Estimated difficulty: ππ€π€π€π€
This week is special, it’s the last post before Christmas and we might as well channel our inner Sophia and add in a little Christmas song to get us into the Christmas spirit.
And since we are now feeling festive, let’s dive into Google Dorking, Christmas style! Google Dorking was my first post and it seems right to finish the year off with part 2. Just to refresh ourselves, Google Dorking is a way of searching for something, much like how eating a mince pie on Christmas Eve is a tradition, the aftermath can fill you with cheer.
Useful Commands
Let’s jump into it with a list of the commands we can use to limit our search results! This list is not exhaustive and there is a fab cheat sheet created by 0xlupin on Twitter. This sheet contains other dorks for use in other browsers also.
| Google Operator | Effect |
|---|---|
| site: | Using the search term βsite:β, you are searching for all indexed URLs related to the domain you are listing. For example, βsite:securityqueens.co.ukβ will bring up all results for securityqueens.co.uk. |
| intext: | βintext:β is used to search for specific keywords in the content of web pages. This is useful to use in conjunction with the βsite:β command. For example, βsite:securityqueens.co.uk intext:Digisparkβ searches the Securityqueens.co.uk website for all pages mentioning the word Digispark. |
| inurl: | Similar to when you use βsite:β to find all URLs indexed with the specified domain, βinurl:β searches for all URLs indexed containing the specific search term. For example, βinurl:adminβ, will search all URLs containing the word admin. |
| filetype: | βfiletype:β is used in conjunction with keywords to bring up specific files on the internet. For example βadmin password filetype:logβ searches for web pages including the key words admin and password that is a log file. |
| intitle: | It will ask Google to show pages that have this term in their html title. |
| cache: | This will show you each cached version of any website. For example βcache:securityqueens.co.ukβ |
| * | This acts as a wildcard. For example, βHow to *β will bring up all the βHow toβ sites. |
| map: | Brings up a map of the specified location. |
| Dates | You can restrict results by date by specifying the before and after commands in Google Dorking. You can use this by specifying (before |
Christmas Challenges!
My previous post on Dorking covered plenty of “hacky” ways to implement Google Dorking. For this post and true to the time of year, let’s challenge ourselves in finding some Christmas celebrities.
Find a Long Lost Christmas Present
I don’t know about you, but sometimes it can be a pain to find that specific special present that someone has asked for. Google Dorking can help with this! When in lockdown online shopping seems like the way to go, so we can use the below command (switching out the text within the double quotes) to safely shop for the perfect pressie.
inurl:amazon.co.uk intext:"Hackers Handbook"
The above command brings up the following result, amongst many others, and this can be applied to searching for so many more gifts.
This is not a promotion for the book, but knowledge is power and who can ask for a better gift π
Find your Wish List
I’m sure the majority of people have written a letter to Santa. I think some of them might have got lost. Let’s make it our task to rescue (find) all of the letters that might not have made it to Lapland!
filetype:txt intext:"Dear Santa, For Christmas I would like"
There are plenty of other intext: search results you could use to pick out a wish list. This does display certain Christmas letters. We can apply this challenge with a hacker mindset and search for filetypes such as PDFs and sensitive keywords that may be of interest to you.
Find Where Santa Lives!
We don’t need to spend time trawling through results to find Santa’s address, Lapland, oh no, all we need to do is type the below command to locate Father Christmas!
map:Lapland
We see plenty of results showing this secret (well not so secret now) location now… However, all we have to do now is click on the below image and we are taken to a Google Maps search result.
We can apply such a command to search for any location.
Find the BEST Santa Entertainment!
There are plenty of online Christmas games out there, one of my fondest memories was playing Run Santa Run in school… at least back when an IT lesson was learning how to use PowerPoint… However, let’s say we want to search for
inurl:twitch.tv intext:Christmas (before:2020-12-26 after 2020-12-20)
You can apply the dates when searching for information that you know may have occurred within specific dates. When searching for the above, we managed to bring up the following search results within Twitch to do with Christmas. I don’t know about you, but that is some of my Christmas entertainment sorted!
Each challenge is not particularly security-related, however, my previous post covers more of these principles. This post has been created as a fun way to apply Google Dorking in your day to day life. I hope it manages to help entertain you this Christmas and I wish you a Merry Christmas all the same! Have a great one and stay safe <3
Sarah <3
