Google Dorking is a term that refers to the practice of applying advanced search techniques and specialized search engine parameters to discover confidential information from companies and individuals that wouldn’t typically show up during a normal web search.
Hackers can use Google Dorking tactics to reveal information that companies and individuals likely intended not to be discoverable through a Web search. This information can include account usernames and passwords, customer and partner lists and details, sensitive and private documents, account details, website vulnerabilities for potential cyber attacks and more.
Hackers also have an array of freely available online tools they can use to run automated scans that execute multiple Google Dorking queries, enabling them to more efficiently conduct their dorking efforts.
Feds Warn Businesses About Google Dorking
In July 2014 the U.S. Feds issued a warning to companies in the United States to increase vigilance for Google Dorking activity by hackers, or “malicious cyber actors” as the bulletin refers to them.
The bulletin also recommended utilizing sites and tools like the Google Hacking Database, the Google Diggity Project and Google Webmaster Tools to help identify and prevent the potential for Google Dorking attacks.