1.0 What is a Google Dork?

1.1 Google Dorks Can Be Used For Evil

1.2 What is Google Cache?

1.3 How Do Google Dorks Find exposed data on my site if they don’t know about my site?

What is a Google Dork?

Google dorks isn’t hacking, it is a way to refine a google search so you only see what you’re looking for using features by Google, let’s give you an example. Say you want to know about the story man in the moon, but don’t want to get the results for man on the moon. Then you would simply write your search as intext:”man in the moon” -intext:”man on the moon” – intext:”men on the moon” . I know some could say you can simplify that search by removing the intext, but what you’re looking for is in text, so that google search parameter, also known as a google dork is best in this situation.

Google Dorks Can Be Used For Evil!

Google dorks can be used for evil, which is why you need to protect your customers data. We’ve heard all sorts of reasons why companies won’t secure areas “there is no link to that section” “no one will look for that on our site”, but none of those things matter or are true. Google can find links that aren’t linked to, if it is searching a site granted it is harder, but they still succeed to do so.

This can expose your customers information, like say your customer has a bunch of sql files where all their customers data is exposed, do you think that will show up in search? Odds are if you know what to type in it will appear, which can expose your customers data, but not everyone using this ability is using it for evil, some of us are trying to use it to inform companies about the issue.

Let’s say a site has no search bar, go to Google and type in site:example.com “example” this would bring up a page on example.com with the words example. You can search by site:.gov even by file type using the Google dork filetype: . I don’t have to give your imagination much to work with, because filetype, you’re usually able to obtain some, if not all of the sites data, though it is a lot better than it was in 2012.

What is Google Cache?

While we don’t want to dive in to great specifics, even Google themselves published the most useful dork of them all cache: now, what is cache? Google cache is a saved copy of what is on that site, so if you don’t want to visit that site going to cache is great, however depending on what you are doing you may want to alter the google cache link to tell them not to turn on javascript as that may possibly still be able to phone home, even though you’re visiting it on google server.

How Do Google Dorks Find Vulnerable info on my site if you don’t know about my site?

This is a pretty logical question that people think is fact “If you don’t know about my site, you can’t find the exposed info on my site, I am a small company”, unfortunately that logic is flawed. As shown above in our man in the moon search, we didn’t specify a site, we simply searched google and filtered out man on the moon results. We also discussed other things like being able to search by .com, .gov, etc. using site and of course you can use filetype: to look up any filetype you want. So, you don’t need to specify a site to find out what is on that site, which makes protecting your customers data even more important.

We are great at this and if you need any help, feel free to contact us or hire us to help secure your site for you.

2 Responses

Leave a Reply

Your email address will not be published. Required fields are marked *