Google Search Vulnerabilities

Dorking is a legal but specialised sub-set of Google searching

Google dorks are keyword searches that look for specific website content rather than searching for a general subject. They can be used to find exposed confidential information.

It was reported in 2020 that the collaboration site Trello exposed data to dork searches within its public documents. Trello boards are by default private and as such are not vulnerable to these searches. The Trello dork searches listed publically by Darkrain no longer reveal sensitive information.

Google dorks are a useful tool for ethical hacking, penetration testing and evaluating a business’ own web exposure. YeahHub provide a handy beginner’s guide to useful, simpler dorks. A simple starting dork is link: which will look for instances of a url link on the web and show who is referencing that site. For example; will bring up other sites that link to giving an indication of websites that link into Kindus. A view of the results will show that amongst the useful results are some that are run by Kindus and that several of the ‘hits’ have no relation or link to Kindus in any way shape or form.

The search phrases can also be chained together for more refined results. There is a list of the most popular dorks of 2022 on boxpiper. These clearly show the use of dorks within the hacking community and the applications that they might be targeting.

Sensitive information should never be publically exposed on the web: If it is not there then the criminal is not going to find it. There will always be a need to share some data and a race between ‘secure’ ways to share data and hacks to break through that security. If a page or site is password protected it will still show up on a search but a hacker will not be able to access its contents.

Google dorks have been around for years and if nothing sensitive is exposed should not be a worry. Running dorks is not illegal but access to data from such searches could break the law. Dorks can be blocked by setting up a robots.txt file in the root of the web directory to block or restrict search engine indexing.

More from Privacy & Security


eCommerce Shop Scams

Data from Security Research Labs has revealed a China based fake shopping network that they have named ‘BogusBazaar.’  They claim that: ‘As of April …

Read post


Lockbit Ransomware Takedown

In February 2024 the UK National Crime Agency released details of how the NCA and other international policing agencies had disrupted the actions of …

Read post


UK Cyber security breaches survey 2024

Lies, damned lies, and statistics (attributed to Disraeli) The UK Cyber Security Breaches Survey 2024 was published on 9th April 2024.  Not surprisingly it …

Read post


Digital Gift Card Issues

Both Apple and Google offer gift card services for use on their App stores.  Just as it states on the tin the card can …

Read post

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus