Google Dorks helps you find information about yourself on the Web
Publication date 03/11/2023
What is Google Dorking?
Google Dorks, or Dorking , also known as Google Hacking , is a technique that involves using Google’s advanced search to find specific information online by filtering results with operators known as Dorks , which are symbols that specify a condition. For example, if you put double quotation marks (“text”) in your search text, it will search for information that exactly matches the text. That is, if you search for “OSI”, it will return content that exactly matches that term. Throughout this article, we will show you how this can be useful to you.
What can you find with Google Dorks?
Depending on the parameters used for the search, the results will change, but it might be possible to identify information of all kinds:
- Credentials: usernames and passwords for your accounts.
- Audiovisual content: photos and videos.
- Private URLs.
- Sensitive documents: ID card, phone numbers, other cards.
- Banking information: account or card numbers.
- Emails.
- Access to security cameras.
- Etc.
Is it legal to use Google Dorks?
Before you start using Google Dorks, it’s important to be clear that the information you want to obtain or are looking for shouldn’t be used to harm other people or that the objective of obtaining said information is for unethical purposes.
Having clarified the previous paragraph, the answer to the question: Is it legal to use Google Dorks? The answer is yes, since all the information you can find when you perform searches is public information; that is, it is exposed and published on the Internet, either consciously or unconsciously, by yourself or even by third parties.
In the following sections we will show you how you can use this tool to find information about yourself, so that you can take the necessary steps in each case.
How to use Google Dorks?
First, you need to know the basic commands for advanced searches. These are called operators , and they are specific symbols or words that you can use to find something specific you’re looking for.
For example, if you want to check if your name appears on websites, you can enter “Your first and last name” in quotation marks into your browser’s address bar. Similarly, you can perform searches by enclosing in quotation marks whatever you want to find: “ID number,” “home address,” “phone number,” “email address,” “car registration number,” etc.
On the other hand, if you would like to know if your login credentials for any online service you use have been exposed, that is, if they are published on any website accessible to everyone due to hacking or data theft, you should use the inurl and intext operators like this: inurl : [URL of the website] AND intext : [password]
Also, if you want to search for specific words contained on a webpage, you can use the operator allintext : (desired word). Example: allintext : coronavirus news.
Another interesting feature of this tool is that you can search for specific documents and information. For example, you can search for your resume on a website using the command ` site : [website]` followed by quotation marks around the information that will help you locate it, such as “phone number,” “email address,” or “street address.” Finally, you can search for the document itself using ` intitle : “resume”.`. For example: ` site : webpage.com “phone number” “address” “email address” intitle : resume`.
There are many other operators you can use; you can find more information on Google’s support page: https://support.google.com/websearch/answer/2466433
What do I do if my information has been exposed?
If you have found personal or private data online, you can follow a series of guidelines:
- If you believe that information about you shouldn’t be visible and accessible to everyone, request its removal through Google Search Console. You can request the removal of information such as the following:
- Additionally, if you find your passwords publicly available, change them to unique and strong passwords for each account, including uppercase and lowercase letters, numbers, and special characters. This will limit the risk of a cybercriminal or malicious individual accessing your accounts with information obtained through advanced Google searches. Using two-factor authentication to access your accounts is also recommended to make them harder to steal. Remembering strong passwords can be difficult , so using a password manager to help you store and create them is a good way to stay secure and make this task easier.
- Finally, protect your devices with up-to-date antivirus software and run regular scans to prevent security vulnerabilities and ensure your security and data are not compromised.
In short, being aware of the information about us that exists online makes it easier to take the necessary steps to protect our privacy and maintain our security. If you don’t know how to proceed or have any questions about best practices in cybersecurity, contact us through INCIBE’s Cybersecurity Helpline by calling the free number 017, contacting us via WhatsApp (900 116 117) or Telegram (@INCIBE017).
SPANISH
Búsquedas eficaces con Google Dorks
¿Qué es Google Dorking?
También conocido como Google Hacking, es una técnica de búsqueda avanzada en el buscador Google mediante el uso de parámetros específicos (conocidos como operadores o Dorks) que se utilizan como filtros para mostrar resultados más exactos.
Dependiendo de los Dorks utilizados es posible identificar información de todo tipo:
- Credenciales: usuario y contraseña de cuentas
- Contenido audiovisual: fotos y vídeos
- URLs privadas
- Datos de carácter personal: DNI, números de teléfono, números de cuantas bancarias…
¿Como utilizo Google Dorks?
Introduce los operadores (o Dorks) específicos en el cuadro de búsqueda para afinar los resultados.
Por ejemplo, si quieres comprobar si tu nombre exacto aparece en páginas web, puedes introducir en el cuadro de búsqueda de Google «tu nombre y apellidos» entre comillas.
| Operadores | Descripción y Ejemplo de Uso |
| «comillas» | Busca coincidencias exactas de lo introducido entre comillas. Ejemplo: «nombre apellido1 apellido2» |
| site: | Busca dentro de un sitio web específico. Ejemplo: «nombre apellido1» and site:umh.es |
| AND / OR | Operadores lógicos para combinar búsquedas. Ejemplo: «DNI» AND «nombre» |
| intitle: | Busca páginas que contengan una palabra concreta en el título. Ejemplo: intitle:»contraseñas» |
| filetype: | Busca archivos de un tipo específico. Ejemplo: filetype:pdf |
| intext: | Busca palabras dentro del texto de la página. Ejemplo: intext:»número de teléfono» |
| – (menos) | Excluye términos de la búsqueda. Ejemplo: nombre -site:wordpress.com |
| * (comodín) | Reemplaza palabras desconocidas. Ejemplo: «como * un sitio web» |
| ext: | Similar a filetype:, busca extensiones de archivo. Ejemplo: ext:sql «user data» |
| related: | Muestra sitios similares al indicado. Ejemplo: related:google.com |
| define: | Busca definiciones de palabras. Ejemplo: define:hacking |
| phonebook: | Busca listados telefónicos (poco común hoy en día). Ejemplo: phonebook:John Doe |
| inurl: | Busca palabras dentro de la propia URL. Ejemplo: inurl:admin |
| allinurl: | Busca múltiples palabras en la URL. Ejemplo: allinurl:login admin |
| allintitle: | Busca múltiples palabras en el título de la web. Ejemplo: allintitle:»index of» «backup» |
| after:, before: | Filtra resultados por fecha. Ejemplo: «data breach» after:2023-01-01 |
| cache: | Muestra la versión en caché de una página. Ejemplo: cache:umh.es |
