From 467ab7f9bca096edcbccfbdfd51a57580ff9ae6d Mon Sep 17 00:00:00 2001 From: medusa Date: Mon, 1 Jul 2024 05:47:59 +0000 Subject: [PATCH] Add tech_docs/google_dorking.md --- tech_docs/google_dorking.md | 101 ++++++++++++++++++++++++++++++++++++ 1 file changed, 101 insertions(+) create mode 100644 tech_docs/google_dorking.md diff --git a/tech_docs/google_dorking.md b/tech_docs/google_dorking.md new file mode 100644 index 0000000..0e861be --- /dev/null +++ b/tech_docs/google_dorking.md @@ -0,0 +1,101 @@ +Search Engine Dorking, also known as Google Dorking, involves using advanced search operators to uncover information that is not easily accessible through standard search queries. Here’s a detailed guide to leveraging these operators for expert-level OSINT: + +### Key Search Operators + +1. **`site:`** + - Limits search results to a specific site or domain. + - Example: `site:example.com` - Searches only within example.com. + - Use Case: Finding all indexed pages of a specific website, identifying potential information leaks. + +2. **`filetype:`** + - Searches for specific file types. + - Example: `filetype:pdf` - Finds PDF files. + - Use Case: Locating publicly available documents like PDFs, DOCs, and XLSs that might contain valuable information. + +3. **`intitle:`** + - Searches for pages with specific words in the title. + - Example: `intitle:admin` - Finds pages with "admin" in the title. + - Use Case: Identifying administration portals or login pages. + +4. **`inurl:`** + - Searches for URLs containing specific words. + - Example: `inurl:login` - Finds pages with "login" in the URL. + - Use Case: Finding login pages, admin panels, or specific sections of a website. + +5. **`allintext:`** + - Searches for pages containing specific words in the body text. + - Example: `allintext:username password` - Finds pages containing both "username" and "password". + - Use Case: Locating pages that might have sensitive information like configuration files or credentials. + +6. **`cache:`** + - Views Google's cached version of a webpage. + - Example: `cache:example.com` - Displays the cached page of example.com. + - Use Case: Accessing content that might have been removed or modified on the live site. + +7. **`link:`** + - Finds pages that link to a specific URL. + - Example: `link:example.com` - Lists all pages linking to example.com. + - Use Case: Understanding the backlink profile of a website. + +8. **`related:`** + - Finds sites similar to a specified URL. + - Example: `related:example.com` - Lists sites related to example.com. + - Use Case: Identifying competitors or similar resources. + +9. **`" " (Quotation Marks)`** + - Searches for an exact phrase. + - Example: `"admin login"` - Finds pages with the exact phrase "admin login". + - Use Case: Finding specific terms or phrases, reducing irrelevant results. + +10. **`- (Minus Sign)`** + - Excludes specific words or sites from search results. + - Example: `site:example.com -inurl:blog` - Searches within example.com but excludes results from the blog section. + - Use Case: Filtering out unwanted results, focusing on more relevant data. + +### Combining Operators for Advanced Searches + +1. **Finding Specific File Types on a Specific Site** + - `site:example.com filetype:pdf` + - Example: Searches for PDF files on example.com. + +2. **Locating Login Pages** + - `inurl:login | intitle:login` + - Example: Finds pages that have "login" in the URL or title. + +3. **Uncovering Sensitive Information** + - `site:example.com intext:"confidential"` + - Example: Searches for pages containing the word "confidential" on example.com. + +4. **Discovering Exposed Directories** + - `intitle:"index of" "parent directory"` + - Example: Finds directory listings that might be exposed. + +5. **Identifying Vulnerable Files** + - `filetype:sql "password"` + - Example: Finds SQL files that contain the word "password". + +### Practical Applications + +1. **Security Audits** + - Use dorking to identify exposed sensitive information and vulnerabilities in a website’s configuration or content. + +2. **Competitive Intelligence** + - Analyze competitor websites for publicly available documents, press releases, or hidden pages. + +3. **Data Gathering** + - Collect publicly available information for research purposes, ensuring compliance with legal and ethical standards. + +### Best Practices + +- **Ethical Considerations**: Always ensure that your dorking activities do not violate laws or ethical guidelines. +- **Regular Updates**: Stay updated with the latest changes in search engine algorithms and available operators. +- **Use Tools**: Leverage tools like Google Dorks Database for pre-compiled dorks and Automate searches using scripts where permissible. +- **Analyze Metadata**: Pay attention to metadata in found documents for additional insights. + +### Tools to Enhance Search Engine Dorking + +1. **Google Dorks Database**: A repository of known Google dorks for various use cases. +2. **Automated Scripts**: Python or Bash scripts to automate and repeat complex queries. +3. **Browser Extensions**: Tools like DorkMe for quick access to common dorks. + +By mastering these operators and techniques, you can uncover a wealth of hidden information on the internet while adhering to responsible and ethical practices. \ No newline at end of file