There is a widespread method for search platforms to find inside information on public servers – Google Dorks. The average user is not familiar with this term and the option itself. But hackers and professional programmers know very well what it is. Investigative agencies, security engineers, and the media also use this technique in their work. Let’s figure out what this search method is.

How does he work?

OSINT does not affect Google’s vulnerability and does not compromise site security. Its effect consists of familiar data processing with advanced functions. For a comprehensive study of data, the search algorithm is being improved.

Some Google Dorks can assist in the process of searching for information. It can be used to search for distant relatives or collect information in their favor. You will be able to find a significant amount of data, from remote control modules to configuration parameters.

The reason why key information became publicly available is not clear. Let’s assume that you bought a security camera, installed an application for it and allowed access to the server, which will provide the ability to receive information from it. This is incredibly convenient, but is the server itself secure? If it does not require a password to access the channel, then it makes the channel accessible to everyone.

Google effectively finds any device on the Internet with port 80 and 443. These protocols transmit hypertext markup, which is used to transmit data on the Internet. Due to non-compliance with information security, user identifiers are also publicly available.

Search agents

Dorkin keys, except Google, work well on:

  • Bing;
  • Yahoo;
  • DuckDuckGo.

An operator is a keyword that is meaningful to a web search. The most commonly used are “inurl:”, “intext:”, “site:”, “feed:” and “language:”, followed by the corresponding search string. They make it easier to find more specific information, such as specific lines of text on website pages or resources located at a specific URL. Google Dorking recognizes hidden access pages, error messages and shared files. With the search query “cache:” it will not be difficult to find deleted or archived pages.

Social networks and useful Google Dorks for personal investigations

Do you need an email address associated with your login? Most people do not think about Internet security, and very often use the same login for many services. Often the username contains precise information that we can use. There are many examples: Martin2002 will tell you about the date of birth; if you enter Gilly M. and specify the PDF file type, it will return a list of documents that mention Gilly M.

Another example where personal information may be used:

  • profile;
  • cloud space, Internet browser, types and names of programs and files;
  • information about operations;
  • identifiers and accounts from programs;
  • device signals;
  • device setup information;
  • network and communication;
  • cookies stored on the user’s device, including identifier and settings.

We can say that social platforms are a rich source of various information that we can use in our investigation.

Examples of the most common search modifiers:

  • “cache”: will display the archived version;
  • “allintext”: finds a worded passage;
  • “filetype”: used for detailed search;
  • “+”: integrates, used to identify several given keys;
  • “-”: excludes the display of results containing certain phrases.

More examples and search operators can be found in the Google Hacking Database (GHDB).

First-class Google Dorks developments

The fastest Dork scanner written in Go is Go Dork. It could be:

  1. The advanced reconnaissance program Zeus Scanner simplifies the reconnaissance of web applications.
  2. Passive Google Dork Pagodo replaces manual keyword execution on Google using a GUI browser.
  3. Sitedorks – keyword with a number of web pages, try in popular search engines.
  4. DorkScanner is a run-of-the-mill crawler bot for finding vulnerable URLs that analyzes the results you provide.
  5. Evildork – owns a single dedicated segment or secondary domains

Generate an HTML results page with all dorks links. Remember that Google will add a verification code after a few attempts to check whether you are a bot or not. Using Google Dork, you can always find accessible, but at the same time hidden from outsiders information.

+ posts