What is a Dork?
We can define a dork as small keywords that allow us to identify certain types of websites. Defacers commonly use them to identify vulnerable websites. Dorks can also be used for gathering information before a penetration test.
Dorks can be used not only for penetration tests or attacks but also for advanced daily research.
When you search for dorks on Google, you might find thousands of dork lists. However, if you are targeting a specific vulnerability or a particular formation, community, or site, you need to create your own dorks. There’s also a situation where published dorks are quickly used by various hacking engines, resulting in less efficient outcomes.
What Can I Do with Dorks?
With dorks, you can identify websites with the following conditions:
- Websites using a specific script or a particular version of a script
- Websites using a specific plugin, theme, or a particular version of the plugin or theme
- Websites containing certain security vulnerabilities
While Doing This, You Also Have the Right to Filter for the Following Situations:
- You can scan all sites registered with the search engine you are using.
- You can scan websites within a specific country.
- You can search within certain formations of specific websites. For example, you can customize it so that only government institutions are searched in country X, or only university websites are listed in country Y.
- You can target a specific audience for your scans, or you can perform scans on just a specific website.
Google Operators
With Google Operators, you can enter detailed information about websites to make your search more comprehensive. The Google Operators are as follows:
inurl
It allows you to search within a specific URL. With this structure, you can list all the pages indexed by the search engine belonging to the site address. The usage is as follows:
inurl:example.com
intitle
It allows you to search within a specific title. For example, you can customize it to list all pages where the word “X” appears in the title section.
intitle:Discover the Security
cache
This operator allows you to prioritize a specific word in your search on a particular site. The usage is as follows:
cache:discoverthesecurity.com Dork
related
This Google Operator will list sites similar to the site you are searching for. I’m not sure how often it is used, but it might be useful for your research. The usage is as follows:
related:instagram.com
site
This operator is commonly used when searching for an admin panel to index a site after data has been leaked. It ensures that the specified keyword is searched only within a specific site. An example usage is as follows:
Admin site:example.com Login site:example.com
allintitle
You can think of this as strict filtering. Normally, when you search with two or more words, Google will give you similar results. For Google to generate results, it’s enough for a few of the words in your search phrase to appear. However, when you use the allintitle operator, it will list only the sites where all the specified words appear.
allintitle:Effective Dork Creation Techniques
Searching in a Specific Country
Every country has its own domain extension. By adding these domain extensions to your dorks, you can ensure that only results from that country are listed. For example, if you add the .tr
extension to the beginning of your dork, it will list only the results from sites in Turkey. Examples are as follows:
Events in Turkey site:tr
cache:.tr Events in Turkey
When you perform the above search, you will see that only sites with the .tr
extension are listed. I will add the domain extensions of countries at the end of the article for you to download and review if you wish.
Searching Specific Communities, Organizations, or Institutions
Domains are grouped and these groups are universal. For example, when we look at government sites, we see that their domain extensions are gov.tr
. gov
indicates that this is a government site, and tr
indicates that it is a site in Turkey. Similarly, gov.ru
represents government sites in Russia.
In addition, sites with the edu
extension represent universities. Sites with the org
extension represent certain organizations or communities. By appending domain extensions to your dorks, you can conduct research for a specific audience. I will also include the domain extensions and their meanings at the end of the article. Examples are as follows:
inurl:gov.tr inurl:edu.ru
Creating Effective Dorks
The information provided above will help you create effective and creative dorks. When creating dorks, you need to know exactly what you are looking for. The general structure of dorks should be as follows:
Google Operator (optional): domain name (optional). domain extension (optional). country extension (optional)/address containing vulnerability
For example, let’s assume our vulnerable path is index.php?id=
.
index.php?id= .xx/index.php?id= .com.xx/index.php?id= yyy.com.xx/index.php?id= inurl:yyy.com.xx/index.php?id= inurl:yyy.org.xx/index.php?id= inurl:yyy.gov.xx/index.php?id= subdomain.yyy.gov.xx/index.php?id= Admin site:yyy.gov.xx Administrator site:subdomain.yyy.gov.xx
You can create dorks by creating examples like the one above. You can follow sites that publish exploits to identify scripts containing security vulnerabilities. The largest exploit database you can follow is Exploit-DB.
By continuously monitoring such resources, you can stay updated on new vulnerabilities and refine your dork creation techniques to effectively target these specific issues. This will help you in identifying and securing vulnerable systems more efficiently.
For more information, you can explore our Hacking category