How to use Search Engine Dorks?
Search engine dorks are advanced search terms that can be crafted in a way that allows you to perform reconnaissance on a wide range of publicly available information on the web. Essentially, dorks are search queries formatted in a way that can find hidden and misconfigured data from websites. Common examples of these include: XSS, SQLi, PII, customer data, transaction information, etc.
The Google Hacking Database (GHDB) is a compiled list of common mistakes web/server admins make, which can be easily searched by using Google. As a result, you can find things like administrator consoles, password files, credit card numbers, unprotected webcams, etc. https://www.exploit-db.com/google-hacking-database
Google Search Basics
Google being a full-text search engine, it indexes entire web pages instead of just titles and
descriptions. This allows comprehensive searches based upon key (query) words. Straight from the Google search page.
| Operator | Example | Description |
|---|---|---|
| site: | site:nvidia.com | allows you to narrow your search by either a site or a top-level domain. |
| AND (Default) | facebook Nvidia “Golden State” | Google’s Boolean default is AND; that means if you enter query words without modifiers, Google will search for all of them. |
| OR | facebook OR Nvidia OR “Golden State” | If you want to specify that either word is acceptable, you put an OR between each item. |
| Parentheses | facebook (Nvidia OR “Golden State”) | If you want to definitely have one term and have one of two or more other terms, you group them with parentheses. |
| Pipe (|) | facebook (Nvidia | “Golden State”) | A stand-in for OR borrowed from the computer programming realm is the | (pipe) character. |
| Minus (-) | facebook Nvidia -“Golden State” | If you want to specify that a query item must not appear in your results, use a – (minus sign or dash). |
| intitle: | intitle:Nvidia | Restricts your search to the titles of web pages. |
| allintitle: | allintitle:Nvidia Facebook | If you have a query where you are using the intitle: dork in one search query, you can shorted the query by using the allintitle: operator |
| inurl: | breached inurl:nvidia | Returns search results with your search term specifically in the URL such as the domain name or in any path or file of the domain. |
| allinurl: | breached allinurl:nvidia ransom | Returns search results with all of your search terms specifically in the URL such as the domain name or in any path or file of the domain. |
| intext: | intext:”Nvidia breach” | Searches only body text (i.e., ignores link text, URLs, and titles). |
| inanchor: | inanchor:”nvidia security” | Searches for text in a page’s link anchors. |
| link: | link:nvidia developer | Returns a list of pages linking to the specified URL. |
| cache: | cache:hackthebox.com | Finds a copy of the page that Google indexed even if that page is no longer available at its original URL or has since changed its content completely. |
| filetype: | filetype:xls inurl:confidential | Searches the suffixes or filename extensions. These are usually, but not necessarily, different file types. |
| daterange: | site:google.com daterange:2452463.5 | Limits your search to a particular date or range of dates that a page was indexed. The query is based on the Julian date. |
site: Operator
site: allows you to narrow your search by either a site or a top-level domain.
site:nvidia.com
AND (Default) Dork
Google’s Boolean default is AND; that means if you enter query words without modifiers, Google
will search for all of them.
If you search for:
facebook Nvidia “Golden State”
Google will search for all the words.
OR Dork
If you want to specify that either word is acceptable, you put
an OR between each item:
facebook OR Nvidia OR "Golden State"
Parentheses Google Dork
If you want to definitely have one term and have one of two or more other terms, you group them
with parentheses, like this:
facebook (Nvidia OR "Golden State")This query searches for the word “Nvidia” or phrase “Golden State” along with the word
“facebook”
Pipe (|) Google Dork
A stand-in for OR borrowed from the computer programming realm is the | (pipe)
character, as in:
facebook (Nvidia | "Golden State")
Minus (-) Google Dork
If you want to specify that a query item must not appear in your results, use a – (minus sign or
dash).
facebook Nvidia -"Golden State"This will search for pages that contain both the words “facebook” and “Nvidia,” but not
the phrase “Golden State”
intitle: Operator
intitle: restricts your search to the titles of web pages.
intitle:Nvidia
allintitle: Operator
allintitle: if you have a query where you are using the intitle: dork in one search query, you can shorted the query by using the allintitle: operator
allintitle:Nvidia Facebook
inurl: Operator
inurl: returns search results with your search term specifically in the URL such as the domain name or in any path or file of the domain.
breached inurl:nvidia
allinurl: Operator
allinurl: returns search results with all of your search terms specifically in the URL such as the domain name or in any path or file of the domain.
breached allinurl:nvidia ransom
intext: Operator
intext: searches only body text (i.e., ignores link text, URLs, and titles).
intext:"Nvidia breach"
inanchor: Operator
inanchor: searches for text in a page’s link anchors. A link anchor is the descriptive text of a link. For example, the link anchor in the HTML code:
<a
href="http://www.nvidia.com>Nvidia Security</a>
is “Nvidia Security”
inanchor:"nvidia security"
link: Operator
link: returns a list of pages linking to the specified URL.
link:nvidia developer
cache: Operator
cache: finds a copy of the page that Google indexed even if that page is no longer
available at its original URL or has since changed its content completely. This is
particularly useful for pages that change often. If Google returns a result that appears to have little to do with your query, you’re almost sure to find what you’re looking for in the latest cached version of the page at Google
cache:hackthebox.comfiletype: Operator
filetype: searches the suffixes or filename extensions. These are usually, but not
necessarily, different file types.
filetype:xls inurl:confidentialdaterange: Operator
daterange: limits your search to a particular date or range of dates that a page was
indexed. The query is based on the Julian date, a continuous count of days since noon UTC on January 1, 4713 BC. Therefore, the date entered must be converted to a Julian date. So, for example, July 8, 2002 is Julian date 2452463.5
site:google.com daterange:2452463.5
