Google Search is the most common search engine available in the clearnet. Google also offers advanced search operators, dubbed Google Dorks. They are primarily use with the scope of narrowing down queries, and improving user experience and quality of results. Multiple actors make use of Google Dorks: white and black hat hackers; journalists; academic researchers; government officers; security investigators; HR units; SEO auditors.
An understanding of Boolean logic is required to make sense of Google Dorks. Operators such as AND, NOT, OR, logically link keywords in specified queries. The main Google advanced operators are: site:, intitle:, inurl:, intext:, filetype:. In order to maximise the quality of results, operators can be combined, further narrowing the amount of results. In a cyberspace where available open source information is growing exponentially, a proper use of advanced operators becomes a priority for those willing to focus their online searches.
Google Dorks are used both for benign and malign purposes by users. That means that they can be harnessed by threat actors willing to gather critical reconnaissance information. More importantly, people with advanced technical skills could use such operators to access sensitive documents or relevant information about an organisation’s infrastructure. The so-called Google Hacking Database (GHDB) offers the biggest online repository of available dorks to look for OSINT reconnaissance: advisories and server vulnerabilities; error messages from domains; password-oriented queries; logon portals; registry databases; network vulnerabilities.
Google Dorks have become a critical feature of the contemporary hacking tradecraft, given the importance of the reconnaissance phase, as a result their use is both offensive and defensive. However, Google Dorks also deliver added value to those looking to level up their digital skills.