The Tutorials in this blog are for Educational purposes only.
WHAT'S NEW?
Loading...

Use Google for hacking! understanding basic Google Dorks [For Beginners]

 
 
 
 
 
 
Welcome to this Tutorial. Biggrin
Here, I will tell you about how to use Google for hacking and get search results more accurately.
So lets get started!


Google: Google is a search engine. That's all I know about it. Roflmao
Dork: it is basically a search string with various operators to find something accurately.

So lets now discuss about operators which can be used to create powerful google dorks for hacking.

inurl

inurl is used to show only those pages which has the search term in their websites url. for example, " inurl:admin.php " will return all the websites which has the text "admin.php" in their url.


intitle

intitle is used to show only those pages which has the search term in their websites title. for example, " intitle:admin login " will return all the websites which has the text "admin login" in their title.


filetype

filetype is used to search specific file type in websites. for example " filetype:pdf " will return all the websites which has pdf files in their website.


intext

intext is used to search for a specific text in websites. for example " intext:login "


site

site can be used to limit your search to a specific site only. For example, " site:hackforums.net " will search something only on this site.
site can also be used to search for a specific country site like:
" site:in " will return only the sites of India. use country short codes here are some of them:
bd - Bangladesh
au - Australia
il - Israel
my - malaysia
br - brasil
gov - government sites
com - com sites
net - net sites
org - organization sites
there are tons of them google for them Rolleyes



You are halfway through! you have learned basics now put them in action!



Lets build some dorks with these operators!!!

=> inurl:wp-config intext:wp-config 'DB_PASSWORD'
wp stands for wordpress. Yes the popular cms. The database username and passwords are stored in wp-config file. So we search for wp-config inurl, intext we used more query to ensure the exact result. You will understand more when You will google this.

=> inurl:admin inurl:userlist
using this we can find the usernames of of website.



=>inurl:admin login ext:php site:lk
used to find php admin panels
=> inurl:index.php?id=
Yes for the sake of sql injection! Google can reveal tons of mysql vulnerable sites to you! google sql injection dorks list for more.

=> inurl:index.php?id= intext:Warning: mysql num rows() site:in
here we made a dork for sql vulnerable sites only from india! using site operator u can limit to a specific country websites only!

=> intitle:admin site:examplesite.com
changing the site url we can use google for finding admin page.

Ok, I missed lots of more operators but the most used operators are mentioned above. Now using these create your own dork for hacking Thumbsup



Black Hat
I hope you have learned somethings from this small tutorial.
 
 
 
 This post was previously published by me on hackforums.net here
 
 
 

0 comments:

Post a Comment