Google dorking is an important skill for open-source intelligence investigators to quickly narrow internet search results through operators and specific queries.
This is part of ongoing monthly series to bring you practical how-to guides for your OSINT practice.
With the information of the world at your fingertips, the modern quagmire for researchers isn’t just where to look but how to look. Algorithms, cookies and customized feeds have changed the way information appears to us. Google, in particular, tends to focus more on what they assume your query means than what it actually says, making more advanced search techniques necessary for less common results. That’s why a critical skill for open-source intelligence researchers is Google Dorking.
If this is a new concept, fear not. We’ll walk you through what to do step-by-step. But even if you’ve done it before, there may be some tips and tricks you can pick up for your tradecraft.
What is Google Dorking?
What are we talking about and why such a funny name? Google Dorking is just a term for using the Advanced Search feature on Google. The operators create filters called “dorks” to narrow down search results, giving researchers the ability to “dork” information. The practice is also often referred to as “Google Hacking,” despite the fact that there’s no hacking involved, because “hackers” have used the practice to manipulate search results and expose vulnerable information hiding that was accidentally left exposed.
Developers and security operators can also use this practice to identify malicious extensions or find information that has been accidentally exposed. When people think of finding accidental information, the OSINT tool Shodan comes to mind. But with Google dorking, researchers can utilize the innate abilities of the search engine to locate information they need. This skill is important for any practitioner.
Advanced Search Operators
- Quotes
- To find an exact sentence or phrase, use quotation marks
- For example, “OSINT tools for social media”
- To find an exact sentence or phrase, use quotation marks
- Exclusions
- Use a minus sign to exclude words or certain sites
- For example, -tweet or -Twitter.com
- Use a minus sign to exclude words or certain sites
- Logic
- Use OR or the symbol | with no spaces
- For example: Authentic8 OR NeedleStack, alternatively Authentic8|NeedleStack
- Use OR or the symbol | with no spaces
- Extensions
- To find a certain filetype, use filetype: (followed by a colon) or ext:
- Then add PDF, jpg, png, et al., after the colon (follow ext with a colon and the file type, no spaces)
- For example, ext:jpg NeedleStack logo
- To look for multiple file types, use parentheses around your search, such as ext:(jpg OR pdf OR png)
- Intitle, Intext and Inurl
- To find specific text in a title, the text of a site page or the url, simply search Intitle: followed by your query.
- For example, Inurl:zero-trust-managed-devices or Intitle:FAQ
- Adding all to the beginning of any of these will only reveal results that only meet the criteria of all of the parameters
- Such as, allintext:”dangers of free Wi-Fi”
- To find specific text in a title, the text of a site page or the url, simply search Intitle: followed by your query.
- Site
- To only search within a certain site, use site: (with no spaces) in front of your query
- For example, Site:authentic8.com “Google Dorking”
- To only search within a certain site, use site: (with no spaces) in front of your query
- Timestamps
- To find a site posted before or after a specific date, you can use after:[date] or before:[date]
- For example, before:2016
- To find a site posted before or after a specific date, you can use after:[date] or before:[date]
- Fill in the blank
- Using an asterisk allows Google to fill in a possible missing word. For instance, to find an email address, you can use [username]*com
- For example: NeedleStack*com
- Using an asterisk allows Google to fill in a possible missing word. For instance, to find an email address, you can use [username]*com
These basic operators can be combined to hone your search even further and find the information you seek. Through combinations, you can identify exact text from a blog page or find personal information and extensions lurking on the web.
Narrowing your search
One of the profound problems in OSINT is the sheer amount of information to wade through. This hurdle, aptly referred to as “searching for a needle in a stack of needles,” was the inspiration for the name of our professional research podcast, NeedleStack.
Even when using dorking techniques, choosing keywords, dates and parameters carefully can help efficiently narrow your investigation and lead your search in the right direction. There are also character limits to any search to keep in mind, making the choice of wording crucial.
Practitioners often face resource and bandwidth constraints when conducting OSINT, making the parameters of the search imperative for prioritizing their efforts. For researchers, Google Dorking is an important tool for narrowing that stack of needles and being able to concentrate only on relevant information to your investigation.
Keeping your search anonymous
Remaining anonymous during your query, especially when scrolling through sensitive data, is a key aspect of research. Search history and browsing behavior can influence the results you are shown and throw off your data. Using private browsing modes, like Google’s Incognito, isn’t enough to protect your research. Even when using these supposedly anonymous techniques, your digital fingerprint is still a thumb on the scale. Your location, settings, language and other preferences are filtering the results.
Similar to private browsing, a VPN doesn’t offer adequate protection or privacy. The risk of attribution is ever-present when conducting online research. Managed attribution platforms can both protect your identity and allow you to manipulate your digital fingerprint to match a search narrative. Searching in the appropriate language, location, device and operating systems will allow you to uncover results not previously available.
Using Silo for Research, a purpose-built solution for secure and anonymous online investigations, researchers never have to worry about being identified, blocked or stumbling upon malware. Access nodes and fingerprint settings are easy to manipulate. You can appear in the country you are looking for, search a non-native website and translate the site all within the platform. When you load each new one-time-use session, being followed by cookies is no longer a concern. Learn more about how to conduct research anonymously with Silo for Research.
Tags Anonymous research Financial crime OSINT research