Google Dorking

Google Dorking?:- You can use various operators to refine your search queries (we also call these queries "Google dorks")?many subdomains can be found by using?this method to?crawl?the targeted domain. Google (and also other search engines like Bing) does it as a byproduct of its primary intention.Operators include things like “inurl”, “intext”, “site”, “feed”, “language”, and so on.

Examples :-

i.?Site:gamers.org filetype:pdf

This googleDork will search https://gamers.org?for all PDF?files hosted under that domain name.

ii.?Filetype:xls :-

The “filetype” operator does not recognise different versions of the same or similar formats (i.e.?doc?vs.?docx, xls?vs.?xlsx?vs.?csv), so each of these formats must be dorked separately

Finding passwords?:- Searching for login and password information can be useful as a?defensive dork. Passwords are, in rare cases, clumsily stored in publicly accessible documents

on webservers. Try the following dorks in different search engines:

password filetype:doc site:example.com

Password filetype:docx site:example.com

Password filetype:pdf site:example.com

Password filetype:xls site:example.com

Defensive dorking?:- Google Dorking can be used to protect your own data and to defend websites for which you are responsible. There are two types of defensive dorking,

a)?Firstly when looking for security vulnerabilities in online services you administer yourself, such as webservers or FTP servers.

b)?The second type concerns?sensitive?information about yourself, sources or colleagues that might be unintentionally exposed.

The security software company?McAfee?recommends six precautions that webmasters and system administrators should take, and googleDorking can sometimes help identify failure to comply with the vast majority of them:

• Keep Operating Systems, services and applications are up-to-date
• Make use of security solutions that prevent intrusion
• ?Understand how search engine crawlers work, know what is public, and audit your exposure
• ?Move sensitive resources out of public locations
• ?Block access to all non-essential resources from external or foreign identities
• ?Perform frequent penetration testing

Frequent penetration testing can be undertaken by anyone who might be concerned about their data or the data of those they want to protect. To perform defensive Google Dorking, It is recommend to start with the following simple commands on your own websites, your name, and other websites that might contain information about you.

?For example:

[your name] filetype:pdf

You can repeat this search with other potentially relevant filetypes: xls, xlsx, doc, docx, etc.

You can also search for information associated with the IP address of your servers:

Ip:[your server’s ip address]