Google Dorking (Find Everything Online!)

Introduction

This tutorial will guide you through the technique of Google Dorking, also known as Google Hacking. This advanced method allows you to uncover hidden data and exposed assets on the internet that standard searches might miss. Aimed at beginners, this step-by-step guide will provide practical advice for using Google search operators effectively for reconnaissance and penetration testing.

Step 1: Understand Search Operators

Google search operators are special commands that refine your search results. Familiarize yourself with the following basic operators:

• site: Limits search results to a specific domain.
• filetype: Searches for specific file types (e.g., PDF, DOCX).
• inurl: Finds URLs containing specific keywords.
• intitle: Searches for keywords in the title of web pages.

Practical Tips

• Combine operators for more powerful searches. For example:

  site:example.com filetype:pdf
  

• Experiment with different combinations to discover various types of information.

Step 2: Locate Insecure Webcams

Use Google Dorking to find unsecured webcams that may be streaming footage publicly.

How to Search

• Use the following search string:

  inurl:view/view.shtml
  

• This query targets unsecured webcam streams.

Common Pitfalls

• Be aware of the ethical implications and legal boundaries when accessing any live feeds.
• Always use this information responsibly and only for educational purposes.

Step 3: Discover Admin Login Pages

Finding login pages can help you understand the security state of a website.

How to Search

• Use the following search strings:

  inurl:admin
  

  or

  inurl:login
  

Practical Advice

• Check for common admin paths like /admin, /login, or /wp-admin for WordPress sites.

Step 4: Identify High-Value Dorks

Some search queries yield particularly sensitive information. Use these high-value dorks to find exposed databases or sensitive files.

Example Search Queries

• Look for sensitive files:

  filetype:sql intext:password
  

• Find user credentials:

  filetype:txt intext:username
  

Important Reminder

• Use these queries responsibly for ethical hacking and security research only.

Step 5: Find Personal Information

Google Dorking can also be used to find personal information. This can be useful for social engineering assessments or to understand user security.

How to Search

• Search for specific names or phrases:

  "John Doe" site:linkedin.com
  

Ethical Considerations

• Always respect privacy and do not misuse any information obtained through these searches.

Conclusion

Google Dorking is a powerful technique for uncovering hidden data online. By mastering search operators and understanding how to apply them ethically, you can enhance your reconnaissance skills in security testing.

Next Steps

• Practice using the search operators in various combinations.
• Explore the Google Dorking Cheatsheet provided in the video description for more advanced queries.
• Always stay updated on ethical guidelines and legal boundaries in cybersecurity practices.