Introduction:

Google Dorking is a technique that allows ethical hackers, system administrators, and cybersecurity professionals to uncover sensitive or hidden information on the web using advanced search queries. These “Google Dorks” help find specific files, directories, and other data that might be exposed unintentionally. In this guide, we’ll explore various Google Dorks listed in the Jassifx Google Dorks repository, diving deeper into the syntax and real-world applications with more advanced examples. By the end, you’ll be able to leverage these search operators for security audits and web reconnaissance.


1. Filetypes Dork

The filetype dork is used to search for specific file types across websites, often revealing sensitive documents like PDFs, spreadsheets, or text files.

Syntax:

filetype:[extension] "keyword"

Advanced Example:

filetype:xls "passwords" -site:example.com
  • Explanation: This query searches for Excel files (.xls) that contain the keyword “passwords” but excludes results from example.com. This can help you find spreadsheets containing sensitive data such as passwords that have been unintentionally exposed.

Other Examples:

  • Search for PDF files containing tax documents:filetype:pdf "tax returns" site:gov.in
  • Find DOCX documents on financial reports:filetype:docx "financial report" site:edu

2. Index of Dork

When directories are not properly secured, they are often indexed and openly available to the public. The “Index of” dork helps locate these directories.

Syntax:

intitle:"index of" "keyword"

Advanced Example:

intitle:"index of" "private"
  • Explanation: This search will list directories containing files with the word “private,” potentially revealing sensitive data or confidential information.

Other Examples:

  • Find public directories containing backup files:intitle:"index of" backup
  • Discover admin directories:intitle:"index of" "admin"

3. Login Pages Dork

The inurl operator is used to find login pages, admin panels, or other web portals where login functionality is present. This can be a useful tool for security audits to locate publicly accessible admin pages.

Syntax:

inurl:admin "login"

Advanced Example:

inurl:admin -intext:"password recovery" site:.gov
  • Explanation: This query searches for admin login pages on .gov websites but excludes any results containing the phrase “password recovery,” helping narrow down the exact admin portals.

Other Examples:

  • Search for user login portals:inurl:login "user"
  • Find admin panels for WordPress websites:inurl:wp-admin login

4. Database Dork

Databases such as SQL files are sometimes left exposed and searchable through Google. The filetype:sql dork helps uncover these files, potentially containing user credentials, sensitive data, and more.

Syntax:

filetype:sql "keyword"

Advanced Example:**

filetype:sql intext:"password" site:.com
  • Explanation: This query searches for SQL files on .com domains that contain the word “password,” potentially revealing usernames and passwords stored in plain text within exposed database files.

Other Examples:

  • Search for SQL databases containing credit card information:filetype:sql intext:"credit card"

5. Sensitive Information Dork

Sensitive data like social security numbers, financial details, or personally identifiable information (PII) is often exposed through public files. This dork helps locate such files.

Syntax:

"keyword" filetype:[extension]

Advanced Example:

"confidential" filetype:pdf site:.gov
  • Explanation: This dork searches for PDF files on government websites that contain the word “confidential,” which might reveal sensitive information meant to be kept secure.

Other Examples:

  • Find Word documents with contract details:"contract" filetype:docx site:.edu
  • Locate spreadsheets containing employee data:"employee details" filetype:xls site:.com

6. Error Messages Dork

Exposed error messages, especially those involving SQL syntax errors, can provide attackers with crucial information about the web server’s internal workings.

Syntax:

intext:"error message"

Advanced Example:

intext:"sql syntax error" "MySQL" filetype:log
  • Explanation: This dork searches for log files that contain SQL syntax errors involving MySQL, which can reveal database misconfigurations or vulnerabilities.

Other Examples:

  • Find exposed PHP error messages:intext:"Fatal error" filetype:log site:.com

7. Camera Feeds Dork

Some misconfigured security cameras have their feeds exposed online, which can be found using this dork. This is commonly seen in CCTV and IP camera systems.

Syntax:

inurl:[camera path]

Advanced Example:

inurl:"/view/view.shtml" "D-Link"
  • Explanation: This query targets open camera feeds from D-Link security cameras, allowing the user to view live footage through a web interface.

Other Examples:

  • Search for AXIS camera feeds:inurl:"/view/view.shtml" "AXIS"

8. Publicly Available Documents Dork

Files containing confidential or sensitive documents like presentations and spreadsheets can be located using specific keywords and filetypes.

Syntax:

filetype:[extension] "keyword"

Advanced Example:

filetype:xlsx "salary report" site:.edu
  • Explanation: This dork searches for Excel spreadsheets on educational websites that may contain sensitive salary report information.

Other Examples:

  • Search for PowerPoint presentations on classified topics:filetype:ppt "classified"

9. Vulnerable Web Applications Dork

Improperly configured or vulnerable web applications may expose configuration files or other sensitive information. This dork helps locate such misconfigurations.

Syntax:

inurl:[configuration file]

Advanced Example:

inurl:wp-config.php intext:"DB_PASSWORD"
  • Explanation: This query searches for publicly exposed WordPress configuration files (wp-config.php) that contain database passwords (DB_PASSWORD), revealing critical credentials.

Other Examples:

  • Search for Apache configuration files:inurl:apache.conf intext:"<Directory"

10. Login Credentials in Logs Dork

Log files often contain sensitive information like usernames and passwords. This dork can help locate exposed logs that may include such credentials.

Syntax:

intext:"username" "password" filetype:log

Advanced Example:

intext:"username" "password" filetype:log site:.com
  • Explanation: This dork searches for log files on .com domains that contain both “username” and “password,” which may lead to the exposure of login credentials.

Other Examples:

  • Locate log files with session tokens:intext:"session ID" filetype:log

Additional Resources:

For a more detailed list of Google Dorks and advanced use cases, you can refer to the Google Dorks repository on GitHub. This repository includes a wide range of dorks that can be used in various security audits and web assessments.

Last Update: November 5, 2024

Tagged in:

, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,