Google Hacking

Learn how Google's powerful search engine can be used to find vulnerabilities in web applications.

Introduction to Google hacking

Google hacking, also referred to as Google dorking, is the process through which a user can gather information about a target with the help of the advanced search and indexing capabilities of Google’s search engine. It allows hackers to target keywords, URLs, file types, and software versions on the target website.

Google hacking helps pentesters narrow the investigation down to a particular domain that has been identified as a target and further specify what technologies and their relevant information to search for. For example, a website for a hotel may also have an insecure security camera system (mostly just webcams) on its network. We could find such publicly viewable cameras with the query inurl:"ViewerFrame?Mode=". We could also use quotation marks to query for exact text, like so: "Only phrases just like this".

Google hacking for pentesting

In the table below we’ll look at some of the commands that are used in Google hacks for penetration testing:

Get hands-on with 1200+ tech skills courses.