Search for vulnerabilities on a website using Google Dorks

[Man]

Today, by popular demand, we'll take a closer look at using Google Dorks as a tool for finding vulnerabilities on websites.

Hello everyone, dear friends!
Today, at your numerous requests, we will take a closer look at using Google Dorks as a tool for searching for vulnerabilities on websites.

Popular Google Search Operators​

Using the following operators allows you to make the process of searching for the necessary information more accurate:

• site:limits the search to a specific resource

Example: The query site:example.com will find all the information Google contains for the site example.com.

• filetype:allows you to search for information in a specific file type

Example: The query filetypehp site:example.com will show the entire list of files on the site that are present in the Google search engine.

• inurl:— search in resource URL

Example: query site:example.com inurl:admin - searches for the administration panel on the site.

• intitle:— search in page title

Example: query site: example.com intitle:»Index of» - searches for pages on example.com with a list of files inside

• cache:- Google cache search

Example: The query cache:example.com will return all pages of the resource example.com cached in the system.

Unfortunately, search robots are not able to determine the type and degree of confidentiality of information. Therefore, they treat a blog article, which is intended for a wide range of readers, and a backup copy of a database, which is stored in the root directory of a web server and is not subject to use by third parties, in the same way.

Thanks to this feature, as well as using search operators, hackers are able to detect vulnerabilities in web resources, various information leaks (backups and error text of web applications), hidden resources, such as open administration panels, without authentication and authorization mechanisms.

What sensitive data can be found online?​

It is important to keep in mind that information that can be found by search engines and potentially of interest to hackers includes:

• Third-level domains of the resource under study:

Third-level domains can be found using the word "site:". For example, a query like this site:*.example.comwill return all third-level domains for example.com. Such queries can reveal hidden administration resources, version control and build systems, and other applications that have a web interface.

• Hidden files on the server

Various parts of a web application may appear in search results. To find them, you can use the filetypehp site:example.com query . This allows you to discover previously unavailable functionality in the application, as well as various information about how the application works.

• Backups

To search for backups, the keyword filetype: is used. Various file extensions are used to store backups, but the most commonly used extensions are bak, tar.gz, sql.

Example request: site:*.example.com filetype:sql. Backups often contain logins and passwords for administrative interfaces, as well as user data and website source code.

• Web application errors

The error text may include various data about the system components of the application (web server, database, web application platform). Such information is always very interesting to hackers, as it allows them to obtain more information about the attacked system and improve their attack on the resource.

Example request: site:example.com "warning" "error".

• Logins and passwords

As a result of hacking a web application, data about users of this service may appear on the Internet. The request filetype:txt "login" "password" allows you to find files with logins and passwords. In the same way, you can check whether your mail or any account has been hacked. Just make a request filetype:txt username_or_email".

Combinations of keywords and search strings used to discover sensitive information are called Google Dorks .

Google experts have collected them in their public Google Hacking Database. This allows a company representative, be it a CEO, developer or webmaster, to run a query in a search engine and determine how well valuable data is protected. All dorks are categorized to make searching easier.

Examples of use​

Finally, here are some real-life examples of how Google Dorks helped hackers obtain important but poorly protected information:

Example #1. Leak of confidential documents on a bank's website​

During the security analysis of the official website of one of the banks, a huge number of pdf documents were found. All the documents were found using the query " site:bank-site filetypedf". The contents of the documents were also interesting, as they contained plans of the premises in which the bank's branches were located throughout the country. This information would be very interesting to bank robbers.

Example #2. Searching for payment card data​

Very often, when hacking online stores, hackers gain access to users' payment card data. To organize shared access to this data, attackers use public services that are indexed by Google. Example of a request: «Card Number» «Expiration Date» «Card Type» filetype:txt.