Disclaimer: Don’t missuse the information here. Use only on servers you own at your own risk !!
No, no, this is not hacking Google. This is a database created by the community or some individual using google dorks. They have arranged google dorks in a way that it can be used to pull out information such as email addresses and lists, login credentials, sensitive files, website vulnerabilities, and even financial information (e.g. Payment card data) from google search engine.
Most importantly with this Google hacking database, you can find the vulnerabilities of your website and fix the issues before someone else tries to hack you.
These are some strings that can be send with google advance search operators in order pull out sensitive information.
As an example, one dork can be used to identify the vulnerable server. Then using another dork you can try to get sensitive data like user credentials from those servers. With another dork, you can get some other sensitive data like database credentials.
In the following table you can see a list of google advance search operators.
|site:abc.com||Google will search results only in abc.com|
|filetype:pdf||Results will contain
|inurl:xxxxx||Contain xxxxx in the url of the search results|
|allinurl:abc def ghi||All the words abc, def and ghi
appears in the url of the search results
|intitle:abc||Contain abc in title|
|allintitle:abc def ghi||All the words abc, def and ghi
appears in the titles of the search results
|intext:abc||Contain abc in result text|
|allintext:abc def ghi||All the words abc, def and ghi
appears in the search result text
|related:abc.com||Sites related to abc.com|
|cache:||Cached version of a web page|
|inanchor:abc||Contain abc in url anchor|
|allinanchor:abc def ghi||All the words abc, def and ghi
appears in the anchor of the url of the result
|define:abc||Gives definition for abc|
|id:||Undocumented alias for info:|
|info:url||Show information about url|
|link:url||Show web pages which has links to the given url|
As an example,
- polymorphism site:stackoverflow.com will search for the word polymorphism in the Google and show the results only from
- cars intext:hybrid site:autoblog.com will search for the word cars in Google and show the results only from
autoblog.comwhich contains hybrid in the result text.
- intitle:“index of” will show the Google results which contains index of in the title. This is a very popular search string that is used to search movies, games, tv series, etc. in servers.
You can use
- to ignore results.
- polymorphism -site:stackoverflow.com will search for the word polymorphism in the Google and ignore the results from
- transport -vans -cars will search for the word transport and ignore the results which contains vans or cars anywhere in the result text.
I think you get the idea. You can try these commands in Google. It is not a crime. People use these commands to customize their results and search in Google like a pro!
Same way, dorks are also search strings that contains advance search operators. But the aim is different.
- "#mysql dump" filetype:sql will show
.sqlfiles that contain the text #mysql dump anywhere in the result. The meaning of quotation marks is to tell Google to search exact same string. Otherwise Google will try to autocorrect words, drop symbols or change the word order in order to give a “better result”.
- intitle:“index of” htpasswd will search for htpasswd files in servers. If you are familier with intitle:“index of” search string, you will know what will be the result like. htpasswd is a file that is used to store credential to HTTP Apache servers.
Exploit DB Google Hacking Database is the most popular Google Hacking Database in the internet.