Google Dorking or Google hacking is an advanced information-gathering technique that uses Google search and other Google applications to find configuration security holes, computer codes, files containing credentials and other sensitive data that are not easily available on the website.
This technique uses Google dork queries. Google dork queries are search string that uses advanced search operators to find information. Google Dorking/Hacking is the first choice of attackers/hackers.
As a passive attack method, Google Dorking can return a specific file-type list, email lists, sensitive documents, usernames and passwords, and website vulnerabilities. Information return by Google hacking can be used for any number of illegal activities including Cyberstalking, Identity Theft, Cyberterrorism, Industrial Espionage.
For example, the following query will list SQL files available that have been indexed by Google.
Similarly, the following search query will list publicly accessible phpMyAdmin installations.
Following is the list of Logical operators and symbols in Google Search:
|AND or +||Used to include all keywords. All keywords need to be found.|
|NOT or –||Used to exclude all keywords. All keywords need to be found.|
|OR or |||Used to include keywords where either one keyword or another is matched.|
|Tilde(~)||Used to include synonyms and similar words.|
|Double Quote(“)||Used to include exact matches.|
|Period(.)||Used to include single-character wildcards.|
|Period(*)||Used to include single-character wildcards.|
|Parenthesis(())||Used to group queries.|
Here are a few examples of advanced search operators:
|intitle||Search Page Title|
|allintitle||Search Page Title|
|filetype||Returns list of files with pecific file type|
|intext||Search text of page only|
|link||Search for links to pages (Turned off by 2017)|
|inanchor||Search link anchor text|
|daterange||Search in date range|
|author||Group author search|
|group||Group name search|
|insubject||Group subject search|
|msgid||Group msgid search|
|site||Search specific site|