Everyone uses the Internet as a solution to different questions that arise in our day to day lives. The first thing we usually do is open a tab on our browser, and type “google.com”. However, have you ever thought about what information there is about you on the Internet?
The Oficina de Seguridad del Internauta (OSI) explains how you can use a resource called “Google Dorks” to find out and know what to do in case you do not want it to appear in the results.
What is Google dorking?
Google Dorks or Dorking, also known as Google Hacking, is a technique often used by hackers that consists of applying Google’s advanced search to find specific information on the Internet by filtering the results with operators known as Dorks. These are symbols that specify a condition.
It is a powerful tool that can be used to extract sensitive information from vulnerable websites, such as;
- email addresses
- credit card details
These dorks allow the user to narrow down the search results to a specific website or domain. Furthermore, they are typically a combination of keywords and special operators that tell Google to search for specific information.
If we put double quotes (“text”) in our search text, it will search for information that exactly matches the text. For example, if we search for “inspainnews”, it will return the content that exactly matches that term.
Who uses Google dorks?
Google dorking is also used by security professionals to identify vulnerabilities in their own websites. By using dorks to search for sensitive information, website owners can identify potential security risks and take steps to protect their sites from unauthorised access.
However, it’s important to note that Google dorking can be used for malicious purposes as well. Hackers can use this technique to find vulnerable websites and launch attacks against them.
To protect yourself from Google dorking attacks, it’s important to ensure your website is properly secured. This includes implementing strong passwords, keeping your software up to date, and limiting access to sensitive information.
What can you find with Google Dorks?
Depending on the parameters used for the search, the results will change. But it could be possible to identify information of all kinds:
- Credentials: usernames and passwords of your accounts
- Audiovisual content: photos and videos
- Private URLs
- Sensitive documentation: ID, telephone numbers, other cards
- Bank information: account numbers or cards
- Access to security cameras
Is it legal to use Google Dorks?
It is important that before starting to use Google Dorks, you are clear that the information you want to obtain or are looking for should not be used to harm other people or that the objective of obtaining said information is for unethical purposes.
However, having said that, the answer to the question is yes. This is because all the information you may find when you search is already public. That is, it is exposed and published on the Internet, either consciously or unknowingly by yourself or even by third parties.
How to use Google Dorks?
First you need to know the basic commands of advanced searches. They are called operators and are symbols or specific words with which you can find what you are looking for.
For example, if you want to check if your name appears on web pages, you can enter in the navigation bar of your browser: “Your name and surname” between quotation marks. In the same way, you can carry out searches between quotation marks for what you want to find: “ID number”, “home address”, “telephone”, “email”, “car license plate”, etc.
On the other hand, if you would like to know if your access credentials are exposed to any online service that you use, that is, if they are published on a website accessible to everyone due to hacking or data theft, you should use the inurl and operator intext like this: inurl: [web URL] AND intext: [password]
Also, if you want to search for specific words that contain a web page, you can use the operator allintext: (desired word). Example: allintext: coronavirus news.
Another interesting utility of this tool is that you can search to find documents and specific information. For example, you can search if your curriculum vitae is displayed on a web page, with the command site: [web page] and in quotes the data that will help you locate it: “phone” “mail” “address”, etc. Finally, we look for the document itself with intitle: “currículum vitae”. Eg site: webpage.com “phone” “address” “email” intitle: curriculum vitae.
How do I find different operators?
There are many other operators that you can use to help you refine web searches. The Google support page you will find more information.
What do I do if my information has been exposed?
In case you have found personal or private data on the network, you can follow a series of guidelines.
If you believe that information about you should not be visible and accessible to anyone, request its deletion through Google Search Console. You can request the withdrawal of information such as the following:
- Intimate images not consented
- Personal information that allows you to be identified or puts your bank details at risk
Also, if you find your passwords are public, change them to unique and strong passwords for each account. Don´t forget to include upper and lower case letters, numbers and special characters. This will limit the risk of a cybercriminal or malicious person accessing your accounts with the information they obtained using these advanced Google searches. It is also recommended to use double authentication to access your accounts and thus make it more difficult for them to be stolen. Strong passwords are hard to remember, so using a password manager to help you store and create them is a good way to stay safe and make this task a bit easier.
In conclusion, Google dorking is a powerful tool that can be used for both good and bad purposes. While it can be useful for identifying vulnerabilities in your own websites, it’s important to be aware of the potential risks and take steps to protect yourself from malicious attacks. By staying vigilant and taking proactive measures to secure your website and devices, you can prevent unauthorised access and protect your sensitive information from falling into the wrong hands.