Dark Arts
  • index
  • BUY ME A BOOK
  • 🪄Dark Magic
    • Pentesting
      • Industry Methodologies
    • Scopes of Testing
    • Reconnaissance
      • Passive
        • WHOIS
        • DNS
          • nslookup
          • dig
        • WAF
        • Subdomain
        • Google Dork
        • Misc. Techniques
        • Leaked Passwords
      • Active
        • Browser & Plugins
        • ping & traceroute
        • fping
        • telnet & netcat
        • DNS
          • Zone Transfer
          • DNS Amplification DDoS Attack Breakdown
        • Misc. Techniques
    • Vulnerability Assessment
    • Attack Types
  • 🕷️Aragoogs Nest
    • Web Application Overview & Security
      • Security Testing
      • Common Threats & Risks
    • Web Application Architecture
      • Technologies
    • HTTP/S
      • Message
      • Request
      • Response
        • Status Code
    • Crawling/Spidering
  • 🧪Potions
    • Web Browsers
    • Computer Networking
      • Network Protocol
      • Packets
      • OSI Layer
        • Layer 3: Network
        • Layer 4: Transport
      • DNS
        • Primary-Secondary
        • Local Name Resolution
        • Domain Hierarchy
        • FQDN
        • Lookups
        • DNS Resolution
        • DNS Records
        • Security: Attack-Defense (Default)
  • 🎆Spells
    • 📜Linux Scroll
    • 📜WebShell Scroll
    • git
      • Attacks + Vulnerabilities
  • 🖼️Flaws w/ Magical Frameworks
    • Windows
      • In a Nutshell
      • CVE-2019-0708: BlueKeep
      • CVE-2017-0144: EternalBlue: MS17-010
      • Attacking Services
        • MS IIS - WebDAV
        • SMB
        • HTTP File Server (HFS)
        • Apache Tomcat Web Server
        • RDP
        • WinRM
      • File System Vulnerabilities
      • Credential Dumping
        • Password Search in Windows Configuration Files
        • Mimikatz
        • Pass-the-Hash Attack
    • Linux
      • In a Nutshell
      • CVE-2014-6271: Shellshock
      • Attacking Services
        • FTP
        • SSH
        • SAMBA
        • SMTP
        • RSYNC
      • Dumping Hashes
  • 🌼Marauder's Boost
    • Privilege Escalation
    • Windows PrivEsc
      • Windows Kernel Exploit
      • Bypassing UAC
      • Access Token Impersonation
    • Linux PrivEsc
      • Linux Kernel Exploit
      • Misconfigured Cron Jobs
      • Exploiting SUID Binaries
      • shells
      • File Permissions
  • ☠️Death Eaters
    • Post Exploitation
      • Windows
      • Linux
  • 🪄OLLIVANDERS
    • nmap
      • Host Discovery
      • Port Scan
      • Service & OS
      • NSE
      • Firewall/IDS Evasion
      • Scan Optimization
      • Misc. Methods
    • ffuf
    • Hydra
    • Metasploit Framework
      • Architecture
      • Must to Know
      • msfvenom
      • Auxiliary Modules
      • Service Enumeration
      • Vulnerability Scanning
      • Imports
      • Automating
    • Vulnerability Scanners
    • Wireshark
  • 🚂Platform 9(3/4)
    • Auth-Auth
      • Authentication
        • Password-based Authentication
        • Basic Authentication
        • Multi-factor Authentication
        • Access Token
        • Token-based Authentication
          • JWT
          • OAuth 2.0
    • Secure Headers
      • Content-Security-Policy (CSP)
    • Cryptography
      • Caesar Cipher
  • ⛲Port Pensieve
    • Enumeration
      • SMB & NetBIOS
      • SNMP
    • Wordlists
  • 🔆DUELS
    • Pivoting
    • SMB Relay Attack
  • 🗺️Marauder's Map
    • Web Application Pentesting
    • API Pentesting
      • GraphQL
        • Primer
    • Mobile Application Pentesting
  • 🎧SIDE CHANNEL
    • Side Channel Analysis
    • Timing Side-Channel Attacks
      • Vulnerable Login
  • 🥃Sky
    • Cloud Basics
    • Cloud Management
      • Shared Responsibility Model
    • Using Cloud Resources
      • Monitoring & Alerts
      • Identity & Access Management
      • Scalability & Availability
      • Solution Design
    • Cloud Providers
    • Cloud Security & Regulatory Compliance
      • Resource Protection
      • ICCA: Cloud Security & Regulatory Compliance
    • ICCA Preparation
      • Knowledge Tests
      • Lab
  • 🔷Obsidian
    • Pentest Engagement
      • Scoping
    • Pentest Ethics
      • Rules of Engagement
    • Auditing Fundamentals
      • Process/Lifecycle
      • Pentest & Security Auditing
      • GRC
      • Standards, Frameworks & Guidelines
      • From Audit to Pentest
  • 💢Threat Modeling
    • Why Threat Model?
  • 📡THREAT INTEL
    • Threat Intelligence
    • Tool Dump
  • 📱Anything-Mobile-IoT
    • Firmware
    • Firmware Analysis
      • Example: CVE-2016-1555
    • Firmware Installation/Flashing
  • 🎉Mischeif
    • Social Engineering
    • Phishing
      • GoPhish
    • Pretexting
Powered by GitBook
On this page
  • What is a Search Engine?
  • How Search Engines Work?
  • How Crawlers Work?
  • Google Dorking
  • Full List of Google Dorks
  • Misc. Techniques
  • Cached or Archived Website
  • Google Hacking Database (GHDB)
  1. Dark Magic
  2. Reconnaissance
  3. Passive

Google Dork

PreviousSubdomainNextMisc. Techniques

Last updated 9 months ago

What is a Search Engine?

A search engine is a software system designed to help users find information on the internet. It indexes websites, analyzes their content, and returns relevant results in response to user queries. Popular examples include Google, Bing, and Yahoo.

How Search Engines Work?

  • Crawling: Search engines use automated programs called crawlers (or bots/spiders) to explore the web by visiting websites and following links.

  • Indexing: Once a crawler visits a page, it gathers information and stores it in a massive database called the index. The index contains text, keywords, metadata, and other content.

  • Ranking: When a user searches, the search engine retrieves relevant information from the index, ranks it using algorithms, and presents the most relevant results.

How Crawlers Work?

Crawlers systematically browse the web by following links from page to page. They analyze the content, metadata, and structure of the sites they visit and send this data back to the search engine's index. Crawlers regularly revisit websites to keep the index up to date with new content or changes.

Google Dorking

Google Dorking (or Google hacking) is a technique that uses advanced search operators in Google to find specific information or vulnerabilities that aren’t easily visible. By crafting targeted queries, users can discover sensitive data, like login pages, exposed directories, or misconfigured systems.

Example search query: site:example.com filetype:pdf "confidential"

This query searches for PDF files containing the word "confidential" on a specific domain.

Full List of Google Dorks

Misc. Techniques

  • Limit search results to a particular domain: Use site:[domain] to target a specific website and even enumerate subdomains.

  • Search website titles: With intitle:[keyword], you can filter pages by their titles for more relevant data.

  • intitle: targets the page title; inurl: targets the URL.; The difference between intitle and inurl: While intitle focuses on the webpage title, inurl narrows down results based on keywords in the URL itself.

  • Search by file type: Looking for specific document types? Try filetype:[type], like PDFs, DOCs, or even configuration files.

Cached or Archived Website

Use cache:[website] to view Google’s cached version of a site, or check historical snapshots on the Wayback Machine.

Google Hacking Database (GHDB)

The GHDB is an incredible resource for finding vulnerabilities using Google searches. It’s a goldmine for anyone looking to enhance their OSINT skills.

Subdomain enumeration: Use site:*. to uncover subdomains of a target. Tools like Sublist3r utilize this method for passive recon.

🪄
web.com
Google hackingWikipedia
Google Dorks List and Updated Database in 2022 - Box Piperboxpiperapp
Logo
Wayback Machine
OffSec’s Exploit Database Archive
Logo
Logo