Google is used for those accessing the internet. It’s the world’s most popular search engine that billions of people use to find useful knowledge. Interestingly, for malware, you can use Google as well.
You can read about Google hacking, also referred to as Google Dorking, in this guide.
What’s Dorking, Google?
Google hacking, or Google dorking, is a technique of hacking that uses the popular search engine to expose vulnerabilities.
More precisely, Google Dorking refers to the use of search strings to locate content that is not readily available on the internet using specialized search operators. This information can be in the form of text, photographs, confidential information, email addresses, passwords, etc. The data has also been inadvertently left open on the internet.
In 2002, report showed that search queries that could find and explore insecure online servers. The servers that used little encryption and left personal details such as email addresses and credit card numbers lying unprotected on them were also able to locate these queries. He later organized and submitted these requests to a server that became the first database for Google Hacking in 2004.
Usually, it returns answers based on all the details it can gather on that keyword when you type a keyword into the search bar on Google. Typically, these observations cover a wide area and are unrefined, which is what makes Google such an outstanding search engine in the first place.
Using Specialized Operators from Google
When you dork, you need to narrow down the data to the very detail you’re searching for or the other results will be lost in the sea. This is where Google Specialized Operators step in. In order to give you the precise details you asked for, specialized Google Operators narrow down the data. They simplify the conclusions so that you don’t have to go hunting for what you need from page to page.
In this format, an advanced search operator is used:
“->operator: term to be searched”
Between the operator and the colon, and between the colon and the word, there should be no space. You may also use one operator more than once.
You can’t merge all the operators, though. For example, in the same question, allintitle and allintext operators can’t be used.
below are examples of Google Advanced Search Operators and how they are used.
This will only show pages that have the term placed in front of the operator in their HTML title. For instance, if the query was ‘intitle:oranges’, the results will only show pages with ‘oranges’ in their title.
This searches for a specified file type alone. So if you input ‘filetype:pdf, Google will search for pdf files in websites.
This will show pages that have the specified term in their URL.
For example, if you input relate:pencil. The result provided will be related to the query pencil.
This operator searches the content web pages for the keyword. It is quite similar to a plain google search.
Allintext operator locates pages that have the full string of text present in the specified term. Every word in the query has to be in the body text of a page before it can be returned as a result.
This is very useful when you only need information from a specific site. It limits the search to that site only. For instance, site:eggs.com will only return pages from eggs.com
You can also use these operators to find private information on Google.
Google Hacking for Private Information
Exploring live cameras without limitations
You can get access to live camera web pages that are unlimited by Google Dorks. You can find uncovered live cams on the internet by using ‘inurl:/view/view.shtml’
Having usernames and passwords revealed
Website Admin account usernames and passwords are normally stored in .LOG files. The returned results could include applications with exposed log files that include usernames and passwords, using the command ‘allintext:username filetype:log’.
It is also possible to locate usernames when looking for .env files. There are occasions where web developers carelessly leave their .env files in the public directory of the site, containing unencrypted login information and IP addresses.
This makes the records easy targets for hackers. In the Google search bar, they enter the command ‘DB USERNAME filetype:env’ and links to sites with such files will pop up.
Searching through domains of websites.
You will discover the domains of those websites using Google Dork. Everything you need to do is enter the command in the following ‘inurl:domain’ file.
Hacking using the Database of Google hacking
The Google Hacking archive is a platform containing a detailed collection of bugs, passwords, usernames and documents that can be exposed by Google dorks. Using the Specialized Search Operators, you discover various combinations of dorks that can quickly hand otherwise hard-to-find knowledge into your hands.
Conclusively, it is time to maximize every aspect of technology to our advantage. For further inquiry or professional hacking services visit www.alienmanhackers.xyz.
Disclaimer: You are strongly encouraged to use the details you find there for legitimate purposes. Unauthorized access to information may result in criminal charges being brought against you. Using Google Hacking with caution, then (and written permission).