Foreword

I wanted to write this blog post because sometimes its hard to yeild any effective results from searching in a search engine such as Google. However, there is a technique which is refered as Google Fu (or Google Dorks) which will help you to enhance your searching techniques and can lead to finding more specific results.

What is Google Fu?

According to Wikipedia:

Google-fu is often used as a generic term applying to any search engine, and is frequently written in the lowercase form, google-fu. Reliably published usage suggests some ambivalence on whether to place a hyphen between Google and fu.

Google offers spe-cial terms known as advanced operators to help you perform more advanced queries. These operators (if used properly) can help you get the exactl information you’re looking for without spending too much time poring over page after page. When advanced operators are not provided in a query, Google will locate your search terms in any area of the Web page, including the title, the text, the Uniform Resource Locator (URL).

For example, if you are specifically searching for a PDF document or want results just from 1 website.

Using Operators for benefit

I previously mentioned operators, keywords which have a specific meaning for the search engine. Google advanced operators help refine searches.

• They are included as part of a standard Google query.
• Advanced operators use a syntax such as: operator:search_term
• There’s no space between the operator, the colon, and the search term.

List of Operators

Following are the list of operators which will help you get started:

• intitle, allintitle
• inurl, allinurl
• filetype
• site
• link
• inanchor
• cache
• info
• related
• phonebook
• rphonebook
• bphonebook
• author
• group
• msgid
• insubject
• stocks
• define

Operators Redefined

What can you use these operators for?

intitle

• Finding strings in the title of a page
• Mixes well with other operators

inurl

• Finds strings in the URL of a page
• Mixes well with other operators
• Best used with Web and Image searches

filetype

• Finds specific types of files based on file extensions
• Synonymous with ext
• Requires an additional search term
• Mixes well with other operators
• Best used with Web and Group searches

link

• Searches for links to a site or URL
• Does not mix with other operators or search terms
• Best used with Web searches

inanchor

• Finds text in the descriptive text of links
• Mixes well with other operators and search terms
• Best used for Web, Image, and News searches

numrange

• Finds a number in a particular range
• Mixes well with other operators and search terms
• Best used with Web searches
• Synonymous with ext.

cache

• Displays Google’s cached copy of a page
• Does not mix with other operators or search terms
• Best used with Web searches

info

• Displays summary information about a page
• Does not mix with other operators or search terms
• Best used with Web searches

related

• Shows sites that are related to provided site or URL
• Does not mix with other operators or search terms
• Best used with Web searches

phonebook, rphonebook, bphonebook

• Shows residential or business phone listings
• Does not mix with other operators or search terms
• Best used as a Web query

author

• Searches for the author of a Group post
• Mixes well with other operators and search terms
• Best used as a Group

group

• Searches Group names, selects individual Groups
• Mixes well with other operators
• Best used as a Group search

insubject

• Locates a string in the subject of a Group post
• Mixes well with other operators and search terms
• Best used as a Group search

msgid

• Locates a Group message by message ID
• Does not mix with other operators or search terms
• Best used as a Group search

stocks

• Shows the Yahoo Finance stock listing for a ticker symbol
• Does not mix with other operators or search terms
• Best provided as a Web query

define

• Shows various definitions of a provided word or phrase
• Does not mix with other operators or search terms
• Best provided as a Web query

It's Googlr-Fu time

Example of inurl:

With this operator, I'll try to find all reverse engineering related pages on tryhackme:

Example of filetype:

With this operator, I'll try to find all the pdf books for reverse engineering:

Example of intitle:

With this operator, I'll try to find resources for penetration testing:

Example of site:

With this operator, I'll try to find all Vulnhub machine available on tryhackme:

Example of link:

With this operator I'll try to find all the associated tryhackme stuffs on twitter:

What now?

This technique is very useful for bug bounties as you can often include software versions in your operaters and locate vulnerable web servers easily.

More Examples:

Here are some pastebins that have some good amount of pre-made search query aka dorks:-

• Reference 1
• Reference 2

Happy Searching!

Follow me on twitter for more blog posts and keep hacking.

Credits to Ryan Lewis for the artwork used in this blog post.