🔍

Google Dorking for Ethical Hackers

Sep 19, 2024

Google Dorking Training Notes

Introduction

  • Course focused on Google Dorking for ethical hackers.
  • Suitable for beginners; training video should be watched at 1.3x to 1.5x speed due to possible slower speech.
  • Training is purely for educational purposes, not for exploitation.

What is Google Dorking?

  • Google Dorking is an advanced search technique.
  • It involves filtering search results to find specific information or vulnerabilities.

Basic Operators

Example: Filtering Website Results

  • Searching for a specific domain can be done using operators.
    • Example: tesla.com will show results related to Tesla.
    • To filter only websites: tesla site:tesla.com
    • To exclude subdomains (like www): -www

Identifying Subdomains

  • Subdomains are parts of the main domain (e.g., www is a subdomain of tesla.com).
  • You can search for subdomains using:
    • site:tesla.com -www

Advanced Operators

InTitle Operator

  • Used to find pages with specific keywords in the title.
  • Syntax: intitle:keyword
    • Example: To find login pages: intitle:login site:tesla.com

File Type Operator

  • Use to find specific file types on a site.
    • Example: site:tesla.com filetype:pdf to find PDFs.

Link Operator

  • To find links pointing to a specific site:
    • Example: link:tesla.com

Practical Examples

Finding Vulnerable Servers

  • To find login pages, combine operators:
    • Example: intitle:login site:.uk
    • To find directory listings, use index of:
      • Example: inurl:index of site:.uk

Identifying Exposed Git Repositories

  • To find exposed git repositories:
    • Example search: intitle:index of inurl:.git

Finding Default Web Pages

  • Targeting web servers with default pages:
    • Example: intitle:"welcome to IIS" for IIS servers.

Ethical Considerations

  • Reminder to use skills for educational purposes and not for illegal activities.
  • Stress on understanding vulnerabilities for learning, not exploitation.

Conclusion

  • The course will include various practical aspects of Google Dorking.
  • Continuous learning and practice are encouraged to master the techniques.
  • Next topics will include more advanced operators and techniques for identifying vulnerabilities.

Full transcript