Hello friends! I am back with a new article. Today I am going to tell you about Google Hacking.
Everyone has a common impression that whenever they hear the word Hacking, it means to them like breaking into someone’s system and stealing some data or getting access to someone’s private files. But, Hacking is much wider concept than that.
Google Hacking can also be defined as Google Dorking. A Google Dork query is sometimes referred as a dork, is a search string that uses advanced search operators to find some kind of information on the internet which is not readily available. Google Dorking returns information that is difficult to locate with simple search queries.
By this activity, Google Dorking can return a number of sensitive information like emails, passwords, sensitive documents, financial information, website vulnerabilities, loopholes in any website, private information of any individual or some company. If this method is used appropriately, a country’s security and classified information can be put to risk. That information can be used for a number of illegal activities like cyber crime, cyberterrorism, identity theft and much more.
Google Dorks are not used so much by common people but it is the best friend of Hackers.
Here is an example of how Hackers use Google Dorks to gain sensitive information from any website.
- “inurl: domain/” “additional dorks”
A Hacker would simply use different parameters of his/her desire to gain information.
- inurl = the URL of a site you want to query
- domain = the domain for the site
- dorks = the sub-fields and parameters that a hacker wants to scan
This is the basic syntax of using Google Dorks and find any information. The best way to use Google Dorks is to find vulnerabilities on your own website.
A search parameter is a limitation applied to a search. Here are a few examples of advanced search parameters:
- site: returns files located on a particular website or domain.
- filetype: followed (without a space) by a file extension returns files of the specified type, such as DOC, PDF, XLS and INI. Multiple file types can be searched for simultaneously by separating extensions with “|”.
- inurl: followed by a particular string returns results with that sequence of characters in the URL.
- intext: followed by the searcher’s chosen word or phrase returns files with the string anywhere in the text.
Multiple parameters can be used to gain various kinds of information accurately. If a person knows to use many parameters at a time, he/she could get classified information even about the government.
- “sensitive but classified” filetype:pdf site:incometax.gov.in
We can also use other search filed than URL that will help to uncover a lot of information about a site. These are some more of the dorks which are very useful.
Here’s an example of the use of Google Dork:
link: The query [link:] will list webpages that have links to the specified webpage. For instance, [link:www.google.com] will list web pages that have links pointing to the Google homepage. Note there can be no space between the “link:” and the web page url.
In August 2014, the United States Department of Homeland Security (DHS), the FBI and the National Counterterrorism Center issued a bulletin warning agencies to guard against the potential for Google dorking on their sites. One of the first intrusion prevention measures proposed is to conduct Google dorking expeditions using likely attack parameters to discover what type of information an intruder could access.
Use this only for information and not for illegal activities because it could result even ending up into jail. This is not all about Google Dorks. There is much more to it which I would try to informate you about in future articles. That’s all for now.