Add tech_docs/google_dorking.md
This commit is contained in:
101
tech_docs/google_dorking.md
Normal file
101
tech_docs/google_dorking.md
Normal file
@@ -0,0 +1,101 @@
|
||||
Search Engine Dorking, also known as Google Dorking, involves using advanced search operators to uncover information that is not easily accessible through standard search queries. Here’s a detailed guide to leveraging these operators for expert-level OSINT:
|
||||
|
||||
### Key Search Operators
|
||||
|
||||
1. **`site:`**
|
||||
- Limits search results to a specific site or domain.
|
||||
- Example: `site:example.com` - Searches only within example.com.
|
||||
- Use Case: Finding all indexed pages of a specific website, identifying potential information leaks.
|
||||
|
||||
2. **`filetype:`**
|
||||
- Searches for specific file types.
|
||||
- Example: `filetype:pdf` - Finds PDF files.
|
||||
- Use Case: Locating publicly available documents like PDFs, DOCs, and XLSs that might contain valuable information.
|
||||
|
||||
3. **`intitle:`**
|
||||
- Searches for pages with specific words in the title.
|
||||
- Example: `intitle:admin` - Finds pages with "admin" in the title.
|
||||
- Use Case: Identifying administration portals or login pages.
|
||||
|
||||
4. **`inurl:`**
|
||||
- Searches for URLs containing specific words.
|
||||
- Example: `inurl:login` - Finds pages with "login" in the URL.
|
||||
- Use Case: Finding login pages, admin panels, or specific sections of a website.
|
||||
|
||||
5. **`allintext:`**
|
||||
- Searches for pages containing specific words in the body text.
|
||||
- Example: `allintext:username password` - Finds pages containing both "username" and "password".
|
||||
- Use Case: Locating pages that might have sensitive information like configuration files or credentials.
|
||||
|
||||
6. **`cache:`**
|
||||
- Views Google's cached version of a webpage.
|
||||
- Example: `cache:example.com` - Displays the cached page of example.com.
|
||||
- Use Case: Accessing content that might have been removed or modified on the live site.
|
||||
|
||||
7. **`link:`**
|
||||
- Finds pages that link to a specific URL.
|
||||
- Example: `link:example.com` - Lists all pages linking to example.com.
|
||||
- Use Case: Understanding the backlink profile of a website.
|
||||
|
||||
8. **`related:`**
|
||||
- Finds sites similar to a specified URL.
|
||||
- Example: `related:example.com` - Lists sites related to example.com.
|
||||
- Use Case: Identifying competitors or similar resources.
|
||||
|
||||
9. **`" " (Quotation Marks)`**
|
||||
- Searches for an exact phrase.
|
||||
- Example: `"admin login"` - Finds pages with the exact phrase "admin login".
|
||||
- Use Case: Finding specific terms or phrases, reducing irrelevant results.
|
||||
|
||||
10. **`- (Minus Sign)`**
|
||||
- Excludes specific words or sites from search results.
|
||||
- Example: `site:example.com -inurl:blog` - Searches within example.com but excludes results from the blog section.
|
||||
- Use Case: Filtering out unwanted results, focusing on more relevant data.
|
||||
|
||||
### Combining Operators for Advanced Searches
|
||||
|
||||
1. **Finding Specific File Types on a Specific Site**
|
||||
- `site:example.com filetype:pdf`
|
||||
- Example: Searches for PDF files on example.com.
|
||||
|
||||
2. **Locating Login Pages**
|
||||
- `inurl:login | intitle:login`
|
||||
- Example: Finds pages that have "login" in the URL or title.
|
||||
|
||||
3. **Uncovering Sensitive Information**
|
||||
- `site:example.com intext:"confidential"`
|
||||
- Example: Searches for pages containing the word "confidential" on example.com.
|
||||
|
||||
4. **Discovering Exposed Directories**
|
||||
- `intitle:"index of" "parent directory"`
|
||||
- Example: Finds directory listings that might be exposed.
|
||||
|
||||
5. **Identifying Vulnerable Files**
|
||||
- `filetype:sql "password"`
|
||||
- Example: Finds SQL files that contain the word "password".
|
||||
|
||||
### Practical Applications
|
||||
|
||||
1. **Security Audits**
|
||||
- Use dorking to identify exposed sensitive information and vulnerabilities in a website’s configuration or content.
|
||||
|
||||
2. **Competitive Intelligence**
|
||||
- Analyze competitor websites for publicly available documents, press releases, or hidden pages.
|
||||
|
||||
3. **Data Gathering**
|
||||
- Collect publicly available information for research purposes, ensuring compliance with legal and ethical standards.
|
||||
|
||||
### Best Practices
|
||||
|
||||
- **Ethical Considerations**: Always ensure that your dorking activities do not violate laws or ethical guidelines.
|
||||
- **Regular Updates**: Stay updated with the latest changes in search engine algorithms and available operators.
|
||||
- **Use Tools**: Leverage tools like Google Dorks Database for pre-compiled dorks and Automate searches using scripts where permissible.
|
||||
- **Analyze Metadata**: Pay attention to metadata in found documents for additional insights.
|
||||
|
||||
### Tools to Enhance Search Engine Dorking
|
||||
|
||||
1. **Google Dorks Database**: A repository of known Google dorks for various use cases.
|
||||
2. **Automated Scripts**: Python or Bash scripts to automate and repeat complex queries.
|
||||
3. **Browser Extensions**: Tools like DorkMe for quick access to common dorks.
|
||||
|
||||
By mastering these operators and techniques, you can uncover a wealth of hidden information on the internet while adhering to responsible and ethical practices.
|
||||
Reference in New Issue
Block a user