Google Dorks: Analysis, Creation, and New Defenses

  • Flavio ToffaliniEmail author
  • Maurizio Abbà
  • Damiano Carra
  • Davide Balzarotti
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9721)


With the advent of Web 2.0, many users started to maintain personal web pages to show information about themselves, their businesses, or to run simple e-commerce applications. This transition has been facilitated by a large number of frameworks and applications that can be easily installed and customized. Unfortunately, attackers have taken advantage of the widespread use of these technologies – for example by crafting special search engines queries to fingerprint an application framework and automatically locate possible targets. This approach, usually called Google Dorking, is at the core of many automated exploitation bots.

In this paper we tackle this problem in three steps. We first perform a large-scale study of existing dorks, to understand their typology and the information attackers use to identify their target applications. We then propose a defense technique to render URL-based dorks ineffective. Finally we study the effectiveness of building dorks by using only combinations of generic words, and we propose a simple but effective way to protect web applications against this type of fingerprinting.


  1. 1.
    Long, J., Skoudis, E.: Google Hacking for Penetration Testers. Syngress, Rockland (2005)Google Scholar
  2. 2.
    Provos, N., McClain, J., Wang, K.: Search worms. In: Proceedings of the 4th ACM Workshop on Recurring Malcode, pp. 1–8 (2006)Google Scholar
  3. 3.
    Christodorescu, M., Fredrikson, M., Jha, S., Giffin, J.: End-to-end software diversification of internet services. Moving Target Defense 54, 117–130 (2011)CrossRefGoogle Scholar
  4. 4.
    Zhang, J., Notani, J., Gu, G.: Characterizing Google hacking: a first large-scale quantitative study. In: Tian, J., et al. (eds.) SecureComm 2014. LNICST, vol. 152, pp. 602–622. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-23829-6_46 CrossRefGoogle Scholar
  5. 5.
    Johnny Google hacking database.
  6. 6.
    Exploit database.
  7. 7.
  8. 8.
    Baidu cloacking condition.
  9. 9.
  10. 10.
  11. 11.
  12. 12.
  13. 13.
  14. 14.
    Moore, T., Clayton, R.: Evil searching: compromise and recompromise of internet hosts for phishing. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 256–272. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  15. 15.
    John, J.P., Yu, F., Xie, Y., Abadi, M., Krishnamurthy, A.: Searching the searchers with searchaudit. In: Proceedings of the 19th USENIX Conference on Security, Berkeley, CA, USA, p. 9 (2010)Google Scholar
  16. 16.
    John, J.P., Yu, F., Xie, Y., Krishnamurthy, A., Abadi, M.: Heat-seeking honeypots: design and experience. In: Proceedings of WWW, pp. 207–216 (2011)Google Scholar
  17. 17.
    Michael, K.: Hacking: The Next Generation. Elsevier Advanced Technology, Oxford (2012)Google Scholar
  18. 18.
  19. 19.
  20. 20.
    Lancor, L., Workman, R.: Using Google hacking to enhance defense strategies. In: Proceedings of the 38th SIGCSE Technical Symposium on Computer Science Education, pp. 491–495 (2007)Google Scholar
  21. 21.
    Pelizzi, R., Tran, T., Saberi, A.: Large-scale, automatic XSS detection using Google dorks (2011)Google Scholar
  22. 22.
    Invernizzi, L., Comparetti, P.M., Benvenuti, S., Kruegel, C., Cova, M., Vigna, G.: Evilseed: a guided approach to finding malicious web pages. In: IEEE Symposium on Security and Privacy, pp. 428–442 (2012)Google Scholar
  23. 23.
    Zhang, J., Yang, C., Xu, Z., Gu, G.: PoisonAmplifier: a guided approach of discovering compromised websites through reversing search poisoning attacks. In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds.) RAID 2012. LNCS, vol. 7462, pp. 230–253. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  24. 24.
    Billig, J., Danilchenko, Y., Frank, C.E.: Evaluation of Google hacking. In: Proceedings of the 5th Annual Conference on Information Security Curriculum Development, pp. 27–32. ACM (2008)Google Scholar
  25. 25.
  26. 26.
    Keßler, M., Lucks, S., Tatlı, E.I.: Tracking dog-a privacy tool against Google hacking. In: CoseC b-it, p. 8 (2007)Google Scholar
  27. 27.
    Pulp google hacking: the next generation search engine hacking arsenalGoogle Scholar
  28. 28.
    Sahito, F., Slany, W., Shahzad, S.: Search engines: the invader to our privacy - a survey. In: International Conference on Computer Sciences and Convergence Information Technology, pp. 640–646, November 2011Google Scholar
  29. 29.
    Tatlı, E.I.: Google hacking against privacy (2007)Google Scholar
  30. 30.
    Tatlı, E.I.: Google reveals cryptographic secrets. In: Kryptowochenende 2006-Workshop über Kryptographie Universität Mannheim, p. 33 (2006)Google Scholar
  31. 31.
    Soska, K., Christin, N.: Automatically detecting vulnerable websites before they turn malicious. In: Proceedings of USENIX Security, San Diego, CA, pp. 625–640 (2014)Google Scholar
  32. 32.
    Vasek, M., Moore, T.: Identifying risk factors for webserver compromise. In: Financial Cryptography and Data Security, pp. 326–345 (2014)Google Scholar
  33. 33.
    Cho, C.Y., Caballero, J., Grier, C., Paxson, V., Song, D.: Insights from the inside: a view of botnet management from infiltration. In: Proceedings of the USENIX Workshop on Large-Scale Exploits and Emergent Threats, San Jose, CA, April 2010Google Scholar
  34. 34.
    Yu, F., Xie, Y., Ke, Q.: Sbotminer: large scale search bot detection. In: ACM International Conference on Web Search and Data Mining, February 2010Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Flavio Toffalini
    • 1
    Email author
  • Maurizio Abbà
    • 2
  • Damiano Carra
    • 1
  • Davide Balzarotti
    • 3
  1. 1.University of VeronaVeronaItaly
  2. 2.LastLineLondonUK
  3. 3.EurecomSophia-AntipolisFrance

Personalised recommendations