How many times have you had to go all the way to page 10 on google looking for an ebook?
You wanted a pdf but they give you all sorts of useless stuff!
How many times has a scenario occured where you wanted a power point presentation for your school/college project and looking for a ppt file on google yields about two ppt files per page?!
While looking for a login page to hack with authentication bypass, how many times have you taken days on end, almost reached the middle of the search results and still not found anything?(Mind you there are millions of search results , reaching the halfway point is a big deal!)
Don’t worry anymore because GOOGLE DORKS are here!
Well, they’ve kind of been here since forever but a little drama is permissible.
Google Dorks and commands can be found here.
This is sort of the official website that was started by Johnny Long. Now it is found in the exploit-dbwebsite
Primarily used to discover vulnerable web applications, you can also use them to find stuff you want.
Google dorks aren’t really the commands we use, they’re the vulnerable webpages we find through these commands. Over time, the commands have started being called Google Dorks. I’m going to be referring to them as commands as calling them Dorks would be wrong.
Anyway, getting to the point.
I will list out a few commands that I know of and demonstrate how they work. You take it from there and use them as you like !
1. Double Quotes
Not really a command but it narrows down search results to quite an extent.
When you write something in double quotes, google looks for exact matches. Suppose you type “WPA Handshake” and press enter, the results you get will hold Hello there not Hello is there anybody out there or Hello in there. Just plain Hello There.
Let’s see how:
Typing just WPA Handshake:
Typing “WPA handshake” gives us only those results that have the exact phrase “WPA hacking ” in them.
2.The filetype tag
Getting to the real commands now, given a situation where you have to look for a pdf or a ppt file specifically.
Here’s how its done:
Notice how each result has a little PDF written in superscript. Yeah, click on one of those and you’ll start a pdf download.
3. inurl tag:
This tag helps you look for pages that match what you have written in the search query. Look and you’ll understand:
You will notice that every search result has a login.php page.
4.site tag
Websites have domains. These domains have names that usually have suffixes such as .com or.edu etc
If you’re looking for sites of a particular suffix, then use the site tag as follows:
If you notice, all sites in the results have a .in suffix.
(This suffix is called the top level domain.)
5.intext tag.
Looking for specific text in webpages?
This is the thing to use. Ex:
The word “blogging” has been highlighted in the description of each webpage indicating that the word is part of webpage content and not the URL.
There are many more commands to use google smartly. Find them here.
These can be very useful to find hackable pages. In the upcoming series on SQL injection , the importance of these commands will be seen.
No comments:
Post a Comment