Hackers sometimes rely on Google dorking to hunt for sensitive information like usernames, log files, etc. Learn all about it to keep your site safe.
Source : link
Google is the encyclopedia of the internet that carries the answer to all your questions and curiosity. After all, it is just a web index to find images, articles, and videos, right?
Well, if you think so, you are turning a blind eye to the untapped potential of the behemoth search engine’s crawling capabilities. This side of Google is lesser-known to the average user but propelled effectively by bad actors to hijack websites and steal sensitive data from companies.
Here, we’ll address how security professionals and hackers use Google as an effective reconnaissance tool to access sensitive data, hijack websites, and more.
What Is Google Dorking?
Google dorking or Google hacking is the technique of feeding advanced search queries into the Google search engine to hunt for sensitive data such as username, password, log files, etc., of websites that Google is indexing due to site misconfiguration. This data is publicly visible and, in some cases, downloadable.
A regular Google search involves a seed keyword, sentence, or question. But, in Google dorking, an attacker uses special operators to enhance search and dictate the web crawler to snipe for very specific files or directories on the internet. In most cases, they are log files or website misconfigurations.
How Hackers Use Google Dorking to Hack Websites
Google dorking involves using special parameters and search operators called “dorks” to narrow down search results and hunt for exposed sensitive data and security loopholes in websites.
Love Taking Selfies? You NEED This Phone (Vivo V23 Review)
The parameters and operators direct the crawler to look for specific file types in any specified URL. The search results of the query include but are not limited to:
- Open FTP servers.
- A company’s internal documents.
- Accessible IP cameras.
- Government documents.
- Server log files containing passwords and other sensitive data that can be leveraged to infiltrate or disrupt an organization.