handbook/tools/2.Scanning-and-Enumeration/2.Enumeration/Subdomain/Google Dorking.md

26 lines
1.9 KiB
Markdown
Raw Permalink Normal View History

2024-08-30 23:07:22 +00:00
## What is Google dorking?
Google dorking, also known as Google hacking or Google search hacking, is a technique used by security professionals to identify potential security vulnerabilities and misconfigurations in web applications.
It involves using advanced search operators in Google search queries to find specific information that is not easily accessible through normal search methods. This information can include sensitive files, directories, login pages, vulnerable scripts, and other confidential data that can be used for malicious purposes if accessed by unauthorized users.
## Common Use and Commands:
Google dorking is commonly used by security professionals, penetration testers, and ethical hackers to find vulnerabilities and misconfigurations in web applications.
The following are some common Google dorking commands:
- To search for a specific file type: `filetype:<extension> <query>`
- To search for directories and files with a specific name: `intitle:<name> inurl:<name>`
- To search for login pages: `inurl:login <site>`
- To search for SQL injection vulnerabilities: `inurl:index.php?id= <site>`
- To search for sensitive data: `intext:<sensitive-data>`
These are just a few examples of the commands that can be used with Google dorking. The technique supports various search operators and modifiers that can be used to refine and customize the search queries.
## More Information
For more information on Google dorking, including the latest updates and examples of advanced search queries, please refer to the following resources:
- Google Hacking Database: [https://www.exploit-db.com/google-hacking-database](https://www.exploit-db.com/google-hacking-database)
- Google Advanced Search: [https://www.google.com/advanced_search](https://www.google.com/advanced_search)
- Google Dorking HELPER: https://dorksearch.com/
- Google Dorks List: [https://www.exploit-db.com/google-dorks](https://www.exploit-db.com/google-dorks)