Google dorking, also known as Google hacking, is an advanced search mechanism that allows users to make the most out of the most popular Google searches. Through the use of advanced search operators, known as commands, regular users, as well as professionals from different fields can uncover hidden details.
This mechanism leverages the search engine’s indexing capabilities, providing a wide array of information. In this article, we’ll go over some of the most useful commands that even everyday users can utilize.
Google dorking uses a variety of specialized search commands to extract targeted information. Here’s a list of commonly used commands (Google dorks) and their functions:
Command | Description | Usage Example |
---|---|---|
allintitle: | Finds webpages with all specified words in the title. | allintitle:admin login |
allinurl: | Locates pages where the URL contains all specified words. | allinurl:index.php?id= |
cache: | Displays the cached version of a web page. | cache:example.com |
define: | Defines a word or phrase. | define:Google Dorking |
ext: | Searches for specific file extensions. | ext:pdf financial report |
filetype: | Looks for specific file types on the web. | filetype:xls budget |
info: | Displays information that Google has about a specific website | info:example.com |
intext: | Searches for pages containing specific words within the text. | intext:password file |
intitle: | Finds pages with specific words in the title. | intitle:index of |
inurl: | Searches for URLs containing specific words or parameters. | inurl:admin.php |
link: | Identifies pages that link to a specific URL. | link:example.com |
location: | Get information about a location. | location:London library |
map: | Displays maps related to the query. | map:new york city |
movie: | Provides info about a movie with the given title | movie:”Indiana Jones and the Temple of Doom” |
phonebook: | Finds phone numbers listed online. | phonebook:john doe new york |
related: | Locates pages associated with a specific URL. | related:example.com |
site: | Restricts results to a specific site or domain. | site:example.com login |
source: | Returns reports from a news source. | source:bloomberg |
stocks: | Checks the status of a particular stock | stocks:META |
weather: | View the weather of a given location | weather:new york |
Below is a deeper dive into the commands from the list.
The “allintitle:” command allows you to find web pages containing all the words you specify in the page’s title. This is particularly useful when looking for specific types of pages, such as login portals or administrative interfaces. For example, searching for allintitle:admin login will return pages where both “admin” and “login” appear in the title, which can help identify potentially unsecured admin portals.
The “allinurl:” command searches for web pages with specific words within the URL. This is useful when trying to locate pages with certain parameters or files in their URL. For instance, “allinurl:index.php?id=” is often a vulnerable URL structure found in websites that use SQL databases. It can help you find pages that may be susceptible to SQL injection attacks.
The “cache:” command shows Google’s cached version of a page. This is handy when a site is down or when you want to view an older version of a page. Inputting “cache:example.com” will display the last cached version of the site “example.com.” This can be used to recover information that was removed or changed on a live site.
Using the “define:” command, you can quickly find definitions of words or phrases without visiting a dictionary website. For example, typing “define:Google Dorking” into the search bar will bring up a concise definition of the term.
The “ext:” command focuses on finding files with specific extensions, such as PDFs, Excel spreadsheets, or Word documents. This is helpful when searching for particular documents. For instance, using “ext:pdf financial report” would yield PDF documents that contain financial reports.
Similar to “ext:”, the “filetype:” command is used to locate files of a specific type, but it also allows for more specific searches. For example, “filetype:xls budget” would return Excel spreadsheets with the word “budget” in the name.
The “info:” command provides detailed information about a particular website, such as its cache, similar pages, or linked pages. For instance, “info:example.com” will display various pieces of information Google has collected about the site.
The “intext:” command allows you to search for specific words or phrases within the body text of web pages. For example, “intext:password” will return pages that contain the word “password” in the text, potentially revealing documents or pages that contain sensitive information.
By using “intitle:”, you can search for pages where specific words appear in the title. This is similar to “allintitle:” but instead of requiring all words to appear in the title, “intitle:” only requires one. For instance, the command “intitle:index of” will return pages that include the phrase “index of” in the title, which can often reveal directories of files available on the web.
The “inurl:” command searches for specific words within a URL. This is useful for finding login pages, administrative panels, or vulnerable scripts. For example, “inurl:admin.php” will return URLs containing “admin.php”, helping you identify unsecured admin interfaces.
With the “link:” command, you can find web pages that link to a specific URL. For instance, “link:example.com” will show all the pages that link to “example.com”.
The “location:” command allows you to refine your search results based on a specific geographical location. By using this command, you can target search results relevant to a particular place, which helps find local businesses, news, or services. As a result, the command “location:new york restaurants” will return search results related to restaurants specifically in New York.
The “map:” command helps you find maps related to your search query. For example, typing “map:new york city” will show you various maps of New York City.
The “movie:” query helps users search for movies and related information. For instance, “movie:” followed by the name of a movie and Google will return details about it. For instance, “movie:Inception” will bring up relevant details about the film Inception.
The “phonebook:” command, though not widely used today, can be employed to find phone numbers listed online. For example, “phonebook:john doe new york” will search for phone listings associated with John Doe in New York.
The “related:” command identifies websites similar to a specified URL. For instance, typing “related:example.com” will show sites related to “example.com”.
The “site:” command restricts search results to a specific website or domain. For example, “site:example.com login” will return all the pages from “example.com” that are related to logins.
The “source:” command helps you search for news articles from specific sources. For example, “source:” followed by the name of a news outlet, you can find articles exclusively from that publication. For example, “source:Bloomberg technology” will show all technology-related news articles from Bloomberg.
The “stocks:” command allows you to retrieve stock market information about specific companies. For instance, “stocks:AAPL” will bring up the latest information on Apple Inc.’s stock performance.
The “weather:” command provides real-time weather information for a specified location. For example, “weather:London”, you can get the current temperature, humidity, wind speed, and forecast for London.
While Google dorking can be a powerful tool, it also comes with risks, especially when misused. Overusing Google dorking can lead to Google limiting your search rate from the current device. If it’s not a device you use often, you might not even notice this.
What you should be more concerned about is IP blocking. It’s a common consequence of aggressive or suspicious dorking activities, where websites or even Google itself might block your IP for appearing to scrape data or conduct automated searches.
Last but not least, using Google dorks to access or retrieve sensitive data can also have legal consequences. It’s important to stay ethical and respect privacy laws when using these techniques.
You could be the target of Google dorking without even realizing it. Furthermore, hackers or malicious actors may use dorks to find vulnerabilities in your site or extract sensitive data. To bolster your defenses, you can follow these steps:
Google dorking is an advanced search technique that can uncover a wealth of information, but it also comes with ethical and security risks. With dorking commands, users can improve searches, website performance, and more. Despite that, it’s crucial to stay aware of the potential risks and take steps to protect your data from malicious parties.