CHAPTER 8Search Engine Dorks
“Dorks” are specially crafted advanced search terms that can be used on any search engine to find a wide range of publicly available information on the web. Dorks are (mostly) universal, but the examples in this book will be specifically based on Google's search terms.
The process of dorking refers to using common error phrases that relate to a specific response code generated by a programming language. In other words, they are search queries used to find hidden (and often misconfigured) data within websites. Google Dork queries can often be used to find:
- XSS, SQLi, and other parameter‐based vulnerabilities in web applications
- Confidential information from websites, such as usernames, passwords, and other forms of PII
- Online shopping info like customer data, orders, credit card numbers, and transaction numbers
- Information on printers, video cameras, and types of IOT devices
You can find an exhaustive and regularly updated list of dorks at the Exploit‐DB (formerly the Google Hacking Database): https://www.exploit-db.com/google-hacking-database
.
Get Hunting Cyber Criminals now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.