(also Google hacking)
Google dorking definition
Google dorking is the deliberate use of Google Search (as well as other Google apps) to hunt for valuable or hard-to-find data. In the hacking community, Google dorking specifically refers to using advanced Google Search operators to locate evidence of security vulnerabilities — for example, searching for websites running a specific version of a web application that has a known exploit.
Targets of Google dorking attacks
- Vulnerable web applications: Hackers can hunt for websites hosting applications with known security vulnerabilities (such as a vulnerability to SQL injections).
- Login pages: Hackers sometimes use Google dorking to identify website login pages that are vulnerable to brute-force attacks.
- Sensitive documents: Hackers may search for specific file types that are known to contain sensitive information (such as PDF documents).
- Hidden content: Hackers may seek to uncover areas of a website that are not directly accessible by the general public — for example, pages that are not linked to the main website.
Stopping Google dorking
- The robots.txt standard file: tells search engine crawlers which portions of the website should not be indexed. Most major search engines comply with robot.txt file requirements, but this compliance is voluntary — malicious web crawlers can ignore the file or even use it as a reference for areas that should be searched first.
- Testing the website by posing queries on popular search engines helps identify what content can be discovered publicly. Any discovered vulnerabilities should be patched without delay to prevent Google dorking attacks.