Dorks

"Dorking" is a technique used by hackers that utilizes search engines to discover vulnerable applications or harvest data. Depending on the search engine, certain techniques and queries are utilized.


Google Dorks

Google hacking, or "Google Dorks," is the most well-known type of dorking. It invovles using advanced operators in queries to achieve specific results.


Google Dorking Basics

filetype:php 

Locates files with filetype "php"


inurl:admin

Locates urls that contain "admin"


intitle:apple

Locates all pages with title containing "apple"


site:postman.com

Only searches within indexed pages of postman.com


Google Dorks Examples

Note: I am not responsibile for the chaos you spew onto the earth with this information. This is purely for educational purposes :D


inurl:"ViewerFrame?Mode="

This will find public webcams.


db_password filetype:env

.env files define environment variables. These files aren't meant to be public, and here we're taking advantage of that by searching public indexed .env files passwords.


intitle:"index of" "contacts.txt"

"index of" in a page's title indicates a directory. Here, we're searching for "contacts.txt" within those public directories.


intitle:HP LASERJET PRO MFP inurl:/SSI/index.htm

This searches for indexed pages that manage HP's laserjet pro printers. If you're feeling particularly brave, their the default user/password is "admin" & "password" ;)


Shodan

While google is a general search engine, Shodan is a search engine explicitly for internet-connected devices. Shodan makes dorking incredibly powerful, as it makes finding potentially vulnerable devices almost trivial.


References

[1] "Top 40 Shodan Dorks", https://securitytrails.com/

[2] "Google Hacking Database", explot-db.com

[3] "Google Advanced Search Operators", ahrefs.com