Smart Google Search Queries and 4500+ GOOGLE DORKS LIST
Google is an awful search engine which can’t avoid its basic duty of crawling websites. All things considered, Google works this way. It crawl sites and when individuals enter related inquiry inquiries, it demonstrates their outcome in its list items page. Google utilizes Google bot (likewise called “creepy crawlies”) to crawl website pages. Until or unless indicated to NOT crawl, Google bot crawls each website page.
Webmasters who don’t want Google to crawl some of the webpages or directories can specify it either through their website’s robots.txt or putting noindex meta tag in required webpages but if it’s not done quickly after launch of the website, Google will index those pages or directories which might can leak your sensitive data.
Website admins who don’t need Google to crawl a portion of the site pages or directories can indicate it either through their website’s robots.txt or putting noindex meta tag in the required site pages, Google will list those pages or directories which may leak your sensitive information.
Though rare but these mistakes happen and when exploited, used by hackers very efficiently to hack a website because all he needs then is to type a smart Google search query and BOOM!
If you are new to hacking, you will hardly have a chance to find such lame exploits but you can be lucky in finding websites vulnerabilities using Google Dorks.
What is Google Dork?
A Google dork is an employee who unknowingly exposes sensitive corporate information on the Internet. The word dork is slang for a slow-witted or in-ept person.
Google dorks list put corporate information at risk because they unwittingly create back doors that allow an attacker to enter a network without permission and/or gain access to unauthorized information. To locate sensitive information, attackers use advanced search strings “called Google dork queries.”
Basically, it is a complex Google search string created using combination of advanced google search operators like site:, filetype:, inurl:, intitle:, intext:, etc. and possible vulnerable terms which when entered in Google search bar may list the sites with those vulnerabilities.
Doing Google Dorks queries, we put Google itself as a tool to find vulnerabilities, sensitive information of websites from what we call Google Hacking Database (GHDB).
Types of Vulnerabilities Google Dorks List Can Reveal
Don’t underestimate the power of Google search. It has most powerful web crawlers in the world; it provides lots of smart search operators and options to filter out only needed information. That’s what makes Google Dorks powerful. If used correctly, it can help in finding:-
Footholds -Queries that can help a hacker gain a foothold into a web server
Web Server Detection – These links demonstrate Google’s awesome ability to profile web servers.
Files containing usernames – These files contain usernames, but no passwords. Still, Google finds usernames on a web site.
Sensitive Directories – Google’s collection of web sites sharing sensitive directories. The files contained in here will vary from sensitive to uber-secret!
Vulnerable Files – HUNDREDS of vulnerable files that Google can find on websites
Files containing passwords – PASSWORDS, for the LOVE OF GOD!!! Google found PASSWORDS!
Vulnerable Servers – These searches reveal servers with specific vulnerabilities. These are found in a different way than the searches found in the “Vulnerable Files” section.
Sensitive Online Shopping Info – Examples of queries that can reveal online shopping info like customer data, suppliers, orders, credit card numbers, credit card info, etc.
Error Messages – Really retarded error messages that say WAY too much!
Files containing juicy info – No usernames or passwords, but interesting stuff none the less.
Network or vulnerability data – These pages contain such things as firewall logs, honeypot logs, network information, IDS logs… all sorts of fun stuff!
Pages containing login portals – These are login pages for various services. Consider them the front door of a website’s more sensitive functions.
Various Online Devices – This category contains things like printers, video cameras, and all sorts of cool things found on the web with Google.
Advisories and Vulnerabilities – These searches locate vulnerable servers. These searches are often generated from various security advisory posts, and in many cases are products or version-specific.
Google SQL Dorks List– 2018
Here is the collection of Google SQL Dorks List for SQL Injection 2018.
To use them, put queries in this syntax:
site: targetwebsite.com in url:admindork
Replace ‘targetwebsite.com’ from your target website and ‘adm indork’ with Google dork from the list.
The list is growing, New Google Dorks are being find and added to the list. To keep yourself updated with latest Google Dorks, we recommend you to stay tuned with Exploit-DB.com Google Hacking Database Webpage where new Google Dorks are being added with proper detail, examples and timestamp.
Even you can also find out new Google Dorks which aren’t yet discovered. So, if you find out something new, don’t forget to share it with fellow hackers online.
Julia Sowells467 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.