Secrets of Google Search

Ah, Google! The ultimate genie of the internet, granting us unlimited wishes through its search results.

Photo by Firmbee.com on Unsplash

But wait, did you know that Google can be more than just a search engine?

Unveiling the Hidden World of Google Dorking

What if I told you that the only tool you need for accessing log-in credentials or uncovering hidden secrets with just a few keystrokes is Google Search?

Yes, you read that right! Today, most people make their lives way harder than it has to be when it comes to surfing on Google… I mean, googling things out. And chances are you are doing this as well because you’ve been following the common advice about searching things on the internet.

So before we delve deep I hope you guys have your coffee ready.

Because we will be talking about google dorking or google hacking. This is the legitimate tool that hackers actually use, and I am going to show you how you can use it responsibly too. But why I am talking about hacking? Well, I am becoming a hacker. This blog is actually part of the previous blog post where I showed you how you should not learn hacking, and then what is the right way to do so.

The Legal and Ethical Side of Google Dorking

But, let’s address the big question first: Is it legal or illegal? Will the FBI come knocking on your door as soon as you try this?

Photo by AJ Colores on Unsplash

Um… well, in most cases, NOoo.

But before we start slapping some keyboards, I really want to paraphrase that whatever I am going to show you is actually legal, well up to a point you can cross that line and I will show you that thin line as well so don’t worry. But this is legit hacking, this is the first steps any noob can take to gather information about any thing they need like hackers do, when they decide to hack a target or try to gain some juicy intel about some amazing stuff that they need and off-course I am talking in the context of being a ethical hacker ... a hacker who does things for good not for bad.

So what’s the First Step

That any good hacker is gonna take, when they’re about to hack somebody that is they’re gonna try and learn as much information as possible about their target which is often referred to as Recon or Reconnaissance or you might see it as footprinting or fingreprinting again just means gathering information i.e. gathering intel because the more you know about your target the better you can hack later with other hacking techniques.

Photo by Gilles Lambert on Unsplash

Now the big reason why what we’re doing is not illegal is because we’re doing passive recon which in most case means that we’re just trying to get information that’s been made which is public that’s publicly available which in most cases be something we can just google search that just comes up and we’re hoping as hacker is that this information was made public by accident so one may have accidently exposed their passwords or may have left their webcam open to the internet that’s what we’re hoping for when we’re doing these searches and if we search in just the right way using the right keywords and some google search operators which we will see in a moment we can find some really crazy stuff now again you can take what we’re doing here and make it illegal real fast I’ll show you where that line is, here in a moment and don’t ever cross that line. So, keep that in mind.

Now, before we proceed, Let’s set some ground line. We’re not here to break any laws. We’re just playing by the book, doing what any curious internet explorer would do. We’re only looking for information that’s already out there in the open. No breaking and entering, no snooping into restricted territories. It’s all about being a responsible digital citizen, you see?

Because of which now, some people might find this step in the hacking process pretty boring because you’re just gathering information like others but actually this part is pretty stinking fun so ignore others and let’s go have fun

What Are Google Dorks Anyway?

Google Incorporated these really cool search operators like some secret codes to unlock hidden treasures, these advanced search operators cleverly designed by Google to refine your search results are called Google Docks or Google Hacking Databases.

And you know what’s cool? You don’t need to be a tech wizard to use them! But over times, people were able to take advantage of this indexes and get some really cool stuff out of things maybe they shouldn’t have.

In shot Google Dorks, are specialized search queries, that can significantly aid in this process by helping people/security researchers find sensitive information and potential attack vectors more effectively.

Alright, let’s jump into the action. First things first, fire up your trusty web browser and head over to Google. Yep, that’s our playground for today. Now, imagine you’re searching for something specific, like my favorite burrito joint, Chipotle.

I too love Chipotle. Chipotle please don’t get mad.

lazy google search

So basically, we just did a lazy google search. We just threw a string in there and anything that google deans relative, it’s going to output to us, the user. Now as we know, search engines are biased. They have sponsors that adds so that everything kind of moves up the way as internet is very vast. Thus a lot of information piles up. So this is where we’re grateful to have search engines for because it really cleans up the clutter. Now you’re asking yourself, okay, you know, why you probably need google. So now you know, you can put some quotation marks on a string and find literal results like a hacker.

But wait still the results are not that great … so now you might be wondering, “How can I make my search more precise?” Well, that’s where the magic of Google Dorks comes in. You can use these search operators like the ‘site’ command to limit your search to a particular domain, like ‘chipotle.com’. Boom! You’ve narrowed down your results from 3 million to 60. It’s like finding the perfect burrito in a haystack of options.

But hold on, there’s more to this adventure! Ever wondered how hackers do their thing? Well, we’re taking a peek into the ethical hacking world, folks. This isn’t about causing mischief; it’s about understanding how to gather information the way hackers do. Think of it as a digital Sherlock Holmes adventure, solving mysteries and uncovering clues, all within the bounds of ethical hacking.

So let’s think critically here. How can you modify this to where you can, you know, do some cool, you know, lite haggs. You you’ll see, and I’ll show you in a minute, but you can start making things like scrapers so that as we go deep into the internet you can start finding these things and you start just pulling content out of, you know, sites that maybe accidentally have been spilled but you know, they weren’t intentional. As you were just trying to put things out. Right!

This is really cool because you can go through and say, hey, we’re going to take this out and of course, there is no limit to the kind of information that can be accessed through a thoroughly crafted dork. However, you should know that Google doesn’t just pull information out of thin air. These texts or images or documents or codes or videos must have been exposed mistakenly at one point or the other. The sole fact of mistaken exposure (and of course, sensitivity) goes to explain the reason for the subsequent obscurity.

There is a downside to Google Dorking and safety though; it can be pulled off by anyone who is privy to the specific line of commands. Not just ethical hackers. That means It’s open to the public. It’s public facing. It’s not behind a password and using it. So If you think of downloading it, i.e. if you’re interacting with this, so we’re saying, Hey, I’m changing what is currently public to a unpublic asset. That’s the line where you need written consent. But you start doing this kind of stuff or else you are illegally entering something you shouldn’t. So let’s get out of there real quick. Because here is the line you shouldn’t cross otherwise you might have to face sever consequences where things can really get dangerous with google hacking databases.

Imagine you’re delving into the world of vulnerability scanning, looking for holes in the digital fence. Google Dorks can be your trusty sidekick in this quest. They’ll help you scout potential vulnerabilities, identify misconfigured servers, and maybe even stumble upon some sensitive files that were accidentally left exposed. But remember, we’re not here to cause any trouble. We’re just exploring the possibilities, understanding the digital landscape, and ensuring a safer cyber world.

Google Hacking Techniques (Art of Googling)

There are quite a number of methods of getting different types of information using specific keywords:

Use keywords, file type and site type —

Since there are different types of file formats, if you want to get information in a document, you could combine the Specific keywords (budget, revenue), the file type (csv, xlsx) with the site type. Here is an example:

[filetype:csv sitetype:za budget]

Make sure to write it in the order to get your results.

Inserting multiple words or phrases —

In some instances, instead inserting just one keyword in your search time, you could try a combination that confers more specificity. For instance, instead of just confidential, you can write not to be shared, not to be made public. This gives your query an edge.

Searching for documents with login info —

In this case, you just need to follow the procedures mentioned above. That is, file type, keywords and site type. The only difference would be that, the keywords would be login information. You will be surprised that even big organizations save these things in English language. This is an example:

[filetype:PDF site:xyz.co login]

Wrongly configured web servers —

Often times than not, you will find some directories that are not supposed to be on the net on Google. More than you will get on single pieces of information; directories serve as huge sources of information. To access such you can make your query with these search terms

[intitle:"index of" site:kr password]

Numrange searches —

This type of searches are known to be very specific. Also, depending on the reason behind the search (and the amount of information you also have access to before the search), it could be scary. In a Numrange, you insert two numbers separated by only two periods (as in dots) and no spaces. This is usually done alongside other keywords to display results that falls between the ranges of numbers in your initial query. For instance,

[site: www.pocoapoco.com 123..150]

Searching to access contents without registration —

Businesses and website applications are known to target lead generation more often. Due to that, you may be limited from accessing some of their contents if you do not register. However, in situations like this, you could enter a Google hack query to bypass these restrictions. Depending on what is it you are looking for, your search terms could be:

[Site: www.thenameofthecompany.com inurl: database]

[Site: www.thenameofthecompany.com inurl: directory]

[Site: www.thenameofthecompany.com inurl: index]

Native language searches —

This could be applied to enquiries on localized contents. You are more likely to find the results you are expecting if you conduct your searches in the applicable local language. This is especially more feasible considering the decreased reliance on English language and the openness of the Google intelligence to other languages.‍

Google Dorking Commands

LOG FILES — Log files are like databases (or more appropriately records). The existence of log files is a pointer to the ease of getting sensitive information on website. In most instances, some of a website’s sensitive logs can be found in the transfer protocol of these websites. Access to these logs gives access to the version of PHP and backend structure a particular website uses. The search terms for getting these logs are

[allintext:username filetype (csv, PDF, xlsx):log]

SUSCEPTIBLE WEB SERVERS — There are certain web servers that contain loopholes. Some web servers too have been hacked in. You can identify the examples of these websites by entering this search terms

[inurl: /proc/sef/cwd/]

EXPOSED FTP SERVERS — Since File transfer protocols may also contain certain sensitive information and they are not normally meant to be exposed, you could use the Google dork written below to access these transfer protocols.

[Intitle: index of inurl: ftp]

ENV FILES — Some website developers sometimes ignore the best practices and leave the .env files in a place that is publicly accessible. Certain Google Dorks are used to access these files and they often contain very sensitive information about site safety framework

NB: Env files are used to define configurations and variables for web development work spaces.

SSH PRIVATE KEYS — Certain information is shared on the SSH protocol and the keys used in this process are generally not meant to be disclosed. With the help of this Dork, you will be able to find some of these keys that have been filed into an index by Google.

[Intitle:index.of id_rsa -id_rsa.pub]

EMAIL LISTS — These are unbelievably easy to find with Google dorks. Most spammers use this trick to add unlimited number of Email addresses to their spam list. To access email lists, here is a format of how your dork should appear like

[Site:.com filetype: csv inurl:email.csv]

LIVE CAMERAS — If you intend to monitor certain areas, Google dorking can help you locate and watch live cameras with no significant IP restrictions. Depending on how creative you can get, there are many Google Dorks that give you access to various live cameras globally including those of the military or the government. To access IP based Cams, here is the Dork [Inurl: top. Html inurl: currenttime]. In a situation where you want to access webcam transmitted coverage, here is the dork

[intitle:Webcam XP 5]

MP3, MP4, PDF — If you intend to download any files on the internet without accessing them through a streaming platform or an online library, you could use the Google dorks specified below

[Intitle:index of (filetype)]

WEATHER DORKS — Weather dorks gives you access to any weather measuring device that is connected to the internet from anywhere around the globe. To get this information, here is the search query to enter

[intitle:weatherwing WS2]

ZOOM BOMBS — Zoom bombs are dorks used to disrupt online video meetings inasmuch as URLs are distributed. To do this, here is the search query to enter

[inurl:zoom.us/j and intext:scheduled for]

DATABASE DUMPS — What better way is there to get information if not from wrongly configured databases? Some SQL files have been wrongly dumped on servers and can be accessed through a domain. This leaves these database open to anyone with the right search term.

[Index of database.sql.zip]

WORDPRESS ADMIN LOGIN — With the aid of a Google dork, it is very easy to find an index of word press administrative login pages and even access the login information of those pages.

[Intitle:index of wp-admin]

APACHE 2 — Apache is an example of a server. Just like any other type of vulnerable web server, Apache 2 servers are can also be gotten through the right Google dork.

[Intitle:Apache2 Ubuntu Default Page:It works]

GOVERNMENT DOCUMENTS — These documents — although meant to be restricted from public view — are not very difficult to find with the help of Google dorks. To get these files, here is the dork query to enter

[allintitle:restricted filetype:doc site:gov]‍

Alright Now lets see how can we integrate google dorks into Bug-Bounty workflow:

Bug bounty workflow with google dorks steps:

1. Information Gathering: Start your bug bounty workflow by using these Google Dorks to gather valuable information about the target domain. Identify potential login portals, sensitive files, and misconfigured servers.
2. Targeted Scanning: Use the dorks to conduct targeted scans on specific domains or file types. This can help you identify potential vulnerabilities more quickly than traditional scanning methods.
3. Manual Verification: Once Google Dorks have highlighted potential vulnerabilities, manually verify their existence and assess their severity. This step ensures that false positives are minimized.
4. Reporting: When you discover actual vulnerabilities, follow responsible disclosure practices and report your findings to the organization. Provide clear and concise explanations along with steps to reproduce the issue.

Why and When to use advanced google dorks

1. Efficiency: Google Dorks allow you to quickly discover specific vulnerabilities without relying solely on automated scanning tools.
2. Unconventional Targets: Dorks help you find unconventional and often overlooked targets, such as exposed configuration files and login portals.
3. Focused Scanning: Google Dorks enable targeted scanning, saving time and resources by narrowing down your search to potential points of interest.
4. Comprehensive Assessment: Integrating dorks into your bug bounty workflow enhances your assessment’s comprehensiveness, ensuring you don’t miss critical vulnerabilities.
5. Continuous Monitoring: Regularly using Google Dorks to monitor your target’s digital footprint helps you stay informed about new potential vulnerabilities.

How To Prevent Google Dork Infiltration

Here are the Top 5 steps that we all must follow to prevent google dork infiltration.

1. ENCRYPTION — You could prevent your files from being infiltrated through a Google Dork by encrypting very sensitive information on your web server or your website application.
2. LOOPHOLE ACCESSMENT — Cyber security has also evolved to allow you run Google dork specific loophole scans. On the same note, you can also carry out dork searches targeted at your website and your server.
3. REMOVE SENSITIVE INFORMATION FROM AREA OF EXPOSURE — Just in case you discover the exposure of sensitive information, you can request (through Google Search Console) that Google removes them.
4. IP BASED RESTRICTIONS — You can leverage on IP based limitations to protect some private aspects of your database. Coupled with this, you could also use password authentication methods for the sole aim of confirmation.
5. ROBOTS. TXT CONFIGURATION — This is a very useful means of protecting hackers from exploiting your private space through any directory in your website that may be indexed by the Google search engine. To do this, these are the configuration terms you will need to enter to your backend.

User –agent: *
Disallow: /

The disallow sub-column would contain any specific sort of directory you would like to block out.

Photo by Brett Jordan on Unsplash

So, that’s our journey through the enchanting world of Google Dorks! It’s all about discovering, learning, and staying on the right side of the digital divide without actually compromising on ethical standards and digital responsibility. Embrace the power of Google, but remember, with great power comes great responsibility! So, go ahead, explore, but do it ethically and responsibly. Until next time Happy Hacking and Happy Googling, peace!