Human beings struggled for centuries to record and learn information on clay tablets, paper, books, encyclopedias, and in huge libraries after the invention of writing. Yet in recent years, we have become able to access almost all the information in the world through the tiny devices in our pockets. Sometimes, ironically, we still "cannot access" that information. This must be one of the ironies of the 21st century. Some of us browse the flashy interface of the internet out of curiosity, some for professional purposes, but while doing so, we forget what we were originally looking for and drift into different paths. Some of us manage to reach the desired information, even if it is difficult, or even when we do reach it, we still doubt whether the information is accurate. The misleading behavior of some websites for "clickbait" purposes and their attempts to attract users with deceptive headlines play a big role in this. However, the real issue is also related to how efficiently we use search engines during the process of accessing information. Especially when doing professional research, being able to reach accurate information quickly is very important.
What is Google Dork?
Google Dork is based on both attackers and security professionals discovering vulnerabilities on websites through the Google search engine. Its first use dates back to August 2002. Attackers use many operators and keywords in Google Dorking to search for texts related to security vulnerabilities and aim to find websites that have those vulnerabilities.
For example;
Intext: "userfiles" intitle: "Index Of"
This dork is used with the intext keyword to find a page where the word "userfiles" appears within the page, and with the intitle keyword to display the "index of" structure where directory listings exist in the page title. In this way, attackers try to obtain information belonging to users on a website found with this dork.
As another example,
allintext:username filetype:log
we can examine this query. This dork returns websites that have a log file type and contain the word username, so credential information can be obtained.
Basic Google Dork Keywords
The Google Dork technique is not only used for attack purposes, but also to reach accurate information more quickly. For example, trying to find a specific update file belonging to a specific version of an open-source software on GitHub without using keywords would take a long time. However, when targeted searches are made with the necessary keywords, the desired file can be found much faster.
An example of this is the dork "site:github.com intitle:zabbix intext:v1.3.0".
Also, for SOC analysts and threat hunters, using Dorking is a very useful technique for gathering intelligence information.
Basic Google Dork keywords are as follows:
• and/or Operators: With the And and Or operators, searches are made for content where two different words appear together or where one of them appears.
• filetype: With the filetype keyword, searches are made according to the desired file type.
site: With the site keyword, searches are made on a targeted website.
• intitle: With the intitle keyword, searches are made for the desired word in the site title.
• allintitle: With the allintitle keyword, searches are made for the desired words in the site title.
• inurl: Searches are made for a word that is desired to appear inside the URL.
• allinurl: Searches are made for words that are desired to appear inside the URL.
• intext: Searches are made for a word that is desired to appear within the site.
• allintext: Searches are made for words that are desired to appear within the site.
• info: Searches are made for sites containing information.
• related: Searches are made for sites with similar content.
As a result, Google Dork is a powerful and effective tool used to access accurate information quickly. Especially when used correctly by security professionals, it has a very important place in terms of gathering threat intelligence.