HTML tutorial русский HTML tutorial english HTML tutorial عربي
0 0
Read Time:6 Minute, 19 Second

What is  Google Dorks ?

Google Dorks , also known as Google Dorking or google dorks list , is a valuable resource for security researchers. For the average person, Google is just a search engine used to find text, images, videos, and news. However, in the infosec world, Google is a useful security tool.

 

Let’s look at the most popular Google Dorks and what they do.

  • cache: this dork will show you the cached version of any website, e.g. cache: cyberhyena.net
  • allintext: searches for specific text contained on any web page, e.g. allintext: "what you want "
  • allintitle: exactly the same as allintext, but will show pages that contain titles with X characters, e.g. allintitle:"Security Companies"
  • allinurl: it can be used to fetch results whose URL contains all the specified characters, e.g: allinurl client area
  • filetype: used to search for any kind of file extensions, for example, if you want to search for jpg files you can use: filetype: jpg
  • inurl: this is exactly the same as allinurl, but it is only useful for one single keyword, e.g. inurl: admin
  • intitle: used to search for various keywords inside the title, for example, intitle:security tools will search for titles beginning with “security” but “tools” can be somewhere else in the page.
  • inanchor: this is useful when you need to search for an exact anchor text used on any links, e.g. inanchor:"cyber security"
  • intext: useful to locate pages that contain certain characters or strings inside their text, e.g. intext:"safe internet"
  • link: will show the list of web pages that have links to the specified URL, e.g. link: microsoft.com
  • site: will show you the full list of all indexed URLs for the specified domain and subdomain, e.g. site:cyberhyena.net
  • *: wildcard used to search pages that contain “anything” before your word, e.g. how to * a website, will return “how to…” design/create/, etc… “a website”.
  • |: this is a logical operator, e.g. "security" "tips" will show all the sites which contain “security” or “tips,” or both words.
  • +: used to concatenate words, useful to detect pages that use more than one specific key, e.g. security + trails
  • : minus operator is used to avoiding showing results that contain certain words, e.g. security -trails will show pages that use “security” in their text, but not those that have the word “trails.”

If you’re looking for the complete set of Google operators, you can follow this SEJ post which covers almost every known dork available today.

some examples for using google dorks list

if you want to search all the pdf file in a website you will use it like this

site:www.example.com filetype:.pdf

if you want to search for website with ID’s you will use this

inurl:.php?id= or inurl:.php?num= or inurl:news.php?id=

if you want to search for pdf files or books about secuirty you will use this

filetype:.pdf intitle: understanding web security

 

Log files

Log files are the perfect example of how sensitive information can be found within any website. Error logs, access logs and other types of application logs are often discovered inside the public HTTP space of websites. This can help attackers find the PHP version you’re running, as well as the critical system path of your CMS or frameworks.

In the results we discovered one particular website showing an SQL error log from a database server that included critical information:

MyBB SQL Error
SQL Error: 1062 - Duplicate entry 'XXX' for key 'username'
Query:
INSERT
INTO XXX (`username`,`password`,`salt`,`loginkey`,`email`,`postnum`,`avatar`,`avatartype`,`usergroup`,`additionalgroups`,`displaygroup`,`usertitle`,`regdate`,`lastactive`,`lastvisit`,`website`,`icq`,`aim`,`yahoo`,`msn`,`birthday`,`signature`,`allownotices`,`hideemail`,`subscriptionmethod`,`receivepms`,`receivefrombuddy`,`pmnotice`,`pmnotify`,`showsigs`,`showavatars`,`showquickreply`,`showredirect`,`tpp`,`ppp`,`invisible`,`style`,`timezone`,`dstcorrection`,`threadmode`,`daysprune`,`dateformat`,`timeformat`,`regip`,`longregip`,`language`,`showcodebuttons`,`away`,`awaydate`,`returndate`,`awayreason`,`notepad`,`referrer`,`referrals`,`buddylist`,`ignorelist`,`pmfolders`,`warningpoints`,`moderateposts`,`moderationtime`,`suspendposting`,`suspensiontime`,`coppauser`,`classicpostbit`,`usernotes`)
VALUES ('XXX','XXX','XXX','XXX','XXX','0','','','5','','0','','1389074395','1389074395','1389074395','','0','','','','','','1','1','0','1','0','1','1','1','1','1','1','0','0','0','0','5.5','2','linear','0','','','XXX','-655077638','','1','0','0','0','','','0','0','','','','0','0','0','0','0','0','0','')

This example exposed the current database name, user login, password and email values to the Internet. We’ve replaced the original values with “XXX”.

we talk about this before and how google dorking can be so dangerous you can read it here  

an example of bad use for that is this one  of dorks that used to search for database backup ! we will not show it for security reasons  this dork will order google to search for sql format files which contains username and password !!

you may think it is not possible , actually its working !! some website when they do a backup for the database they safe an online version on the website files , and without right robots.txt file orders google will index that , and then  a backup of your database are available to every one !!

also some attackers use google dorks to find websites with SQL injection exploit ! and they order google to get the website using php programming language using file type .php and have iD in the url using inurl order , also you can search in any country websites for that using location order or by using site: option by adding the domain  country tld (Top-level domain) for example .us is for united states of America  and .ru is for russia google dorks list

Preventing Google Dorks

There are a lot of ways to avoid falling into the hands of a Google Dork.

These measures are suggested to prevent your sensitive information from being indexed by search engines.

  • Protect private areas with a user and password authentication and also by using IP-based restrictions.
  • Encrypt your sensitive information (user, passwords, credit cards, emails, addresses, IP addresses, phone numbers, etc).
  • Run regular vulnerability scans against your site, these usually already use popular Google Dorks queries and can be pretty effective in detecting the most common ones.
  • Run regular dork queries against your own website to see if you can find any important information before the bad guys do. You can find a great list of popular dorks at the Exploit DB Dorks database.
  • If you find sensitive content exposed, request its removal by using Google Search Console.
  • Block sensitive content by using a robots.txt file located in your root-level website directory.

Using robots.txt configurations to prevent Google Dorking

One of the best ways to prevent Google dorks is by using a robots.txt file. Let’s see some practical examples.

The following configuration will deny all crawling from any directory within your website, which is pretty useful for private access websites that don’t rely on publicly-indexable Internet content.

User-agent: *
Disallow: /

You can also block specific directories to be excepted from web crawling. If you have an /admin area and you need to protect it, just place this code inside:

User-agent: *
Disallow: /admin/

This will also protect all the subdirectories inside.

Restrict access to specific files:

User-agent: *
Disallow: /privatearea/file.htm

Restrict access to dynamic URLs that contain ‘?’ symbol

User-agent: *
Disallow: /*?

To restrict access to specific file extensions you can use:

User-agent: *
Disallow: /*.php$/

In this case, all access to .php files will be denied.

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %

Average Rating

5 Star
0%
4 Star
0%
3 Star
0%
2 Star
0%
1 Star
0%

Leave a Reply

Your email address will not be published. Required fields are marked *

Close