OSINT Gathering Using Google Dorks

The modern challenge for researchers is not only where to look, but how to look, given the abundance of information at their disposal. The way we see data has shifted due to the increasing popularity of algorithms, cookies, and personalized feeds. More sophisticated search techniques are required for fewer frequent results since Google tends to prioritize the translation of your query over its actual meaning.

The practice of exploiting Google's "Advanced Search" features often referred to as "Google Dorking." Operators can "dork" information by narrowing search results with the filters they develop (also known as "dorks"). The practice is also often referred to as “Google Hacking,” despite the fact that there’s no hacking involved. Google Dorking is really handy for OSINT analysts, researchers and pentesters for gathering information that is not available in public search results.

Following are the list of popular Google operators you can use to gather sensitive data available on the internet using the Google search engine:

• cache: this operator will show you the cached version of any website, e.g. cache:syberseeker.com
• allintext: searches for specific text contained on any web page, e.g. allintext: hacking tools
• allintitle: exactly the same as allintext, but will show pages that contain titles with X characters, e.g. allintitle:"Security Companies"
• allinurl: it can be used to fetch results whose URL contains all the specified characters, e.g: allinurl:clientarea
• filetype: used to search for any kind of file extensions, for example, if you want to search for pdf files you can use: email security filetype: pdf
• inurl: this is exactly the same as allinurl, but it is only useful for one single keyword, e.g. inurl:admin
• intitle: used to search for various keywords inside the title, for example, intitle:security tools will search for titles beginning with "security" but "tools" can be somewhere else in the page.
• inanchor: this is useful when you need to search for an exact anchor text used on any links, e.g. inanchor:"fundamental"
• intext: useful to locate pages that contain certain characters or strings inside their text, e.g. intext:"safe internet"
• site: will show you the full list of all indexed URLs for the specified domain and subdomain, e.g. site:syberseeker.com
• *: wildcard used to search pages that contain "anything" before your word, e.g. how to * a website, will return "how to…" design/create/hack, etc… "a website".
• |: this is a logical operator, e.g. "financial" "tips" will show all the sites which contain "financial" or "tips," or both words.
• +: used to concatenate words, useful to detect pages that use more than one specific key, e.g. security + theory
• –: minus operator is used to avoiding showing results that contain certain words, e.g. security -book will show pages that use "security" in their text, but not those that have the word "book."