What is a Google Dork?
Google dorks isn’t hacking, it is a way to refine a google search so you only see what you’re looking for using features by Google, let’s give you an example. Say you want to know about the story man in the moon, but don’t want to get the results for man on the moon. Then you would simply write your search as intext:”man in the moon” -intext:”man on the moon” – intext:”men on the moon” . I know some could say you can simplify that search by removing the intext, but what you’re looking for is in text, so that google search parameter, also known as a google dork is best in this situation.
Google Dorks Can Be Used For Evil!
Google dorks can be used for evil, which is why you need to protect your customers data. We’ve heard all sorts of reasons why companies won’t secure areas “there is no link to that section” “no one will look for that on our site”, but none of those things matter or are true. Google can find links that aren’t linked to, if it is searching a site granted it is harder, but they still succeed to do so.
This can expose your customers information, like say your customer has a bunch of sql files where all their customers data is exposed, do you think that will show up in search? Odds are if you know what to type in it will appear, which can expose your customers data, but not everyone using this ability is using it for evil, some of us are trying to use it to inform companies about the issue.
Let’s say a site has no search bar, go to Google and type in site:example.com “example” this would bring up a page on example.com with the words example. You can search by site:.gov even by file type using the Google dork filetype: . I don’t have to give your imagination much to work with, because filetype, you’re usually able to obtain some, if not all of the sites data, though it is a lot better than it was in 2012.
What is Google Cache?
How Do Google Dorks Find Vulnerable info on my site if you don’t know about my site?
This is a pretty logical question that people think is fact “If you don’t know about my site, you can’t find the exposed info on my site, I am a small company”, unfortunately that logic is flawed. As shown above in our man in the moon search, we didn’t specify a site, we simply searched google and filtered out man on the moon results. We also discussed other things like being able to search by .com, .gov, etc. using site and of course you can use filetype: to look up any filetype you want. So, you don’t need to specify a site to find out what is on that site, which makes protecting your customers data even more important.