What are Google Dorks? (Examples Included!)
Google hacking (also known as Google dorking or SQL dorking) is a technique whereby coders and pen testers find vulnerabilities and sensitive information using Google searches. This sometimes works with other search engines as well, like DuckDuckGo, Bing, and Startpage, although given that Google is the most popular search engine in the world, it tends to find the most results.
Though dorking is not a new concept (it dates back to 2002 when a hacker by the name of Johnny Long began collecting the results of Google searches that revealed system vulnerabilities), it is still relevant today.
These results of these dorks can include such things as usernames, passwords, IP camera login details, and vulnerable files. Part of what is so fascinating about these dorks is that they do not require sophisticated software or hardware; the information is just sitting out on the web publicly.
One example of a Google dork is the following: +”:8080”;+”:3128”;+”:80” filetype:txt – This searches for lists of proxy servers using the ports 8080, 3128, and 80, some of which are good for anonymity. The results show up as text files, as indicated in the search terms.
Other dorks include such searches as:
- intitle:"webcam" "login" - finds login portals for webcams
intitle: "index of ftp passwords" - finds passwords for FTP servers
site:".edu" intitle:"admin login" - finds .edu sites, some of which contain admin login portals
intitle:index.of inurl:grades site:edu - finds school databases with students' names and grades
Granted, not all of these dorks return useful results at times. The vulnerabilities that they point to may have been patched, but if you search long enough, it is likely that you will find something. Even the searches that seem mundane, such as the login portals, often have vulnerabilities. In some cases, all it took to log into these sites was the username “admin” and the password “admin” as well!
If you are interested, a more extensive list of these dorks can be found at Exploit Database: Google Hacking Database. This database is continually updated by pen testers, so you can check back frequently to find new ones.
Even without finding something interesting in the database itself, you can play around with potential dorks to see what might be sitting out on the web. For instance, try variations on “site:https://docs.google.com/" with different words at the end of the URL, such as “password,” “username,” or “passport number.” It is surprising how much of this sensitive information is publicly available for anyone to see. The reason for it being there, however, is probably that whoever added the info to a database in the first place was unaware that it could be seen by anyone merely doing a Google search.
For example, one of the results that came up when dorking docs.google.com was a list of default usernames and passwords on Wi-Fi routers. Were someone able to get to the login portals for these routers, they could essentially log in as an administrator.
The internet of things (IoT) search engine Shodan was designed for searches like this, and sometimes finds similar vulnerabilities. One search that works on Shodan is “has_screenshot:true,” which frequently shows screenshots from vulnerable IP cameras or Windows computers that use Remote Desktop Protocol. The latter provides a GUI for users to connect remotely to another computer over a network connection, but has the unfortunate drawback of creating an exploitable security vulnerability.
Try fooling around with some of these yourself and see what results come up. The information you find is sometimes unnerving, or even frightening, particularly if it's your own!