What is Google Dorking?
Google Dorking or hacking involves the use of operators in the Google search engine to locate specific words or text strings within search results. It is basically an information-gathering technique. The attacker can use this technique to gain specific open-source sensitive information of the target. The hackers can also use google dorking to find specific versions of web applications that are vulnerable. This is a legitimate thing an attacker can actually use.
This is one of the first steps the attacker takes when they decide to hack the target. The attacker or hacker refers to this step as the information gathering stage. The attacker tries to collect as much information about the target as possible. This is often referred to as Reconnaissance or Footprinting. This is because the more the attacker knows about the target, the better he can hack the target with alternative techniques.
Does Google Hacking mean Hacking the Google?
No, Google hacking does not mean hacking the Google search engine or any Google related tools. However, Google has provided the platform for White Hat Hackers to perform bug bounties. Google hacking just means using Google search queries in order to gain open-source information.
Is Google Dorking/Hacking Legal?
The answer is yes, Google Dorking is legal but only up to a certain point. There is a point up to which Google Dorking is legal. This is mostly legal. Because the attacker only tries to get information that’s already been made public. In most cases, such kind of information can be Google searched. As an attacker notices this information was made public by accident. So one may have accidentally exposed their password or maybe left a webcam open to the internet. This is all the attacker looks for while doing these searches. The attacker uses the search in just the right way using the right keywords and some Google search operators. This certainly results in gaining some sensitive public information about the target.
The point where this becomes illegal is when the attacker uses the information and use it against the victim. This might include using this information to gain more information out of them. Or use it for an alternative attack. So, unless the attacker has permission to proceed further, this becomes illegal.
What are Logical operators and Search Symbols?
The attackers take advantage of logical operators like AND, OR, NOT, etc. These logical operators can also dork out some sensitive information. The list of Google’s logical operators are as follows:
1} AND (+) : Used to include phrases that need to be found.
2} OR (|) : Used to include phrases. Either one of the keywords should match.
3} NOT (-) : Used to exclude the keywords.
4} Tilde (~) : Used to include similar words or synonyms.
5} Double quote (“ “) : Used to search for exactly the same phrase.
6} Period (.) : Used to include the single character wildcards.
7} Asterisk (*) : Used to include the single word wildcards.
8} Parenthesis(()) : Used to group the queries.
What are Advanced Search Operators?
Google advanced search operators help to refine Google searches. They are included as a part of Standard Google Query. The syntax of the operators is as follows:
Here is a list of Google’s advanced search operators.
1} intitle : Search page title
2} inurl : Search URL
3} filetype : Search specific files
4} allintext : Search text of page only
5} site : Search specific site
6} link : Search for links to pages
7} inanchor : Search link anchor text
8} cache : Search and display version of web page
9} author : Group author search
10} group : Group name search
The Google Hacking Database
Search “Google Hacking Database” on Google search and visit the database website. It is a database of potential Google search strings the same as Google search operators. These strings can essentially expose potential vulnerabilities, passwords, usernames, email, etc. The information that the attacker gets here might not be valuable at first glance. But if the attacker tries to put a bunch of information about a target together, they can actually discover some essential vulnerabilities for further attack.