All you need to know about Google Dorks

Google Dork, often referred to as Google Dorking or Google hacking, provides detailed insights for security researchers. Being one of the most used search engines, Google has created a platform to carry out ethical and unethical hacking. 

Although Google isn’t directly involved in hacking, users can use its state-of-the-art crawling and indexing abilities to gain access to vulnerable data. This is because Google’s search engines index all types of information, including usernames, passwords, and other sensitive information. Additionally, users can also gain access to Google Hacking Database (GHDB) to acquire the complete list of all Google Dorking commands. 

Essentially, Google Dorking is the activity of leveraging Google to find vulnerable web applications and servers through its search engine capabilities. 

Is Google Dorking a new trend? 

The practice of Google Dorking originated in 2002 when a man called Johnny Long made use of custom queries to discover sensitive website elements to use for an attack. Since then, Google Dorks have been using the search engine’s advanced capabilities to identify the weakness, susceptibilities, and sensitive information of different websites that can be used for malicious intents. 

Hackers primarily use the technique to unveil sensitive information that is accidentally revealed to the internet. For example, any log file featuring user credentials can be of value to a typical hacker. Essentially, the practice of Google Dorking is usually carried out to target a specific website by gathering the maximum amount of data through general and complex queries.

Google Dorking operators 

Google is created using its in-house query language, allowing users to run different types of queries to discover files and information. Traditionally, the queries are used for competition research, tracking, SEO, creating email lists, and finding web vulnerabilities. 

While there are several Google Dork operators, the most common ones are listed below: 

• Cache: This dork reveals the cached version of any website.
• Allintext: This dork makes a search query for a specific piece of text on a particular webpage.
• Allintitle: This dork operates similarly to allintext, but it shows all the pages that contain titles with specific characters. 
• Allinurl: This dork is used to find results of URLs that include all the specified characters.
• Filetype: Filetype dork is traditionally used to find specific kinds of file extensions, such as a pdf file or docs file. 
• Inurl: This dork is similar to allinurl. However, it is limited to one keyword. 
• Intitle: This dork is used to search for different keywords placed within the title. 
• Inanchor: This dork is used to search for an exact anchor text within a link 
• Intext: This dork enables users to discover pages comprising specific characters or strings inside the text. 
• Site: This provides a list of complete indexed URLs for a particular domain and subdomain. 
• *: This dork is considered as the wildcard, enabling users to search for anything before the word. For instance, if you search “how to * a website,” the query will return you with “how to create, optimize, build, etc., a website.” 
• |: This dork is considered a logical operator. This will show a list of all websites containing the terms. 
•  +: This dork is utilized to find pages that include more than one specific key. 
• -: Users leverage this dork to eliminate results using a certain keyword. 

How to protect your website from Google Dorking

Google Dorking can reveal personal information about your website, including videos, pictures, ISO, cached versions of websites, and other types of files. Fortunately, you can take certain measures to ensure your data remains protected from such attacks. Let’s take a look at a few things you can do to protect yourself from Google Dorking. 

Restricted IPs

Enabling IP-based restrictions is critical. You can protect your website from several types of attacks using two-factor authentication, encryption, IP restriction, and setting a strong password to ensure heightened security. 

Scans to Identify Vulnerability 

Your business can also make a habit of carrying out vulnerability scans to ensure there is no weakness in your website’s structure. With these scans, you can highlight elements that may have been neglected, making the website more susceptible to Google dorks. 

Google Search Console 

You can also leverage Google Search Console’s capabilities to identify and remove sensitive information from being indexed. For instance, pages with payment information, user information, and insider data can be blocked from indexing. This way, such pages can be removed from the search query database. 

Administer Dork Queries 

One of the best ways to identify your weaknesses is to run dork queries yourself. Taking this initiative will enable you to think like a hacker and uncover all the vulnerabilities within your website easily. If you lack the skill set to run dork queries, you can take assistance from an ethical hacker to perform this task. 

Create Robots.txt Files 

Creating a robots.txt file provides you with another approach to hide sensitive information from Google Dorking queries. Robots.txt files conceal your website’s vulnerable information. However, unfortunately, creating a robots.txt file also highlights that the file includes sensitive data. 

The Bottom Line 

Google Dorking techniques can land your website’s vulnerable data in the wrong hands. Therefore, it is critical to take the aforementioned measures to protect your website and make it as secure as possible. You can also try Google Dorking your own website to examine its strengths and weaknesses to increase its security.