Although they are well known in the field of security, Google Dorks, also often called Google Dorking and Google Hackingthey are something completely unknown to ordinary Internet users, i.e. the vast majority of the population, but exceptionally useful when we want to perform certain types of searches on the Internet, more specifically information that, in most cases, the owners of the South would prefer not to be accessible to everyone.

As you probably already know, Google allows you to use a large number of operators when searching. The most common are quotes, when we want to ensure that the search is exact with respect to the expressions used in it, and common logical operators (which, yes, are not necessary in some cases, because the search engine uses them by default). However, there are many others that, although public, are much less well-known and allow for very fine-tuning of search results.

It is likely that at this point, You might be wondering if using Google Dorks is legal, because we are talking about access to what those in charge basically do not want to have access to. The answer is very, very clear: yes, it is completely legal use Google Dorks. Of course, what it doesn’t have to be is using what you find in your research. And as you’ll see below, this type of specialized search will surprise you.

There are many operators we can use to perform “refined” searches, but In order to do some Google hacking, these are the most notable ones:

• intitle:»password»: Find websites that have the word “password” in the title.
• file type: pdf: Find PDF files.
• site:example.com: Find websites in the example.com domain.
• link:example.com: Find websites that link to example.com.
• “SQL Error”: Finds web pages that contain SQL errors.

Up to this point we have already seen something interesting, but it all becomes much more interesting when we consider the vast majority of these operators can be combined with each other, resulting in a much more accurate search. For example, and this is a fairly common type of search, you can combine “site” and “filetype” to search for a certain type of file on a particular web page.

So let’s say you want to check if a certain website stores files in txt format. In this case, the search will look like this: “site:example.com filetype:txt”.

Except, You can also use the intitle operator to find a specific file name, for example “intitle:password.txt”. However, keep in mind that this particular example is so obvious that you probably won’t find results for files with that name and extension. Here, of course, determination and imagination come into play, both when choosing search parameters and directly related when combining operators.

Want an example of a Google Dorks search that usually returns quite a few results? In that case try “intitle:index.of /logs.txt” which is the result It will offer you records (logs) stored on web servers. And as you may already know or suspect, logs can provide us with a lot of interesting information about the server and its activity.

Do you lack inspiration? In that case The Exploit Database has a complete section where Google Dorks searches are compiled which can offer interesting results. Of course, there are two very important points to keep in mind before you start your research:

• It is perfectly legal to conduct these searches, what may not be is to use what you find in their results.
• These searches can also lead you to malicious results, so you should be careful about the sites you access and especially the files you can download.