CHAPTER 8Search Engine Dorks

“Dorks” are specially crafted advanced search terms that can be used on any search engine to find a wide range of publicly available information on the web. Dorks are (mostly) universal, but the examples in this book will be specifically based on Google's search terms.

The process of dorking refers to using common error phrases that relate to a specific response code generated by a programming language. In other words, they are search queries used to find hidden (and often misconfigured) data within websites. Google Dork queries can often be used to find:

  • XSS, SQLi, and other parameter‐based vulnerabilities in web applications
  • Confidential information from websites, such as usernames, passwords, and other forms of PII
  • Online shopping info like customer data, orders, credit card numbers, and transaction numbers
  • Information on printers, video cameras, and types of IOT devices

You can find an exhaustive and regularly updated list of dorks at the Exploit‐DB (formerly the Google Hacking Database): https://www.exploit-db.com/google-hacking-database.

Get Hunting Cyber Criminals now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.