Advanced OSINT Training Series: Google Dorking
Specifying Google Searches for Better Results
Google indexes pages on websites, gathering every little detail and storing this information in its own databases. As a search engine with an extensive database, Google offers paramount opportunities for collecting publicly available information (PAI). What many OSINT researchers and analysts might not realize is that Google can be wielded in specific ways to obtain superior search results. One way? Google Dorking. Google Dorking involves implementing Google’s query language in order to obtain certain data, like specific online files. With Google Dorking, an operator will enter keywords and search operators—called “dorks”—when creating their searches. These are some of the most common Google Dork operators:
- intitle: to find certain keywords within the title of a page
- intext: restricts results to keywords appearing within the content of a page
- inurl: shows results for keywords appearing in the page url
- allintext: shows results only for pages containing all the keywords in the page’s content
- site: restricts results to the site you indicate in the query
- filetype: to discover specific file types, such as PDFs
- +: to combine more than one keyword
- -: allows users to search for keywords while avoiding specific others
Google Dorking in Practice
Like Boolean Searching, Google Dorking can help investigators narrow their search results. By implementing specific operators in a query, users will be more likely to receive information that accurately matches their requests. A researcher on the hunt for information about an online training course might create the search, “intitle:advanced OSINT training.” This query will give results for all three keywords listed. (An operator should be followed by a colon and then the chosen keywords, without any additional spaces.) The same researcher might want to implement the minus operator (“-”) to find pages about digital fingerprints, but not digital footprints. In this case, the Google Dork query would look like this: “digital fingerprint -footprint.” Users should avoid adding a space between the minus operator and the keyword they would like to exclude from the results.
Different search engines also work with Google Dorking. An investigator could input queries into Bing or DuckDuckGo while using the same keywords and search operators. This versatility makes Google Dorking an ideal method for researchers and analysts who like to utilize a variety of OSINT tools.
Why Google Dorking?
On the open web, publicly available information abounds; users can encounter terabytes of data, each of which might provide useful investigative materials. Without a specific, directed search query, investigators could end up scanning through thousands of pieces of data to find the one or two sources they need. Spending hours scrolling one database to find a single name, paragraph, or sentence? That seems like a waste of an investigator’s time. While users will still need to create platform accounts to siphon information from online spaces like the deep web, learning Google Dorking could save them precious operating hours.
Risk Awareness
Before diving into the world of Google Dorking, analysts need to understand how easily their online activities may be discovered. An operator must isolate their online activities in a safe environment. If they don’t take this step, they’ll leave a digital trail for any internet user to find. Cyber criminals can track a user’s IP address if the user does not implement the proper security precautions; even VPNs can’t provide total anonymity, contrary to what some online users might believe. Google also instills its own hurdles to online security when browsing. If any investigator uses a single static IP address, Google will block their connection. In view of these risk factors, Google Dorking may be considered an advanced OSINT technique for an analyst with limited experience collecting PAI.
Advanced OSINT Training: Learn Google Dorking
Using Google Dorking could result in more efficient intelligence operations. However, this sophisticated OSINT technique comes with a few extra challenges. Operators need to be wary of how they appear when creating these types of searches online. To discover advanced OSINT training solutions like Google Dorking, attend a virtual lesson from our instructors at the Academy. Or, stick around the blog to read more about key operational techniques.
Related Article: The Challenges of Using Commercial-Off-the-Shelf (COTS) Technology for OSINT Analysis Within the U.S. National Security Community