The question of “what is Google Dork” may have arisen since the issue of cybersecurity or internet system security has risen in recent times, such as when the PDN hacking issue became news that shocked the public.
This is very worrying for those of you who are planning or are currently involved in the field of website development, whether developing it yourself or with the help of a website builders. By understanding what Google Dork is and how it works, you can learn how much a potential hack can attack your website. Additionally, you can assess the effectiveness of your website’s security.
What is Google Dork?
You need to know that Google Dork is not a Google product like Google Docs, Google Scholar, or Google Slides. Google Dork is a technique or method.
Google Dork is a method of performing searches on the Google search engine using queries known as operators. Since Google Dork is a method, the activity of searching on Google using the Google Dork method is popularly called Dorking.
Google Dorking is basically legal and can be used to filter searches more effectively and allow you to achieve more accurate search targets.
Dorking uses operators to enter certain search parameters, such as the site:, filetype: and many more. At the bottom of this article, we provide examples of query operators that you can use.
As additional information, dorking can also be performed on many search engines besides Google, such as Bing, Reddit, Yahoo, and Yandex. You can also use search aggregators like SearX.
When you dorking using a search aggregator, your search targets can reach various types of search engines. Additionally, you can expand your reach by using a VPN.
How to Use Google Dork
As we discussed earlier, Google Dork works by using (1) query operators to determine the type of parameter and (2) variables that serve as parameters to find the search target.
However, Google dorking can only read or discover indexed content on web pages and it cannot directly read the HTML code of a website.
If hackers perform Google Dorking, they can find information and use it to breach your website’s security system and usually this kind of information is not something they can find through a regular search.
Some examples of information they can obtain by performing Google Dorking are:
- Usernames and passwords
- Lists of email addresses
- Confidential documents
- Personal information
- Financial information
- Website vulnerabilities
To keep the data on your website safe, you can test dorking for important information on your site. Make sure no information can be found via dorking.
This is a list of Google Dork query operators and examples of how to use Google Dork:
| Query Operator | Function | Examples of Usage |
|---|---|---|
cache: |
Restores a cached version of a website | cache:tonjoo.com |
site: |
Search for a list of indexed URLs or domains | site:tonjoo.com/id/cara-install-xampp-di-windows/ |
link: |
Search for a list of pages containing specified links | link:tonjoo.com/id/cara-install-xampp-di-windows/ |
related: |
Search for pages containing topics related to a specified website or URL | related:https://www.w3schools.com |
info: |
Get specific information about a website, not the content of the website |
info:www.tonjoo.com |
define: |
Search for the definition of a specific word or phrase | define:nginx |
allintitle: |
Search for web pages with specific keywords or phrases where all keywords must be in the title | allintitle:cara install wordpress |
intitle: |
same as allintitle:but only general keywords in the title. |
intitle:wordpress |
allinurl: |
Search for pages with multiple keywords used in the URL. All keywords must be in the URL |
allinurl:woocommerce wordpress |
inurl: |
Sama as allinurl: but only general keywords in the URL. |
inurl:woocommerce |
If you need a Google Dork list containing more query operators, you can find it on the following Google Dork cheat sheet on GitHub:
Use Case of Google Dork
The two dorking methods are using a Single Operator and using Multiple Operators. Here are the explanations and examples:
a. Dorking with Single Operator
Performing Google Dorking is easy with a single operator. This means you use only one type of query operator. Here is an example use case of dorking using a single operator:
| Use Case | Query Operator | Contoh Implementasi |
|---|---|---|
|
Find out if an article is already indexed on Google. |
site: |
site:https://tonjoo.com/id/cara-install-wordpress-pada-xampp-localhost/ |
| Find out how many backlinks a URL has | link: |
link:https://tonjoo.com/id/plugin-lms-wordpress/ |
| Find out the definition of the word nginx. | define: |
define:nginx |
| Searching for examples of documents with the xlsx extension. | filetype: |
filetype:xlsx |
– Incorrect example: site: tonjoo.com
– Correct example: site:tonjoo.com
This method is quite easy so the search results displayed are sometimes still ‘general’. So, to get more accurate and specific search results, you can perform dorking with multiple operators.
b. Dorking dengan Multiple Operator
Dorking with multiple operators (Using more than one query operator) indicates that the parameters you use are more specific, making the result more accurate.
Here is an example of performing Google Dorking with multiple operators or more than one operator:
| Use Case | Query Operator | Contoh Implementasi |
|---|---|---|
| Searching for PDF file types on the UIN Malang website | site: dan filetype: |
site:uin-malang.ac.id filetype:pdf |
| Searching for PDF file types on the UGM website that contain the words ‘morfologi’ and ‘tumbuhan’ in their title | site: , filetype: dan intitle: |
site:ugm.ac.id filetype:pdf intitle:morfologi tumbuhan |
| Searching for PDF documents that contain the word ‘wordpress’ in their URL | filetype:, inurl: |
filetype:pdf inurl:wordpress |
– Incorrect implementation: site:ugm.ac.idfiletype:pdfintitle:morfologitumbuhan
– Correct implementation: site:ugm.ac.id filetype:pdf intitle:morfologi tumbuhan
Do You Understand What Google Dork is?
That’s an explanation of what Google Dork is and how to use it. Even though it looks simple, you can use the method above to get data that might not appear just by doing a normal search.
However, by understanding how Google Dork works, you can be more cautious when developing a website and uploading files to your website. When developing a website there are many precautions that you have to consider and one example is not using XAMPP as a production web server.
If you need help or assistance in website development with strict security guarantees, you can work with the Tonjoo Team, a software house that has been active for more than 10 years.
Tonjoo’s experience in website development has been proven through various collaborations with governments, startups, and national and international corporations. Some of these are Gadjah Mada University, Unilever, Hello Health Group, and FutureSkills. Let’s realize a highly secure website together with the Tonjoo team by contact us via Tonjoo contact!
Updated on August 7, 2024 by Moch. Nasikhun Amin
