Google Hacking Database

Hacking Google?

Disclaimer: Don’t missuse the information here. Use only on servers you own at your own risk !!

No, no, this is not hacking Google. This is a database created by the community or some individual using google dorks. They have arranged google dorks in a way that it can be used to pull out information such as email addresses and lists, login credentials, sensitive files, website vulnerabilities, and even financial information (e.g. Payment card data) from google search engine.

Most importantly with this Google hacking database, you can find the vulnerabilities of your website and fix the issues before someone else tries to hack you.

Google Dorks

These are some strings that can be send with google advance search operators in order pull out sensitive information.

As an example, one dork can be used to identify the vulnerable server. Then using another dork you can try to get sensitive data like user credentials from those servers. With another dork, you can get some other sensitive data like database credentials.

Advance Search Operators

In the following table you can see a list of google advance search operators.

As an example,

1. polymorphism site:stackoverflow.com will search for the word polymorphism in the Google and show the results only from stackoverflow.com
2. cars intext:hybrid site:autoblog.com will search for the word cars in Google and show the results only from autoblog.com which contains hybrid in the result text.
3. intitle:“index of” will show the Google results which contains index of in the title. This is a very popular search string that is used to search movies, games, tv series, etc. in servers.

You can use - to ignore results.

4. polymorphism -site:stackoverflow.com will search for the word polymorphism in the Google and ignore the results from stackoverflow.com
5. transport -vans -cars will search for the word transport and ignore the results which contains vans or cars anywhere in the result text.

I think you get the idea. You can try these commands in Google. It is not a crime. People use these commands to customize their results and search in Google like a pro!

Same way, dorks are also search strings that contains advance search operators. But the aim is different.

1. “#mysql dump” filetype:sql will show .sql files that contain the text #mysql dump anywhere in the result. The meaning of quotation marks is to tell Google to search exact same string. Otherwise Google will try to autocorrect words, drop symbols or change the word order in order to give a “better result”.
2. intitle:“index of” htpasswd will search for htpasswd files in servers. If you are familier with intitle:“index of” search string, you will know what will be the result like. htpasswd is a file that is used to store credential to HTTP Apache servers.

Exploit DB Google Hacking Database is the most popular Google Hacking Database in the internet.

‍