Google is a nasty search engine which just can’t stay away from its habit of crawling websites. After all, Google works like this. It crawls websites and when people enter related search queries, it shows their result in its search results page. Google uses Google bot (also called “spiders”) to crawl webpages. Until or unless specified to NOT crawl, Google bot crawls every webpage.
Webmasters who don’t want Google to crawl some of the webpages or directories can specify it either through their website’s robots.txt or putting noindex meta tag in required webpages but if it’s not done quickly after launch of the website, Google will index those pages or directories which might can leak your sensitive data.
Though rare but these mistakes happen and when exploited, used by hackers very efficiently to hack a website because all he needs then is to type a smart Google search query and BOOM!
If you are new to hacking, you will hardly have a chance to find such lame exploits but you can be lucky in finding websites vulnerabilities using Google Dorks.
What is Google Dork?
Techtarget says “A Google dork is an employee who unknowingly exposes sensitive corporate information on the Internet. The word dork is slang for a slow-witted or in-ept person.
Google dorks put corporate information at risk because they unwittingly create back doors that allow an attacker to enter a network without permission and/or gain access to unauthorized information. To locate sensitive information, attackers use advanced search strings called Google dork queries.”
Basically, it is a complex Google search string created using combination of advanced google search operators like site:, filetype:, inurl:, intitle:, intext:, etc. and possible vulnerable terms which when entered in Google search bar may list the sites with those vulnerabilities.
Doing Google Dorks queries, we put Google itself as a tool to find vulnerabilities, sensitive information of websites from what we call Google Hacking Database (GHDB).
Types of Vulnerabilities Google Dorks Can Reveal
Don’t underestimate the power of Google search. It has most powerful web crawlers in the world, it provides lots of smart search operators and options to filter out only needed information. That’s what make Google Dorks powerful. If used correctly, it can help in finding :-
- Footholds -Queries that can help a hacker gain a foothold into a web server
- Web Server Detection – These links demonstrate Google’s awesome ability to profile web servers.
- Files containing usernames – These files contain usernames, but no passwords… Still, google finding usernames on a web site.
- Sensitive Directories – Google’s collection of web sites sharing sensitive directories. The files contained in here will vary from sensitive to uber-secret!
- Vulnerable Files – HUNDREDS of vulnerable files that Google can find on websites
- Files containing passwords – PASSWORDS, for the LOVE OF GOD!!! Google found PASSWORDS!
- Vulnerable Servers – These searches reveal servers with specific vulnerabilities. These are found in a different way than the searches found in the “Vulnerable Files” section.
- Sensitive Online Shopping Info – Examples of queries that can reveal online shopping info like customer data, suppliers, orders, credit card numbers, credit card info, etc.
- Error Messages – Really retarded error messages that say WAY too much!
- Files containing juicy info – No usernames or passwords, but interesting stuff none the less.
- Network or vulnerability data – These pages contain such things as firewall logs, honeypot logs, network information, IDS logs… all sorts of fun stuff!
- Pages containing login portals – These are login pages for various services. Consider them the front door of a website’s more sensitive functions.
- Various Online Devices – This category contains things like printers, video cameras, and all sorts of cool things found on the web with Google.
- Advisories and Vulnerabilities – These searches locate vulnerable servers. These searches are often generated from various security advisory posts, and in many cases are product or version-specific.
HUGE List of 4500+ Google Dorks Ultimate Search Queries
So, here I am sharing the list of 4500+ Google Dorks you can use for hacking purposes – finding vulnerabilities, sensitive information in websites or servers.
The above textbox contains only 300 Google Dorks. Use this link to download all 4500+ Google Dorks List:- Download Huge Google Dorks List in .TXT file here
A Step Ahead?
If you’re being specific to hack a website and find its usernames and password, these google queries will help you in finding the hidden login page of target websites:
Download Admin URLs List in .TXT file here
To use them, put queries in this syntax:
Replace ‘targetwebsite.com’ from your target website and ‘admindork’ with Google dork from the list.
The list is growing, New Google Dorks are being find and added to the list. To keep yourself updated with latest Google Dorks, we recommend you to stay tuned with Exploit-DB.com Google Hacking Database Webpage where new Google Dorks are being added with proper detail, examples and timestamp.
Even you can also find out new Google Dorks which aren’t yet discovered. So, if you find out something new, don’t forget to share it with fellow hackers online.
Comment below which Google Dorks helped you most in finding vulnerabilities!