Module 2: Search Techniques

Google Dorking — Advanced Search Techniques

25 menit
Beginner

Google Search Operators

Google memiliki operator khusus yang sangat berguna untuk OSINT dan security research:

Operator Dasar

site:        → hanya tampilkan hasil dari domain tertentu
             site:target.com

filetype:    → cari file dengan ekstensi tertentu
             filetype:pdf confidential

inurl:       → URL harus mengandung teks ini
             inurl:admin login

intitle:     → judul halaman harus mengandung teks ini
             intitle:"index of" "parent directory"

intext:      → body halaman harus mengandung teks ini
             intext:"password" filetype:txt

link:        → halaman yang link ke URL ini
             link:target.com

cache:       → versi cache Google dari halaman
             cache:target.com

related:     → halaman yang mirip dengan URL ini
             related:target.com

info:        → informasi tentang URL
             info:target.com

Operator Lanjutan

"phrase"     → exact phrase match
             "username password" filetype:sql

-word        → exclude results yang mengandung kata ini
             site:target.com -www

*            → wildcard
             "admin * password"

OR, AND      → boolean operators
             site:target.com OR site:target.org

..           → range angka
             site:target.com 2020..2024

AROUND(n)    → dua kata dalam jarak n kata satu sama lain
             password AROUND(3) username

Dork Paling Berguna untuk Security Research

Mencari File Sensitif

# File konfigurasi
site:target.com filetype:env
site:target.com filetype:config
site:target.com filetype:cfg
site:target.com filetype:conf
site:target.com filetype:ini

# File database
site:target.com filetype:sql
site:target.com filetype:db
site:target.com filetype:mdb

# File backup
site:target.com filetype:bak
site:target.com filetype:old
site:target.com filetype:backup
site:target.com ext:bak OR ext:bkp OR ext:bkf

# Log files
site:target.com filetype:log
site:target.com inurl:log filetype:log

# Spreadsheet dengan data sensitif
site:target.com filetype:xls intext:password
site:target.com filetype:csv intext:email

# Private keys
filetype:pem intext:"-----BEGIN RSA PRIVATE KEY-----"
filetype:key intext:"-----BEGIN"

Mencari Halaman Admin & Login

# Admin panels
site:target.com inurl:admin
site:target.com inurl:administrator
site:target.com intitle:"admin" inurl:login
site:target.com inurl:wp-admin
site:target.com inurl:phpmyadmin

# Login pages
site:target.com inurl:login
site:target.com inurl:signin
site:target.com intitle:"sign in"

# Control panels
site:target.com inurl:cpanel
site:target.com inurl:panel
site:target.com intitle:"Dashboard"

Exposed Directories

# Directory listings
intitle:"index of" site:target.com
intitle:"index of" "parent directory" site:target.com
intitle:"directory listing" site:target.com

# Open directory dengan file menarik
intitle:"index of" passwd
intitle:"index of" .htpasswd
intitle:"index of" shadow
intitle:"index of" *.sql
intitle:"index of" *.env

Informasi Teknis

# Error messages yang mengekspos informasi
site:target.com "PHP Warning"
site:target.com "Fatal error"
site:target.com "MySQL error"
site:target.com "Warning: mysql_"
site:target.com "ORA-00933"  # Oracle error

# Version disclosure
site:target.com "Powered by" inurl:admin
site:target.com intitle:"Apache Tomcat"
site:target.com "phpinfo()"

# Konfigurasi server
site:target.com "server at" intitle:"Apache"
site:target.com filetype:conf inurl:nginx.conf

Credentials dan Data Sensitif

# Credentials di plain text
site:target.com "password" filetype:txt
site:target.com "username" "password" filetype:log
intext:"API_KEY" site:github.com

# AWS credentials
"AWS_ACCESS_KEY_ID" site:github.com
"AWS_SECRET_ACCESS_KEY" site:github.com

# Private tokens
"private_token" site:gitlab.com
"Authorization: Bearer" site:github.com

Google Hacking Database (GHDB)

GHDB adalah database yang berisi ribuan dork yang sudah terbukti menemukan informasi sensitif. Tersedia di:

  • exploit-db.com/google-hacking-database — database resmi dari Exploit-DB

Kategori di GHDB:

  1. Footholds — akses awal ke sistem
  2. Files Containing Usernames
  3. Sensitive Directories
  4. Web Server Detection
  5. Vulnerable Files
  6. Vulnerable Servers
  7. Error Messages
  8. Files Containing Juicy Info
  9. Files Containing Passwords
  10. Sensitive Online Shopping Info

Tools Otomatis untuk Google Dorking

# GoogD0rker
python3 googd0rker.py -d target.com

# dorkbot — automated security scanning dengan dorks
dorkbot -u https://target.com

# DorXNG — advanced dorking dengan berbagai search engine
python3 dorxng.py -d "target.com"

# Catatan: Tools ini menggunakan Google API atau scraping
# dan bisa terkena rate limiting atau captcha

Bing Dorking

Bing juga mendukung operator serupa dengan Google:

site:target.com
filetype:pdf site:target.com
intitle:"index of" site:target.com
inbody:password site:target.com
ip:8.8.8.8  # Cari halaman pada IP tertentu
Pro Tip: Kombinasikan Operator
Semakin spesifik dorkmu, semakin relevan hasilnya. Kombinasikan `site:`, `filetype:`, dan `intext:` untuk hasil yang sangat terarah.