You know life hacks, but do you know what Google dorking is?

Google dorking, or Google hacking, allows you to find information that is usually inaccessible on a website. A legal way to exploit the unsuspected capabilities of the search engine.

You thought you knew everything about Google Chrome? Think again. The famous search engine has features that are little known to the general public. Called “Google Dorks”, these open the door to a universe of information usually invisible.

A must for the curious or for cybersecurity experts to prevent cyberattacks, but also a formidable tool in the wrong hands. Because if Google dorking is perfectly legal, the use and exploitation of the content thus collected can downright become a weapon for hackers.

What is Google dorking, its origin and its most used dorks?

Imagine an everyday object that you transform with small additional tools or divert from its initial function to improve everyday life. Well, Google Dorks are a bit of the same principle.

Google dorking involves using advanced queries to find specific information. A simple addition of operators (quotes, etc.) is enough to transform an ordinary search. Its creator? Johnny Long, a cybersecurity expert. In 2002, he invented this method of investigation, called “dorking”. Objective: exploit Google’s capabilities for penetration testing.

Here are some frequently used operators: “site:” to restrict to a domain; “filetype:” to target certain formats; “intitle:” or “inurl:” to find pages with a specific term. Combined, they form the famous Google Dorks. Some even allow access to sensitive files, archived versions or private servers.

Google Dorks, a gold mine for finding security vulnerabilities, but also a tricky tool to use

Google dorking is legal in fact, it simply exploits the capabilities of a search engine. On the other hand, the use of the results can quickly become illegal. A malicious hacker could access personal data, break into a private system, etc. Hence the importance of GDPR to protect online privacy.

Fortunately, businesses also have an interest in using Google dorking. This technique allows them to identify publicly accessible sensitive information. This is a first step to securing their systems and reducing their attack surface. Cybersecurity experts can spot vulnerabilities, compromised passwords or data leaks.

Google dorking therefore remains an ambivalent tool. Used wisely, it strengthens cybersecurity by revealing weak points. But in the wrong hands, it poses a major data privacy risk. And it’s not Olivier Laurelli, alias Bluetouff, who will say the opposite. He who had access to data from the ANSES site using nothing other than Google Dorks saw his appeal to the Supreme Court rejected. Sometimes, certain sensitive data or data that should not be public becomes public, thanks to or because of a simple error in the architecture of a site.

The GDPR imposes strict rules on the collection and use of personal data. If you use Google Dorks, avoid searching for sensitive or private information, even public information, to avoid violating the policy. Use must remain ethical, for legitimate and non-malicious research. Obtaining consent before using personal data is essential.

Sources: Legifrance, Medium