What is Google Dorking/Google Hacking ?
A Google Dork query (google hacking database), sometimes just referred to as a dork, is a search string that uses advanced search operators to find information that is not readily available on a website. It helps to pull sensitive information of websites. Using google dorks an individual can uncover some sensitive information or data such as email addresses and lists, login credentials, sensitive files, website vulnerabilities, and even financial information.
The basic syntax for advanced operators in Google is:
Simple Google Dorks Syntax
- site – will return website on following domain.
- allintitle and intitle – contains title specified phrase on the page.
- inurl – restricts the results contained in the URLS of the specified phrase.
- filetype – search for specified filetype formats.
What Data Can We Find Using Google Dorks/Hacking?
- Admin login pages
- Username and passwords
- Vulnerable entities
- Sensitive documents
- Govt/military data
- Email lists
- Bank account details and lots more
Here is the huge list of Google Hacking/Dorks –
1.Google Dorks – Sensitive Directories (Source – exploit-db.com)
:DIR | intitle:index of inurl://whatsapp/ Unconfirmed Websites leaking Whatsapp Databases. inurl:/typo3/typo3conf Find interesting files from TYPO3 CMS installation. intitle:backup+index of Checking for the public backup folder on the web server, It might include the sensitive files or database. index of" "database.sql.zip This Google Dork discovers servers with open directories exposing database backup files. index of" "database_log This Google Dork discovers servers exposing sensitive SQL log data. Index of" "database.sql This Google Dork discovers servers with open directories exposing database files. intitle:index.of id_rsa -id_rsa.pub A simple dork to find SSH private keys indexed by google! Where many of the keys work intitle:\index.of inurl:/websendmail/ Sites with WebGais - Websendmail. inurl:/wp-includes/certificates/ Find a lot of certificates from websites intitle:"index of /bins" arm Find servers infected with mirai allintext:'HttpFileServer 2.3k' Dork about sensitive directory of HFS File Share Server inurl:'listprojects.spr' Dork show a list of project in Codebeamer directory inurl:"RootFolder=" Allitems "confidential" | "classified" | "passwords" | username SharePoint directories exposing sensitive information, usernames and somtimes passwords inurl:"paypal" intitle:"index of" backup | db | access -github Some juicy information regarding paypal backups and more. "Powered by Apache Subversion version" Looking for the SVN source code folder. inurl:"/wp-content/uploads/db-backup" Searching for the backup directory of WP-DB Backup plugin (WordPress). index of /node_modules/ -github -stackoverflow Find a several of nodejs folders with important files. intitle:"index.of" | inurl:/filemanager/connectors/ intext:uploadtest.html Open Custom File Uploader specifically in "/ FCKeditor/.." intitle:"Index.Of.Applications (Parallels)" -stackoverflow -quora Dork will give application folder of parallels virtual machines showing what is installed in the virtual machines. intitle:index.of home/000~root~000/ This Dork lists files under Root Directory. intitle:"Index Of" intext:".Trash" Dorks containing trash folders on Linux/Unix machines. intitle:CV+index of Able to search and download the CV from web directory. inurl:"apps/backend/config/" Directories containing Symfony CMS juicy info and files. intext:"Powered by ViewVC" | intitle:"ViewVC Repository Listing" ViewVC Repository Listing inurl:/openwebmail/cgi-bin/openwebmail/etc/
2.Google Dorks – Vulnerable Servers (Source – exploit-db.com)
inurl:"q=user/password" for finding Drupal inurl:"/user/register" "Powered by Drupal" -CAPTCHA -"Access denied" Drupal CMS - Drupalgeddon2 inurl:"index.php?option=com_joomanager" Joomla! com_joomanager - Arbitrary File Download inurl:/proc/self/cwd Vulnerable web servers that have either been misconfigured or compromised in some manner already. "dirLIST - PHP Directory Lister" "Banned files: php | php3 | php4 | php5 | htaccess | htpasswd | asp | aspx" "index of" ext:php Find vulnerable servers: dirLIST - PHP Directory Lister v0.3.0 allintext:Copyright Smart PHP Poll. All Rights Reserved. -exploit Show all the sites that uses Smart Pool php module.
3.Google Dorks – Network or Vulnerability Data (Source – exploit-db.com)
intext:ZAP Scanning Report Summary of Alerts ext:html This Google Dork discovers badly configured servers exposing sensitive OWASP ZAP reports. "ansible.log" | "playbook.yaml" | ".ansible.cfg" | "playbook.yml" | host.ini intitle:"index of" Target's system configuration, networks, etc... intitle:"Malware Analysis Report" This dork show many report Malware Analysis of organization. "index of /ups.com/WebTracking" Emotet infected domains. inurl:"AllItems.aspx?FolderCTID=" "firewall" | "proxy" | "configuration" | "account" IT infrastructure documents, device configuration and documentation and other juicy info. inurl:/munin/localdomain/localhost.localdomain/open_files.html Search for the page that generated by Munin, this page will contains the sensitive information on the systems & application. intitle:"Statistics Report for HAProxy" + "statistics report for pid" Statistics Report for HAProxy intext:"Powered by Nibbleblog" Finding blogs that are powerded by the Nibbleblog CMS. ":: Arachni Web Application Security Report" Finds reports left behind by Arachini (web vulnerability scanner). "IBM Security AppScan Report" ext:pdf This dork show results that was created by IBM Security AppScan Standard. intitle:"Burp Scanner Report" | "Report generated by Burp Scanner" Finds reports left behind by Burp Scanner (vulnerability scanner). intitle: "Generated by Acunetix WVS Reporter" Finds reports left behind by Acunetix (vulnerability scanner).
4.Google Dorks – Various Online Devices (Source – exploit-db.com)
intext:"Build dashboard" intext:"Project" intext:"Plan" intext:"Build" Can be used to find public facing build servers such as Bamboo inurl:"/gitweb.cgi?" A web-enabled interface to the open source distributed version control system Git (intitle:"plexpy - home" OR "intitle:tautulli - home") AND intext:"libraries" Helps to locate unprotected (no user/password needed) Tautulli servers. Tautulli (Formerly PlexPy) is a 3rd party application for monitoring the activity and tracks various statistics of a Plex Media Server. intitle:"UltraDNS Client Redirection Service" UltraDNS client intext:"Powered by www.yawcam.com" Yawcam cameras online inurl:'/SSI/Auth/ip_configuration.htm' Dork about internal IP exposures and configuration from HP Printer intext:"default values: admin/1234" default password of WATTrouter M - System Web Interface
5.Google Dorks – Files Containing Passwords (Source – exploit-db.com)
intitle:"index of" intext:login.csv This Google Dork discovers servers with open directories exposing login information files. inurl:"trello.com" and intext:"username" and intext:"password" Looking for the Username & Password from the public Trello board inurl:"wp-license.php?file=../..//wp-config" File contain password and directory traversal vulnerability "battlefield" "email" site:pastebin.com Hacked EA/Origin passwords inurl:wp-config.bak This Google Dork discovers badly configured servers exposing sensitive WordPress setup information. "whoops! there was an error." "db_password" Dork with lots of passwords!. intext:"rabbit_password" | "service_password" filetype:conf Passwords in openstack setups. intext:"login" department | admin | manager | company | host filetype:xls | xlsx -community -github Some spreadsheet containing passwords intext:"please change your" password |code | login file:pdf | doc | txt | docx -github Passwords inurl:configuration.php and intext:"var $password=" A Google dork that gives the information about target database. Containing username and password in plain text. inurl:wp-config-backup.txt You can see user and pass database.
Disclaimer This article is only for an Educational purpose. Any actions and or activities related to the material contained within this Website is solely your responsibility.The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors and www.thehackerstuff.com will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.
Do you want to write for TheHackerStuff ? If you have an interesting and intelligent topic you think we would like to publish, send it to email@example.com
Akshay Sharma is a Cyber Security Analyst. He is a CCNA certified and owner of TheHackerStuff.