Google Hacking Database


Hacking Google?

Disclaimer: Don’t missuse the information here. Use only on servers you own at your own risk !!

No, no, this is not hacking Google. This is a database created by the community or some individual using google dorks. They have arranged google dorks in a way that it can be used to pull out information such as email addresses and lists, login credentials, sensitive files, website vulnerabilities, and even financial information (e.g. Payment card data) from google search engine.

Most importantly with this Google hacking database, you can find the vulnerabilities of your website and fix the issues before someone else tries to hack you.

Google Dorks

These are some strings that can be send with google advance search operators in order pull out sensitive information.

As an example, one dork can be used to identify the vulnerable server. Then using another dork you can try to get sensitive data like user credentials from those servers. With another dork, you can get some other sensitive data like database credentials.

Advance Search Operators

In the following table you can see a list of google advance search operators.

Operator Usage
site:abc.com Google will search results only in abc.com
filetype:pdf Results will contain pdf file types
inurl:xxxxx Contain xxxxx in the url of the search results
allinurl:abc def ghi All the words abc, def and ghi
appears in the url of the search results
intitle:abc Contain abc in title
allintitle:abc def ghi All the words abc, def and ghi
appears in the titles of the search results
intext:abc Contain abc in result text
allintext:abc def ghi All the words abc, def and ghi
appears in the search result text
related:abc.com Sites related to abc.com
cache: Cached version of a web page
inanchor:abc Contain abc in url anchor
allinanchor:abc def ghi All the words abc, def and ghi
appears in the anchor of the url of the result
define:abc Gives definition for abc
id: Undocumented alias for info:
info:url Show information about url
link:url Show web pages which has links to the given url

As an example,

  1. polymorphism site:stackoverflow.com will search for the word polymorphism in the Google and show the results only from stackoverflow.com
  2. cars intext:hybrid site:autoblog.com will search for the word cars in Google and show the results only from autoblog.com which contains hybrid in the result text.
  3. intitle:“index of” will show the Google results which contains index of in the title. This is a very popular search string that is used to search movies, games, tv series, etc. in servers.

You can use - to ignore results.

  1. polymorphism -site:stackoverflow.com will search for the word polymorphism in the Google and ignore the results from stackoverflow.com
  2. transport -vans -cars will search for the word transport and ignore the results which contains vans or cars anywhere in the result text.

I think you get the idea. You can try these commands in Google. It is not a crime. People use these commands to customize their results and search in Google like a pro!

Same way, dorks are also search strings that contains advance search operators. But the aim is different.

  1. "#mysql dump" filetype:sql will show .sql files that contain the text #mysql dump anywhere in the result. The meaning of quotation marks is to tell Google to search exact same string. Otherwise Google will try to autocorrect words, drop symbols or change the word order in order to give a “better result”.
  2. intitle:“index of” htpasswd will search for htpasswd files in servers. If you are familier with intitle:“index of” search string, you will know what will be the result like. htpasswd is a file that is used to store credential to HTTP Apache servers.

Exploit DB Google Hacking Database is the most popular Google Hacking Database in the internet.