pretty much google dorks can be risky to your information and your website i will show you how on this article , first of all what is google dorks ?
Before starting with google dorks, you need to have basic understanding of few special google search operators and also how it functions.
This will ask google to show pages that have the term in their html title.
Searches for specified term in the URL. For example:inurl:register.php
Searched for certain file type. Example: filetype:pdfwill search for all the pdf files in the websites.
It works similar to filetype. Example: ext:pdf finds pdf extension files.
This will search content of the page. This works somewhat like plain google search
This limits the search to a specific site only. Example: site:firstname.lastname@example.org will limit search to only email@example.com.
This will show you cached version of any website. Example: cache: aa.com
This works like a wildcard. Example: How to * sites, will show you all the results like “how to…” design/create/hack, etc… “sites”
an example of bad use for that is this one of dorks that used to search for database backup ! we will not show it for security reasons this dork will order google to search for sql format files which contains username and password !!
you may think it is not possible , actually its working !! some website when they do a backup for the database they safe an online version on the website files , and without right robots.txt file orders google will index that , and then a backup of your database are available to every one !!
also some attackers use google dorks to find websites with SQL injection exploit ! and they order google to get the website using php programming language using file type .php and have iD in the url using inurl order , also you can search in any country websites for that using location order or by using site: option by adding the domain country tld (Top-level domain) for example .us is for united states of America and .ru is for russia
Explore Specific websites with specific domains
Let’s say you want to explore websites or certain organization that has certain domain. You can simply do that by entering the following code:
You can use the above example to explore all the list of government sites. You can also replace inurl: with some other google search operators for interesting results.
How can Google Dork Cyber Security Enthusiast?
Google almost indexes everything connected with the internet, which also includes different private informations of misconfigured services. This can often be useful as well as equally harmful at the same time. You need to make sure that do not log in to any of the services, even if the password is exposed, as this could get you into trouble because you don’t have permission.
However, if you have something hosted online, you can use some of the dork commands on your domain just to make sure you did not left anything exposed that hacker can use to get you.