Google Dorks, these strangers ...

(To Alessio Buttitta)

Google Dork is an advanced search technique that can help uncover hidden data from the Google search engine. 

Some people call them "Google commands" or a basic strategy of hacking. These are, in fact, "operators", through which it is possible to create more detailed filters for a search. That is, they are mainly used to refine search results, in order to have more specific links. 

It should be noted that i dork the most famous and used, of course, are those of Google (Google Dork) that we will deepen in this article. 

Technically speaking, within the search query, particular keywords and / or logical operators and special characters are inserted to get more specific results and find pages that can match our search criteria.

Un search filter is a phrase, a keyword that has a particular meaning for the search engine such as for example:

- inurl: to narrow the search only within the url;

- intext: returns the web pages that contain the term searched within them;

- website: to narrow your search on a particular site;

- filetype: to restrict the search to a file type.

How to start using them? 

Google Dorks have a basic syntax of the type "dork: parameter".

Try using, for example, the following simple commands to start looking for sensitive details and practice. 

You can indulge yourself in finding information about yourself or the organization you work for, by typing for example:

- "your name" filetype: pdf, which will return the searched word or phrase only on a Pdf file;

- "your name" filetype: pdf OR filetype: xlsx OR filetype: docx, which will perform the same search on pdf or xlsx or docx files.

Basic logical operators such as not, or and and can be used. 

Here are some special characters to use and their functionality.  

Google Dorks: what are they for?

They are used for several purposes. For example, to carry out a more in-depth search by a common user, as we tried to do just above by entering our name followed by the operator filetype.

They can also be used in SEO (Search engine optimization) for marketing purposes. For example to find pages with indexing errors, so that search engines do not show. 

To find out, simply enter in the query "site: the name of your site".

They are also heavily employed in the cyber security. In fact, through the use of this technique it is possible to detect systems affected by vulnerabilities, for example, by entering a keyword of a particular product. 
The query "inurl: wp-admin" will show the sites that use WordPress as a technology, if this one day turns out to be vulnerable it would be very easy for a hacker to know who is using it.

This technique can also be used to search massively for information on people. Let's try to think of an attacker who is interested in people with a certain characteristic that can be easily found on social networks (example: job job). It is sufficient to write a search string on the browser, specifying the sites where to search, without having to consult them individually. For example, "secretary site: OR site:". 

The search can be further refined using keywords or other terms or the Google Hacking DB which contains sources of phrases and words.

Ultimately, they can be used to understand what information is present about us or our business and make the desired changes.

In conclusion, Google Dork is a "lever" that can be used by anyone who wants to approach cyber security, study or read more specific documentation or in general optimize their research.