Google Dorking Techniques for OSINT

Introduction

We live in the world of information, and in such a world, information is literally at our fingertips. Open Source Intelligence (OSINT) is a set of procedures that are used to find information about people and objects of interest using openly available sources, and sometimes proprietary means.

Google is the world’s largest search engine. Because it indexes billions of websites, it has become a very useful tool for Journalists, cyber security professionals, and even law enforcement agencies when making investigative enquiries.

While anyone can technically find what they are looking for by searching for it on Google, the kinds of information OSINT users look for can’t be found by simply making random Google searches, and this is where Google Dorking comes into the picture.

What is Google Dorking

Google Dorking is a searching technique that uses special kinds of keywords recognized by Google to easily find answers to queries that would ordinarily be quite difficult to find.

Google Dorking simply forces Google to simply assume what we want and scan its database for exactly what we tell it to do. It is a valuable technique every one interested in OSINT Investigation must master.

In this article, I’d explore the best Google Dorking keywords and techniques, along with practical scenarios. Put on your investigative lens; let’s OSINT!

Precautions

To begin an OSINT investigation, there are certain things you need to be aware of. One of them is the act of being passive. You don’t want to alert your person of Interest that they are being watched. One way to do this is to use a clean browser window that isn’t signed into any Google account. To avoid unintentional issues, most investigators use an entirely different browser dedicated to OSINT.

Another thing you should know before beginning an OSINT investigation using Google Dorking is to avoid poking your nose into restricted zones or doing anything unlawful. You have to work ethically to avoid lawsuits.

Yet another thing you need to know is that you have to watch your back while investigating, especially if you are investigating a potentially highly malicious Person of Interest. Keep your browsers updated and utilize antivirus software.

Additionally many VPN providers allow their users to manually choose what location they want their VPN server to be in. This is because VPN servers can affect what kind of search results get displayed on Google. If you are seeking answers from a particular region, you may need to use a VPN to get results that are specific to that particular region.

Google Dorking Techniques

To begin, define your Person of Interest and the information you have about them. Also, include the sources those information came from, this can be useful when you are lost and may need to search in reverse order.

1. inurl:

inurl is a keyword that is used to filter Google search for any url containing a certain term. This is particularly useful when we are looking for web pages that are dedicated to something specific.

In the example below, I was making an investigation on a crime syndicate and using the inurl operator, I was able to get Google results that contained the word “Gagliano” in them.

Here is how it is used: ‘inurl:search term’.

Note: There is no space between the operator, colon, and search term.

2. The (filetype) operator:

During investigative searches, you may want to quickly find files about a certain topic. This is where this operator can save you the stress.

format: “filetype:file-type search term”.

Check the image example below for an example of this.

In this example, I am looking for text documents containing the names of English Churches. In the example, I am most likely playing the role of a Journalist.

3. The (site) operator:

This operator is used to limit our search to just the specified site. It is very useful as it removes the noise and helps the investigator stay focused. Another reason this operator is used is because it returns results that we may likely never find on the site itself when we search within, but have been managed to be indexed by Google. Besides, some websites are very large, and moving from link to link can be time-consuming.

Format: “site:domain.extension search term”.

From my example above, I was able to find every FBI page that mentioned directors. For instance, if I want to do some research about directors of the FBI, I can use the example, or if I know the director I intend to research about, I can just type in their name as the search term.

4. The double, double quotes operator(“ “):

Another powerful operator similar to the site operator. But what this one does is that it returns the exact word(s) enclosed within the quotes. So, if I were to Google “Google Dorking”, only the websites containing it will be shown.

This method is particularly useful if the investigator wants to have some in-depth knowledge about that concept and wants to cut off the fluff while getting results from only sources that are focused on the topic and don’t just mention it as secondary.

5. The Minus operator(-):

The minus operator is used to exclude certain terms from showing up. It is often used in searches that one term will more likely return another as an accompanying term.

Format: “first term -unwanted term”.

Note the spacing. Always note the spacings.

Using our earlier term, we excluded the first name of the U.S. President while permitting only his last name. Check the search.

6. The AND operator:

This operator is used to join two terms together in a single search, especially terms that are less likely to be found in the same search terms, unlike the kind of search that the minus operator is used on.

Format: “term one AND term two”

Oh, I didn’t expect that Ben Carson and Trump would top. Well, isn’t that the kind of results we get when we play the AND operator well?

7. The OR operator:

The OR operator is used to filter for when any of two or multiple search terms appear, either together or in individual searches.

Format: “term one OR term two.”

In my example above, I used the OR operator against two different popular streets in two different countries and continents. Though the third item on SERP returned quite a different thing, a restaurant in Serbia, but our fourth item was an entry for the Singaporean street, Haji Lane.

Additional Notes

Google Dorking operators or techniques are not only used individually, you can combine them too. i.e. filetype:pdf resume templates AND filetype:pdf cover letter templates

See it in action:

Another thing to note is that even after using Google Dorking operators, a larger part of your success with Google Dorking depends on the quality of the search terms used. The operators are just enhancers.

Also, some sites don’t permit the use of certain Google Dorking techniques on them. They often do this by blocking search engines from indexing certain parts of their sites or by configuring their URL to not have conventional slugs in them. This affects results, but with perseverance and creativity, you can find another way. With Open Source Intelligence, Google Dorking Techniques are just one out of the many ways of finding actionable intel.

Appreciation and Closing

This article was inspired by the course I took from AFP on OSINT, specifically focusing on advanced search techniques using Google and Social Media. After the course, I decided to compile all I had learnt from it and from previous learnings into an article. Anyone interested in learning OSINT can check out their courses on it.

Additionally, I appreciate Precious, he’s always been an inspiration to me, motivating me to constantly up-skill.

OSINT is quite challenging and interesting, like I wrote above, it requires creativity, with lots of perseverance. Have these and see how OSINT changes for you.

Happy OSINTing!