Google Dork For Pentesters

Google dorking is a method or technique used by experts to find information exposed in the internet accidently. This technique can also be used to get precise information on any topic while googling things. The first thing that a cyber security expert thinks when he hears accidently connected to the internet might be shodan,but we are going to see how we can see these data through a simple google search, for this we will be using specific search strings,things like log files, error files,index of files, webcams,sites without ssl certificate, admin pages etc.From a bug hunters prespective these are low severity bugs, even though it is a very powerful technique.

How does the google give us search results ?

Whenever we search for anything in Google,Google uses an automated powerful software called crawlers or web crawlers to go through all the web pages.While the crawlers crawl through the web pages it learns about the content,images,video files etc and create index for the web page.These index are stored in large servers.Index is later used to give search results faster to the user who is searching.

Google Dorking?

In simple words you can find anything on the internet using google dorks,including files exposed to the internet too. These can be called as advanced google search operators also. From a security researchers perspective Google dorking can be a passive information gathering/footprinting technique that is used to discover vulnerabilities,data exposture and security misconfigurations in websites.

It involves using of specialized search query operators to fine tune results based on what we are looking for.Some of the very common google search operators are mentioned below.

inurl:Restricts results to the URL of a website.

intext or allintext:Searches through the text in the webpages

intitle:Restricts results to the titles of a website.

example

site: Narrows results to a site or a specific site.

filetype: Searches for specific file types based on the extensions (iso,pdf,jpeg etc).

cache:Searches for a cached copy of a webpage when it was indexed by google usually used to find old version of webpages.

inanchor:This can be used when you need to search for exact anchor text used on any links.

*: used to search pages that contain “anything” before your input word. eg: How to * a system?

|: This is a logical operator used to give multiple search input in a single search.

+:Used to concatenate words.

- :Minus operator used to remove or avoid showing results that contain certain words.

You can find more here:https://www.searchenginejournal.com/google-search-operators-commands/215331/#close

Some google dork examples

These are presented for strictly educational purposes only.I am not responsible for any misuse of these contents.

The interesting things we can find on google includes Log files,vulnerable web servers,open FTP servers,ENV files,SSH private keys,Email lists,Live cctv camers,PDF files,Zoom videos,Admin pages of websites,Government documents, and the list goes on.Let’s see a few examples of these.

Vulnerable web servers

inurl:/proc/self/cwd

There are many more.

Open FTP servers

intitle:”index of” inurl:ftp

SSH private keys

intitle:index.of id_rsa -id_rsa.pub

Email lists

filetype:xls inurl:”email.xls”

live cameras

ip based cameras :- inurl:top.htm inurl:currenttime

To search WebcamXP-based transmition:- intitle:”webcamXP 5"

There are a lot of live camera dorks that will let you watch any part of the world, that too live in your room. You can find education, government, and even military cameras without IP restrictions out there.

If you can get creative you can even do some white hat penetration testing on these cameras; you’ll be surprised at how you’re able to take control of the full admin panel remotely, and even re-configure the cameras as you need them to.

Zoom videos

“Zoom-bombing” became a popular during online meetings in 2020 during the initial lockdown time. The company has since tried to placed some restrictions to make it harder to find/disrupt Zoom meetings, but as long as a URL is shared, a Zoom meeting can still be found in the internet. Some times it will take crowlers some time ti find the meeting.Sometimes the meeting might have been over also.

inurl:zoom.us/j and intext:scheduled for

Many more things can be found using google dorks but for now let’s conclude with some safety tips.

Preventing Google Dorks

There are a lot of ways to avoid falling into the eyes of a Google Dork.These measures are suggested to prevent your sensitive information from being indexed by search engines like Google.

  • Protect private areas with a user and password authentication and also by using IP-based restrictions.
  • Encrypt your sensitive data(user names, passwords, credit cards, email, addresses, IP addresses, phone numbers, and all other data).
  • Run regular dork queries against your own website to see if you can find any important information leaked before the bad guys can find them. You can find a great list of popular dorks at the Exploit DB Dorks database.
  • Run regular vulnerability scans against your own site, these usually use popular Google Dorks queries and can be pretty effective in detecting the most common ones easily.
  • If you find sensitive content exposed, you can request its removal by using Google Search Console.
  • Block sensitive content by using a robots.txt file located in your root-level website directory of your wesite.
  • some configurations to prevent Google Dorking are as mentioned:-
User-agent: *
Disallow: /
Disallow: /admin/
Disallow: /privatearea/file.htm
Disallow: /*?
Disallow: /*.php$/

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mr Carlo

Mr Carlo

I'm just curious about cyber security