What are Google Dorks?
A “Google Dork” is a specific search query that is used by someone, whether it be a security researcher or a malicious attacker, to filter Google search results & reveal specific information that is not normally found with simple search queries.
Google dorking, also known as “Google hacking”, generally reveals information that is not intended for the public to see, but due to misconfiguration the information has been indexed on Google.
Google Dorking is considered a passive attack method. Although this is a non-invasive method, Google Dorking queries can yield usernames, passwords, personally identifiable information (PII), and even website vulnerabilities. It is important to remember that Google Dorking is not hacking by itself but can give an adversary a head start in the recon stages of an attack.
Commonly Used Google Dork Operators
- Inurl: this is an operator that returns websites containing the specific characters in its URL defined by you. (Example – “inurl:/wp-content/uploads/ “phpMyAdmin SQL Dump” will return juicy information relating to a WordPress site”).
- filetype: This will return specific documents according to the extension that you have specified. (Example – “filetype:.docx” will return all publicly available word documents.
- This is an operator that retrieves results from a specific site only. (Example – “site:example.com” will return results only from the site example.com).
- Cache: This is an operator that retrieves the cached (older) version of a website.
- intext: This search query will return results where the specified word or phrase is present anywhere in the text of a site. (Example – “intext:”Please select your account” intext:”SSL Login”” will return login pages).
- A complete list of Google Dorks can be found on Exploit-DB: https://www.exploit-db.com/google-hacking-database
How to Protect Against Google Dorks
- Running Google Dorks against your domains should be a weekly task to ensure that you do not have any sensitive information that is facing the public.
- Avoid uploading sensitive information to your site.
- Ensure that your site is up to date and a WAF is in place.
- Protect sensitive content by utilising a robots.txt document situated in your root-level site catalogue to tell Google what not to index.
- If you find sensitive content exposed, request its removal by using Google Search Console.
Google Dorking is a very common practice used by attackers. To stay one step ahead you need to constantly educate yourself on new Google dorks that are released and run them against your domain to ensure you are not exposed.