Definition
Google Dorking (Google hacking) is a technique of searching for sensitive or hard-to-find data. Cybersecurity involves using advanced search operators to discover evidence of security vulnerabilities.
Different Google Dorking Techniques
Here are some of the commonly used Google Dorking techniques:
- Filetype: This search operator searches for specific file types. For instance, ‘filetype:pdf’ query will respond with PDF files.
- Intext: This operator lets you find specific text within a web page’s content. For example, ‘intext:password’ will return pages with the word ‘password’.
- Inurl: You can use this operator to search for specific words within the URL of a page. For example, ‘inurl:login’ will show you pages with ‘logi’ in the URL
Google Dorking Attacks Common Targets
- Login pages: Hackers can use Google Dorking to detect website login pages vulnerable to brute-force attacks.
- Vulnerable web applications: Attackers can target websites running applications with known security vulnerabilities.
- Sensitive documents: Hackers can search for specific file types with sensitive information.
- Hidden content: Hackers can use Google Dorking to unearth areas of a website that the general public cannot access directly.
Stopping Google Dorking
- Testing the website by submitting queries on popular search engines to see what content is publicly available. You should patch any vulnerability you discover to prevent Google Dorking attacks.
- The robot.txt standard file instructs search engine crawlers on which website sections shouldn’t be indexed. While most search engines comply with the directive, complying is voluntary. This means malicious web crawlers can disregard or exploit the file to prioritize searching restricted areas.