ADVERTISEMENT

Dorking: the art of exploring hidden directories

Hackers publish lists of the most interesting Google dorks, which are constantly being updated as new Google search queries are realized, producing new results.

Google dorking

Image by Cybernews.

Jesse William McGraw
Jesse William McGraw Contributor
Dec 26, 2024 Updated: 26 December 2024 3 min read
Marcus Walsh Paulius Grinkevičius B&W Konstancija Gasaityte Gintaras Radauskas
Don’t miss our latest stories on Google News
Add us as your Preferred Source on Google.
Exploit Database
Exploit Database, which contains a listing of Google dorks known as the ‘Google Hacking Database’ (GHDB).

An introduction to Dorking

  • intitle:"index of" tells Google to search web pages containing the phrase “index of” in the title. Consequently, because web directories commonly contain “index of” in their directory listings created by web servers which will display folder contents, it can be searched, and exposed.
  • Inurl:ftp query filters the search to show only URLs that contain the string or phrase “ftp.” Therefore, when you put it together, it combines the two relative elements and will return a listing of FTP servers indexed by Google.
Dorking
nasa
This open directory is authorized for public use by NASA’s Jet Propulsion Laboratory and contains NASA’s GENESIS datasets.
ADVERTISEMENT

Prevention tips

  • Robots.txt: For your website, use a robots.txt file to control which elements of your website are permitted to be indexed by search engines.
  • Noindex Meta tag: You can also use the Noindex Meta tag in your page’s source code, which will also prevent them from being indexed by search engines.
  • File permissions: In the same way you’d make sure files and directories in a workgroup with different user permissions wouldn’t be accessible to just anybody, make sure all your files and corresponding directories have proper permissions.
  • Search engine auditing: To see which pages of your site are indexed by search engines, try searching site:yoursite.com. This is something I often do, ensuring that my own site’s configurations are in order, are not exposed, and the right pages are being indexed.

Linux scripts

dorking script

Google dorking cyberwarfare

ADVERTISEMENT