Google Dork as a hacking tool

Lord777

Lord777

Professional
Messages
2,579
Reaction score
1,471
Points
113
Salute to everyone, dear friends!
To put it bluntly, Google is a nasty search engine. This machine indexes everything it comes across and even corporate data.
This is what we will use!

Google Dork is a collection of queries to identify the grossest security holes. Anything that is not properly hidden from search engine crawlers.

Hacking usually requires a set of special utilities, but one of them is available to everyone and always at hand is the Google search engine. You just need to know how to use it. Google Dork Queries are tricky queries to search engines that help shed light on public data, but hidden from prying eyes.

edb978e0-0c20-4e04-95aa-fa37fda7edc6.gif


Google operators
Here is a small list of useful Google commands. Among all the commands for advanced Google search, we are mainly interested in these four:
  • site - search for a specific site;
  • inurl - indicate that the search words should be part of the page / site address;
  • intitle - search operator in the title of the pages themselves;
  • ext or filetype - search for files of a specific type by extension.

Also, when creating a Dork, you need to know several important operators, which are set by special characters.
  • | - OR operator, or vertical slash (logical or) indicates that you need to display results containing at least one of the words listed in the query.
  • "" - The quotation mark operator indicates an exact match.
  • - - the minus operator is used to exclude from the output results with the words specified after the minus.
  • * - operator asterisk, or asterisk is used as a mask and means "anything".

The most interesting dorks are fresh, and the freshest are those that the hacker found himself. However, if you get too carried away with experiments, you will be banned from Google ... until you enter the captcha.

If you don't have enough imagination, you can try to find fresh dorks on the net.

Here are some:
Code: 
"Index of / admin"
 "Index of / password"
 "Index of / mail"
 "Index of /" + passwd
 "Index of /" + password.txt
 "Index of /" + .htaccess
 index of ftp + .mdb allinurl: / cgi-bin / + mailto
 administrators.pwd.index
 authors.pwd.index
 service.pwd.index
 filetype: config web
 gobal.asax index
 allintitle: "index of / admin"
 allintitle: "index of / root"
 allintitle: sensitive filetype: doc
 allintitle: restricted filetype: mail
 allintitle: restricted filetype: doc site: gov
 inurlasswd filetype: txt
 inurl: admin filetype: db
 inurl: iisadmin
 inurl: "authuserfile.txt"
 inurl: "wwwroot / *."
 top secret site: mil
 confidential site: mil
 allinurl: winnt / system32 / (get cmd.exe)
 allinurl: / bash_hhistory
 intitle: "Index of" .shstory
 intitle: "Index of" .bash_hishistory
 intitle: "index of" passwd
 intitle: "index of" people.lst
 intitle: "index of" pwd.db
 intitle: "index of" etc / shadow
 intitle: "index of" spwd
 intitle: "index of" master.passwd
 intitle: "index of" htpasswd
 intitle: "index of" members OR accounts
 intitle: "index of" users OR user_cart
 cart
 default.asp
 showcode.asp
 sendmail.cfm
 wwwboard.pl
 www-sql
 view-source
 campas
 aglimpse
 glimpse
 man.sh
 AT-admin.cgi
 AT-generate.cgi
 default.asp
 dvwssr.dll
 cart32.exe
 add.exe
 index.jsp
 SessionServlet
 shtml.dll
 index.cfm
 page.cfm
 shtml.exe
 webcgi
 shop.cgi
 upload.asp
 default.asp
 pbserver.dll
 phf
 test-cgi
 finger
 Count.cgi
 jj
 ssi
 php.cgi
 php
 nph-test-cgi
 handler
 webdist.cgi
 getFile.cfm
 imagemap.exe
 admin
 cgiwrap
 edit.pl
 perl
 names.nsf
 webgais
 dumpenv.pl
 test.cgi
 submit.cgi
 guestbook.cgi
 guestbook.pl
 cachemgr.cgi
 responder.cgi
 perlshop.cgi
 query
 w3-msql
 plusmail
 htsearch
 infosrch.cgi
 publisher
 ultraboard.cgi
 htgrep
 wais.pl
 amadmin.pl
 subscribe.pl
 news.cgi
 auctionweaver.pl
 ad.cgi
 WSFTP.LOG
 index.html ~
 forums.html ~
 index.html.bak
 test.bat
 msadcs.dll
 htimage.exe
 counter.exe
 browser.inc
 vtiinfvti
 service.pwd
 users.pwd
 authors.pwd
 administrators.pwd
 shtml.dll
 shtml.exe
 fpcount.exe
 hello.bat
 websendmail
 faxsurvey
 htmlscript
 perl.exe
 webgais
 filemail.pl
 maillist.pl
 info2www
 files.pl
 bnbform.cgi
 survey.cgi
 classifieds.cgi
 wrap
 db.cgi
 formmail.cgi
 allmanage.pl
 adpassword.txt
 redirect.cgi
 cvsweb.cgi
 login.jsp
 dbconnect.inc
 forums.html.bak
 print.cgi
 register.cgi
 webdriver
 bbs_forum.cgiforum.cgi
 mysql.class
 sendmail.inc
 CrazyWWWBoard.cgi
 search.pl
 way-board.cgi
 webpage.cgi
 pwd.dat
 adcycle
 post-query
 help.cgi
 .htpasswd
 acidaccess.log
 log.htm
 log.html
 log.txt
 logfile
 logfile.htm
 logfile.html
 logfile.txt
 logger.html
 stat.htm
 stats.htm
 stats.html
 stats.txt
 webaccess.htm
 wwwstats.html
 source.asp
 perl
 mailto.cgi
 YaBB.pl
 mailform.pl
 cached_feed.cgi
 global.cgi
 Search.pl
 build.cgi
 common.php
 show
 global.inc

Option for beginners
It is rather difficult for an ordinary user to find some useful information. But unfortunately or fortunately, there is a special database with constantly replenishing dorks.
The Google Hacking Database (https://www.exploit-db.com/google-hacking-database) (GHDB) is a collection of Google hacking search terms that expose sensitive data provided by vulnerable servers and web applications.
This database is very easy to use, but no less useful. Go to the site, choose a category and any dork you like.
Then just surf and look for the information you need.
 
You must log in or register to reply here.

Similar threads

Man
Search for vulnerabilities on a website using Google Dorks
Replies
0
Views
215
Man
Man
Tomcat
How hackers work through Google Dorks
Replies
0
Views
275
Tomcat
Tomcat
Man
Hacking a GitHub Repository with GitHub Dorks
Replies
0
Views
179
Man
Man
Man
150+ Hacker Search Engines and Tools
Replies
0
Views
292
Man
Man
Carding Forum
Your website may disappear from Google forever
Replies
0
Views
78
Carding Forum
Carding Forum
Back
Top