Close