Hey folks, Epic? here, bringing you another super simple hacker tutorial. In this lesson we'll be learning about Google dorks, what they are, how to use them, etc.
What are Google Dorks?
Google dorks are sort of like keywords for Google. We are, of course, talking about the popular search engine known as Google (http://www.google.com).
When these special "keywords" are searched in Google they return certain, specific results. These results can be useful in many ways.
These dorks can be used to pinpoint a specific attribute/property of a website, potentially an exploitable one.
What is their benefit?
Well, Google has been called a "hackers best friend". Their real benefit is towards hacking, at least as far as dorks go. Again, we use the dorks to search for super specific content on a website, this content is usually used for hacking.
How do I use them?
Its quite easy, first you simply need to acquire a dork, they're all over the internet (you can actually search Google for the specific dork you want), then you can proceed from there. Once you have your desired dork, you simply go to Google (or a search engine of your choice - although Google is best since it offers the most results), once you're in Google you simply enter in the dork to the search bar, and run a search on it. Results that come up will be results that the dork has hit on (results that match/contain the dork).
How do I find what's "exploitable" from that list?
Well, all those results were hit on by the dork, however, they're not all exploitable. You have to go through them and use the method that is provided in your tutorial for finding which one is exploitable. You may want to go a few pages through the results before you start looking (as most of the first ones will be other guides).
Where can I find dorks?
As stated before, you can simply use Google to find a list of dorks, although its likely a tutorial you're following provided you with dork(s), or a method of getting dorks. You can also see the selection of dorks on the original post to tech-revolution.com.
How do exploit/dork scanners work?
They work by doing exactly what you do, except since they're "machines" (or programs) they do it very quickly on a massive scale. They simply search Google (or another search engine), and depending on how it works, they either strip the results from the HTML or they use another method. After that, they then check if those dork hits are truly exploitable, or if they are just false hits. That's the benefit of a scanner.
Where can I get a scanner?
There are plenty of exploit/dork scanners out there. Just search Google. Alternatively, there are many available for download on my home site, Tech-Revolution.com.
See here and here (just two of many examples).