Professional Documents
Culture Documents
it/blog/0p3n/advanced-google-dorking-commands/
By: Aditya010
December 5, 2020
Google hacking, also known as Google Dorking, is a computer hacking technique. It uses
advanced Google search operators to find security holes in the configuration and code that
websites use. It is also useful for retrieving hidden information not easily accessible by the public.
Google Dorking involves using advanced operators in the Google search engine to locate specific
text strings within search results. Some of the more popular examples are finding specific
versions of vulnerable web applications.
This article will give examples of advanced Google Dorks that can help Open Source Intelligence
(OSINT) gatherers and penetration testers locate exposed files containing sensitive information.
Writing Google Dorks is not a straightforward process like the simple search query entered on
Google's main page. The process takes some time to get used to. However, the returned results
can be worth the effort. Before we begin writing advanced Dorks, it is worth noting that Google
Privacy - Terms
1 of 11 08/01/2022, 3:54 pm
Advanced Google Dorking Commands | Cybrary https://www.cybrary.it/blog/0p3n/advanced-google-dorking-commands/
alt_text
Google can index open FTP servers. Use the following Google Dork to find open FTP servers.
To make the query more interesting, we can add the "intext" Google Dork, which is used to locate
a specific word within the returned pages (see Figure 2).
alt_text
2 of 11 08/01/2022, 3:54 pm
Advanced Google Dorking Commands | Cybrary https://www.cybrary.it/blog/0p3n/advanced-google-dorking-commands/
It is relatively easy to find email lists using Google Dorks. In the following example, we are going
to find text files that contain email lists.
filetype:txt inurl:"email.txt"
alt_text
Live cameras We can use Google to find open cameras that are not access restricted by IP
address. The following Google dorks retrieve live cameras web pages.
3 of 11 08/01/2022, 3:54 pm
Advanced Google Dorking Commands | Cybrary https://www.cybrary.it/blog/0p3n/advanced-google-dorking-commands/
Finding passwords
Finding passwords is the most attractive task for both legitimate and ill-intentioned online
searchers. The following Google Dorks retrieve exposed passwords.
4 of 11 08/01/2022, 3:54 pm
Advanced Google Dorking Commands | Cybrary https://www.cybrary.it/blog/0p3n/advanced-google-dorking-commands/
5 of 11 08/01/2022, 3:54 pm
Advanced Google Dorking Commands | Cybrary https://www.cybrary.it/blog/0p3n/advanced-google-dorking-commands/
Other advanced Google Dorks can be found in the following list. Try them on your own to
discover what each one returns.
5. Zixmail inurl:/s/login?
7. inurl:/WebInterface/login.html
8. inurl:dynamic.php?page=mailbox
9. inurl:/sap/bc/webdynpro/sap/ | "sap-system-login-oninputprocessing"
There are different places to find ready to use Google Dorks. The first place is Google Hacking
Database. This is a free public database containing thousands of Google Dorks for finding
sensitive publicly available information (see Figure 8).
6 of 11 08/01/2022, 3:54 pm
Advanced Google Dorking Commands | Cybrary https://www.cybrary.it/blog/0p3n/advanced-google-dorking-commands/
Other websites that list important Google Dorks are Gbhackers and Intelligence X.
Summary
This article has demonstrated how to use Google Dorks to find vulnerable servers, websites, and
online cameras. Google Dorks are used by criminals to locate information about their targets and
to discover easy to attack targets by searching for vulnerable websites and networks. On the
good side, security researchers and friendly penetration testers use Google Dorks to find leaked
sensitive information, unintentionally exposed files, and to discover vulnerable servers and web
applications, so they can close these security holes before they get exploited by malicious actors.
Previous Next
Schedule Demo
7 of 11 08/01/2022, 3:54 pm
Advanced Google Dorking Commands | Cybrary https://www.cybrary.it/blog/0p3n/advanced-google-dorking-commands/
Related Blogs
What is offensive security, and why does it matter? Offensive security takes a proactive and adversarial
approach to information security to help organizations prepare for the most sophisticated cyber threats.
Summary: With the cyber threat landscape constantly evolving, businesses are now more proactive in
securing their data and operations. From penetration ...
B LO G
Cyberattacks are increasing significantly in both sophistication and number. Protecting digital assets from
the ever-increasing number of cyber threats has become a top priority for organizations worldwide. To
counter the increased number of attacks, organizations employ various technological solutions, such as
Firewalls, IDS, IPS, SIEM, and NDR. Despite all these ...
B LO G
8 of 11 08/01/2022, 3:54 pm
Advanced Google Dorking Commands | Cybrary https://www.cybrary.it/blog/0p3n/advanced-google-dorking-commands/
OSCP Certification
By: Cybrary Staff
Which jobs can one get with an OSCP certification? Although OSCP is an entry-level certification, it sets
the foundation for a successful career in penetration testing. Here are some of the best opportunities.
Summary: OSCP is a widely respected and highly specialized certification that can open new niches in
information security. The ...
B LO G
Related Courses
CYB RA RY CO U R S E I N T E R ME D I AT E 6 MI N U T E S C E RT I F I C AT E O F CO MPL E T I O N O F F E R E D
CYB RA RY CO U R S E I N T E R ME D I AT E 7 H O U R S 6 MI N U T E S 7 C E U / C PE H O U R S AVA I L A B L E
C E RT I F I C AT E O F CO MPL E T I O N O F F E R E D PO PU L A R
C Y B E R V I S TA PR A C T I C E T E S T I N T E R ME D I AT E 3 H OURS
9 of 11 08/01/2022, 3:54 pm
Advanced Google Dorking Commands | Cybrary https://www.cybrary.it/blog/0p3n/advanced-google-dorking-commands/
Accelerate in your role, earn new certifications, and develop cutting-edge skills using
the fastest growing catalog in the industry
Upgrade Now
Solutions Platform
Government Alliances
10 of 11 08/01/2022, 3:54 pm
Advanced Google Dorking Commands | Cybrary https://www.cybrary.it/blog/0p3n/advanced-google-dorking-commands/
Company Resources
Report a Vulnerability
11 of 11 08/01/2022, 3:54 pm