google-dorks-mini
Blog

Finding vulnerabilities with Google Dorks

There are simple ways to uncover the files that weren’t effectively protected. We’ll focus on Google search operators that can be used to get...
25 September 2016
Cybersecurity testing
Web app testing
Article by a1qa
a1qa

For any company data confidentiality is a matter of high importance. Leak of clients’ usernames and passwords or loss of system files may result in great financial expenses and destroy the reputation of the most trustworthy organization. The article by Vadim Kulish, security testing engineer.

Considering all potential risks, companies spend big money to embed latest security technologies to prevent unauthorized access to the valuable data.

But have you ever given a thought that besides sophisticated hacking attacks there are simple ways to uncover the files that weren’t effectively protected. In this article we’ll focus on Google search operators that can be used to get more specific search results or to detect sensitive information.

Let’s start from the beginning.

One can hardly imagine Internet surfing without search systems as Google, Bing and others alike. Search engines index vast amount of web pages to make them available for surfing.

Google search operators

When you search in Google, you can include search operators in the entry field to narrow or broaden your search. The most commonly used of them are the following:

* site: returns results from certain sites or domains

E.g.: If you enter site:example.com you’ll get all info in Google related to the example.com website.

* filetype: searches for exact file type

E.g.: The entry filetype:php site:example.com will provide you with the list of php-files from the website example.com.

* inurl: searches for specific text in the indexed URL

E.g.: The entry site:example.com inurl:admin will search for the administration panel on the website.

* intitle: searches for query terms in the page’s title

E.g.: The entry example.com intitle:”Index of” will return documents from the website example.com that mention the word “index of” in their titles.

* cache: searches in Google cache

E.g.: cache:example.com will show Google’s cached version of the page instead of the current one.

Unfortunately, web crawlers are not able to determine the type and degree of information confidentiality. Therefore, they equally treat blog articles, which are published for wide audience, and database backup copy stored in the web server root directory and not intended for third parties view.

Thanks to this feature and using the search operators, hackers manage to detect vulnerabilities of web resources, information leaks (backup copies and text of the web applications errors), hidden resources, such as opened administration panel without authentication and authorization mechanisms embedded.

Types of information that can be detected by search engines and may be potentially interesting to hackers include the following:

* Third-level domains of the explored resource

Third-level domains can be found using the keyword “site:”. For example, the query site:. * example.com will return all domains of the third level of the website example.com. Such requests enable to detect hidden management resources, release management systems, as well as other applications with the web interface.

* Hidden files on a web server

When searching, you may happen to view various parts of the web application. To find them, use the query filetype:php site:example.com. It will return previously unavailable functionality in the application, as well as other information about the app.

* Backup copies

Backup copies may be found with the filetype: keyword. Usually backup copies are stored using the following file extensions: bak, tar.gz, sql. For instance: site:. * example.com filetype:sql. Backup copies often contain logins and passwords of the admin interfaces, as well as user data and source code of your website.

* Errors of the web application

The text of the error may contain various data about the app’s system components (web server, database, web application platform). This information is always very interesting to hackers because it allows to find out more about the target system and to enhance the attack. For instance: site: example.com “warning” “error”.

* Login and password

Web application cracking may reveal big amount of users’ sensitive data. The request filetype:txt “login” “password” will allow you to find files with usernames and passwords. Likewise, you can check whether your email or any account has been hacked. Just make a request filetype:txt “user_name_or_email”.

The combinations of keywords and search strings used to detect confidential information are commonly named Google Dorks.

Google has collected them in the public Google Hacking Database. Now any company representative, whether CEO, a developer or a webmaster, may learn about what type of sensitive data was detected with this or that query. All dorks are broken down by categories to make the search more comfortable.

Google Dorks leaving mark in the history of hacking

Finally, learn about the cases of how Google Dorks helped the attackers to get access to sensitive but poorly protected information:

#1. Leakage of confidential documents on the bank’s website

During the official bank site security analysis a large number of pdf-documents was detected. All documents were found with a query “site:bank-site filetype:pdf“. Interestingly, it turned out that the contents of documents represented plans of the bank branch premises across the country. For sure, that information would be very interesting to bank robbers.

#2. Cardholders’ data search

Very often breaking online stores attackers gain access to the users payment data. To make this info public, violators use public services that are indexed by Google. Sample query: “Card Number” “Expiration Date” “Card Type” filetype:txt.

With all this in mind, we recommend that you check the security of your website to prevent dubious activities related to your resource.

But we advise you to look beyond the basic checks. Address security testing specialists to conduct comprehensive analysis of your software product. After all, it’s better and cheaper to prevent data loss than repair the damage incurred.

More Posts

2 December 2024,
by a1qa
6 min read
Addressing 4 security issues for digital transformation programs
Find out the top 4 safety challenges of digital transformation and a QA playbook to address them and contribute to a higher level of cybersecurity.
Cybersecurity testing
black-friday
5 November 2024,
by a1qa
4 min read
Get ready for Black-Friday-to-Cyber-Monday shopping: 5 testing types to include in your QA strategy
What’s your nightmare during Black Friday and Cyber Monday shopping? If it’s a loss of sales, read about the ways to prevent this in the article.
Cybersecurity testing
Functional testing
Localization testing
Performance testing
Usability testing
QA for retail software
29 August 2024,
by a1qa
4 min read
QA to address key pain points in retail 
Explore how QA helps address the main challenges that retailers face when developing software.
Cybersecurity testing
Functional testing
Performance testing
Usability testing
QA for fintech
7 May 2024,
by a1qa
5 min read
Navigating the fintech frontier in 2024: QA’s role in delivering high-quality financial software 
Unveil the future of fintech innovations and learn to refine their quality with the help of software testing.
Blockchain app testing
Cybersecurity testing
Quality assurance
Telecom trends 2024
15 April 2024,
by a1qa
5 min read
QA’s role in adopting telecom trends for 2024 
Let’s dive into the transformative trends set to redefine the telco industry in 2024 and discover QA strategies to adopt them with precision.
Cloud-based testing
Cybersecurity testing
Functional testing
General
Migration testing
Performance testing
QA trends
Quality assurance
Test automation
On the pulse of 2024: optimizing the adoption of eHealth trends with QA
15 February 2024,
by a1qa
4 min read
On the pulse of 2024: optimizing the adoption of eHealth trends with QA
Generative AI, cybersecurity, AR/VR — come and explore how these trends are reshaping the future of healthcare and how QA helps implement them with confidence.
Cybersecurity testing
Functional testing
Performance testing
QA trends
Navigating the future: QA trends that will define 2024. Part 2
30 January 2024,
by a1qa
4 min read
Navigating the future: QA trends that will define 2024. Part 2
We continue exploring QA trends, helping businesses remain competitive in 2024.
Cloud-based testing
Cybersecurity testing
QA trends
Quality assurance
The year in valuable conversations: recapping 2023 a1qa’s roundtables for IT executives 
8 December 2023,
by a1qa
3 min read
The year in valuable conversations: recapping 2023 a1qa’s roundtables for IT executives 
From dissecting novel industry trends to navigating effective ways of enhancing software quality — let’s recall all a1qa’s roundtables. Join us!
Big data testing
Cybersecurity testing
Functional testing
General
Interviews
Performance testing
QA trends
Quality assurance
Test automation
Usability testing
Web app testing
6 top reasons why business should invest in software quality
9 November 2023,
by a1qa
4 min read
6 top reasons why business should invest in software quality
We congratulate you on the World Quality Day with the article by Alina Karachun, Account director at a1qa, having 10+ years of QA expertise. Delve into it to explore the reasons why businesses should prioritize software quality.
Cybersecurity testing
Functional testing
General
Interviews
Performance testing
Quality assurance

Get in touch

Please fill in the required field.
Email address seems invalid.
Please fill in the required field.
We use cookies on our website to improve its functionality and to enhance your user experience. We also use cookies for analytics. If you continue to browse this website, we will assume you agree that we can place cookies on your device. For more details, please read our Privacy and Cookies Policy.