Hey folks, don’t know what google dorks or google hacking is? Want to know how to use google dorks to find passwords? If yes then this article will help you to know about all these topics.
Google Dorks, also known as Google Hacking, is a technique in hacking that uses google search and other applications to find holes in the security in the configuration and in the computer codes that the website use.
When you think about hacking, you imagine about a random dude typing random words and in terminal with black background. It looks cool but that is not what hacking is all about.
The first step in hacking is information gathering. A hacker will try to collect every information about target and google can be a very good tool to do that.
Even if you’re not a hacker, finding exactly what you want to search is a good skills. So this article divides the whole concept of google dorks into two parts.
In the first part we will see how we can use advanced google searching methods to find exactly what we want. In the second part we will start searching for interesting info from a hacker’s perspective.
You must know some ethics about google hacking or google dorking. It is legal to find information through a google search but misusing the information you find is illegal.
Table of Contents
Advanced Google Searching – Google Dorks
Whenever we search for anything on google it gives us the list of multiple results. But have you ever wondered where does google get all the information from? So let us see how search engines like google collect their data.
The search engine goes to the first webpage of every website and then visits other web pages link to that page. While doing this it collects all the data that it finds. The process continues for entire website. This process is known as crawling.
It’s a ongoing process since website keep updating their data and adding new web pages and it is done for all the web pages that are stored on the internet.
The search engine adds all this information in special database called search index and retrieves the information from their. So this means that whatever information we are trying to gather during our information gathering face has already been gathered by google or any other search engine for that matter.
The challenge is that billions of pages come up at every search request and it is almost impossible to go through to find the page that maybe use to us.
But we have a solution of this problem and that is dorks, for google it is called google dorks. Dorks are specified keywords that you can use to do more accurate search on google. Let’s see what they are.
Open google and search for pentestingguide.com. Now see the results on first page itself. You will see the top results include pentestingguide website.
Now type site:pentestingguide.com. Now you will see the top web pages from the pentestingguide website.
If you are finding vulnerabilities in any website let’s say pentestingguide then the web pages found in second search results (site:pentestingguide.com) are more important.
The keyword site used in this search is a google dorks. So what are dorks? Dorks are specific search filters that can be applied to a search engine, to make the search targeted and specific.
They can be used for various search engines like google, bing, yahoo, duck duck go, etc. Now we have understanding of what google dorks is. So are you ready to know how to can find username, password and address.
How to use Google Dorks to Find Username, Passwords & Address
In this part we are going to learn how to find useful information which are accidentally left open in the internet by using a combination of these google search operators.
I am typing allintext: username password. This will force google to show specific results that have the words username and password. You can also try to find your homework content or anything else using this and hit enter.
All results here include words username and passwords and as you can see above the search result both words are highlighted by google but these results are random search results and don’t contain any private info so we are going to do some changes.
This time we are going to type allintext: *gmail.com password. It means we can search for any gmail account using this operator. You can use this operator if you you don’t know exactly what to search for and hit enter.
You will again find some random websites with no private information which means we are still not precise enough to find private info. To be more precise I’m typing allintext: *gmail.com password filetype:xlsx.
This will force google to search results only in xlsx format which is a file created by Microsoft excel and this file format is used to store data of members in an organization or in database.
For example you can use PDF format to find ebooks, docx for windows word file and there are many such file type but one thing I want to mention here is you can’t search MP3 file format because google removed it due to copyright issue.
You’ll see many interesting results. These files may have id and passwords which are accidentally left open to access. This search results says second grade username and passwords.
Scroll little down and you see a search result called social media passwords which are again accidentally disclosed. Let’s click on one of these results.
As you can above I was right, this file is full of information lile username and passwords but I am going to blur them and another thing is that I found these accounts but I’m not going to try logging into these accounts because that will be illegal.
Conclusion: Google Dorks for Hacking
By reading this article you came to know what is google dorks, how to use google dorks to find username, passwords & address, what is google hacking and how to find anything on google.
If you are a hacker or not, it will be cool to find anything on google or specific thing on google. This article will help you to know about google dorks. If you have any doubt realted to google dorks then make sure to clear it by commenting below.