The terms Google hacking, Google hacks, or Google dorking refer to attacks that use Google or another search engine to find vulnerable web servers and websites.
Google hacking is based on inventing specific search queries, often using wildcards and advanced search operators (such as intitle, inurl, intext, filetype, and more), to locate badly configured web servers and web pages that expose sensitive information. For example, a search for
site:*/signup/password.php could reveal all pages that contain login portals.
Note that some sources may wrongly use the term Google hacking to refer to SEO poisoning. Google hacks may also refer to specific one-time hacks in the past such as those on Google’s image search, Gmail, or Google Maps.
The Google Hacking Database
The Google Hacking Database (GHDB) is a compendium of Google hacking search terms that have been found to reveal sensitive data exposed by vulnerable servers and web applications. The GHDB was launched in 2000 by Johnny Long to serve penetration testers. In 2010, Long turned the database over to Offensive Security and it became part of exploit-db.com. It was also expanded to include not only the Google search engine but also other search engines like Microsoft’s Bing as well as other repositories such as GitHub.
Some of the categories of search engine queries in the GHDB include:
- Product-specific advisories
- Error messages that contain sensitive information such as directory paths
- Files with sensitive data, passwords, and user names
- Sensitive online shopping data
- Detailed information about web servers
Testing for Google Hacking Vulnerabilities
The most effective way for webmasters to prevent Google search hacks and maintain general information security is to run automatic tests for vulnerabilities. A web vulnerability scanner, such as Acunetix, will crawl each page of a website and check for vulnerabilities that are often reflected in search engine queries (for example, misconfigurations and publicly accessible resources) as well as many other vulnerabilities such as SQL injections and Cross-site Scripting. All you need to do later is fix these vulnerabilities.