How To Get Anything You Ever Wanted | Ultimate Dorking Trick

In this tutorial, we will be using Google to gather more sensitive information about the target.

This thread is long. If you want to skip all the theory part and just want examples, you can directly go to the second part. Also remember that the only thing that motivates me to keep contributing is support, so please show some love if you do enjoy.

A Google dork query is a search string that uses advanced search operators to find information that is not readily available on a website. Google Dorking, also known as Google hacking, can return information that is difficult to locate through simple search queries.

In this tutorial, we will be using Google to gather more sensitive information about the target.

Please remember that Google dorks are only working with Google browser.

Queries

A query is basically the thing that tells google where you want to search. I’m going to introduce the most common ones, then I will show some examples, and then explain how you can custom your searches.

The syntax is the same for all queries :

queryOne:"keywords" queryTwo:"other keywords"

Now let’s see what are the different queries you can use.

  • inurl

InUrl is used to search for any text inside the uri. Many times used by hackers to search for vulnerable scripts and plugins or sensitive information in the website. It is used a lot for SQL injections, as it allows you to detect vulnerable websites.

Example: inurl:/status?full=true will return all url contain keyword “status?full=true”

  • allinurl

If you search with allinurl: Google restricts results to those containing all the query terms you specify in the URL.

Example: allinurl:google dork will return all url contain keyword “google” and “dork”

  • intext

InText is used to search for any text in the body or the source code of the website. It is many times used by hackers to search for particular version of application which is exploitable.
Example: intext: google dork will return website contain keyword “google dork” in HTML page.

  • allintext

If you search with allintext: Google restricts results to those containing all the query terms you specify in the text of the page.

  • filetype

Filetype is used to search for any type of file which you want to locate in a particular website or on any particular subject, or you can search for any type of file freely. Used by hackers to search for files containing Sensitive information to exploit the websites.

  • intitle

InTitle is used to search for titles of the webpages. Hackers use to to search for vulnerable pages or the indexing on a website.

  • allintitle

If search with allinurl: Google restricts results to those containing all the query terms you specify in the title.

  • site

Using this dork, you can minimize the area of search to a particular website. Hackers use it to target and search sensitive information in a website.

  • link

This dork checks other websites containing links to a website. Hackers use to search any other information related to their target.

  • cache

The URL will display Google’s cached version of a web page, instead of the current version of the page.

Usage example

The following examples are not targeting a specific website. If you want to use dorks on one single website, just add the site:example.com query.

The most common use of google dorks is to find an open index, which basically means that the website owners didn’t secure the information that are stored on its site. You can view it by using this dork

intitle:"index of /" Parent Directory

We are grabbing every page with titles containing “index of /” and/or “parent directory”. Why? Because these sentences are used in every website’s file storage.

Now let’s say you want to look for admin directories

You can use this dork

intitle:"Index of /admin"

This is pretty easy to understand. We’re looking if the page’s title contains ‘index of /admin’. Remember that putting a ‘/’ before a keyword is used to search for directories, not for files.

You can replace “admin” by whatever you’re looking for! Mails, passwords, payment information, …

Okay, that’s cool, but now I want to search for files. You can do it by filtering files’ names…

intitle:"Index of /" password.txt

… or file’s extension!

intitle:"index of ftp" .jpg

This way you can very easily get personal information, pictures, even ID scans.

Now we can also search for pages that are reserved to admins, or that contains login features. You can use different methods, based on the page’s title, the URL, or even files extensions.

intitle: "login" "admin"inurl: "admin" "login"inurl:admin filetype:db

The possibilities are endless!

I hope this tutorial helped you, and remember that dorks are made to be customized. Don’t do the same queries as everyone, or the ‘sensitive’ content you will find will already be leeched by others. Find new ways in, new possibilities!

Here are the references I used to make this

https://www.exploit-…cking-database/ 48
https://www.blackhat…_EU_05-Long.pdf 33
http://securityidiot…ith-Google.html 32

(hope there is no evil cash link hidden in there BTW


Louis Idehen

269 Blog posts

Comments