Google hacking, also named Google dorking, is a hacker technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites are using. Google dorking could also be used for OSINT (Open Source Intelligence). This can be used to find information that was made public on accident. You can find more information about your targets this way. This can be very entertaining: finding public cameras, password lists, peoples files and passwords, gov documents, admin panels, and much more.
Basics of Google Dorking
"search string"
- web pages that contain the exact same string
string | string
- between queries will return results for each string
site: wikipedia.org
- search for certain words on a website
-site: wikipedia.org
- do not show results for a website
inurl:"view.shtml" "Network Camera"
- find network cameras
?intitle:index.of? mp3 artist_name
- find mp3 files of songs
intitle:"index of" inurl:ftp
- find exposed FTP servers
filetype:txt inurl:"email.txt"
- email lists (Government emails can be found)
filetype:ppt gulf war
- find supported files
allintext:username filetype:log
- find usernames and password logfiles
intitle:"Index of..etc" passwd
- Linux machines with directory exposed
index of any-show-name
- Find shows and movies for free
ethical hacking site:drive.google.com
- Find free courses
index of software-name
- Find free software
ext:log “Software: Microsoft Internet Information Services *.*”
- Microsoft ISS server logs (online activity)