Google hacking, also named Google dorking,[1][2] is a hacker technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites are using.


Google hacking involves using advanced operators in the Google search engine to locate specific sections of text on websites that are evidence of vulnerabilities, for example specific versions of vulnerable Web applications. A search query with intitle:admbook intitle:Fversion filetype:php would locate PHP web pages with the strings "admbook" and "Fversion" in their titles, indicating that the PHP based guestbook Admbook is used, an application with a known code injection vulnerability. It is normal for default installations of applications to include their running version in every page they serve, for example, "Powered by XOOPS 2.2.3 Final", which can be used to search for websites running vulnerable versions.

Devices connected to the Internet can be found. A search string such as inurl:"ViewerFrame?Mode=" will find public web cameras.


See also: Johnny Long § Google hacking

The concept of "Google hacking" dates back to 2002, when Johnny Long began to collect Google search queries that uncovered vulnerable systems and/or sensitive information disclosures – labeling them googleDorks.[3]

The list of Google Dorks grew into a large dictionary of queries, which were eventually organized into the original Google Hacking Database (GHDB) in 2004.[4][5]

Concepts explored in Google hacking have been extended to other search engines, such as Bing[6] and Shodan.[7] Automated attack tools[8] use custom search dictionaries to find vulnerable systems and sensitive information disclosures in public systems that have been indexed by search engines.[9]


Robots.txt is a well known file for search engine optimization and protection against Google dorking. It involves the use of robots.txt to disallow everything or specific endpoints (hackers can still search robots.txt for endpoints) which prevents Google bots from crawling sensitive endpoints such as admin panels.


  1. ^ Term Of The Day: Google Dorking - Business Insider
  2. ^ Google dork query,
  3. ^ "googleDorks created by Johnny Long". Johnny Long. Archived from the original on 8 December 2002. Retrieved 8 December 2002.
  4. ^ "Google Hacking Database (GHDB) in 2004". Johnny Long. Archived from the original on 7 July 2007. Retrieved 5 October 2004.
  5. ^ Google Hacking for Penetration Testers, Volume 1. Johnny Long. 2005. ISBN 1931836361.
  6. ^ "Bing Hacking Database (BHDB) v2". Bishop Fox. 15 July 2013. Retrieved 27 August 2014.
  7. ^ "Shodan Hacking Database (SHDB) - Part of SearchDiggity tool suite". Bishop Fox. Retrieved 21 June 2013.
  8. ^ "SearchDiggity - Search Engine Attack Tool Suite". Bishop Fox. 15 July 2013. Retrieved 27 August 2014.
  9. ^ "Google Hacking History". Bishop Fox. 15 July 2013. Retrieved 27 August 2014.