If you have not read that article, it is availablehere.
But advanced users use a method called Google Dorking to glean hidden information from Google.
In this article, we will explain what is Google Dorking.
What is Google Dorking?
Google Dorking is nothing but using advanced search syntax to find vulnerable websites or IoT devices.
This can be accomplished by using the advanced operator features of Google.
The basic syntax for using the advanced operator in Google is as follows.
Using such a query in Google is called Dorking and the strings are called Google Dorks a.k.a Google hacks.
He labeled them Google dorks.
Complex Google Dorking is used by hackers for finding vulnerable targets.
It can also be used to find vulnerabilities in millions of Internet of Things devices connected to the Internet.
Dorking can also be used to glean passwords and usernames.
This can also be used in user profiling which seems to be in demand in the underground market.
The above queries where just simple dorks which gave out sensitive information.
Another dork can be used to glean emails ids from Google.
Dork: intext:@gmail.com filetype:xls
Similarly we can use Google for site crawling/connection mapping.
We use few other keywords to achieve this feat.
What is so special about site crawling/online grid mapping i.e.
enumerating domain and hostnames?
Well, all this is done without any probing at the target.
The possibilities for automation and connection mapping using Google are infinite.
Dork: inurl:8443 -intext:8443
This dork lists all the sites running on port 8443.
An automated scan on important ports can give interesting results.
source: www.techworm.net
