Table Of Content :
- Basic Dorks
- Complex Dorks
Keyword PageType Page Parameter
TargetKeyword(we will use xWord from now on) [XW]
Now you may be asking.
“Where the did the: . ? and = come from?”
The . is used on all devices to identify a file type. Which when we access via the web we call page type.
The ? is the most commonly used divider used by web servers to identify that a parameter is directly after. Others include: ?, &, amp; And the = identified the data attached to the parameter.
I hope that has cleared any confusion in a lesson to basic Dorks. Another way we can construct basic Dorks is with several keywords
XW KW .PE?PP=
Amazon shopping .php?cartID=
KW KW2 .PE?PP=
KW2 being the second keyword
Makeup Shopping .php?cartID=
This can help in finding non site-specific combos and instead attempting to find generalised combos for this field of topic.
This concludes the Basic Dorks section, the introduction to a world of Dorking.
Questions that are expected:
How do I find Keywords?
How do I find Page Parameters?
These questions will be answered after we complete the introduction to all the standpoints on Dorking for beginners and what is most commonly provided by Dork providers. The
reason we are making you wait is we want you to understand how and why Dorks work before we throw other legends of theory at you including how to obtain keywords and page parameters. Please just take notes of what you can learn without thinking about how you will get your variables.
Complex Dorks are the next level of Dorking. We can use Search Functions to improve the accuracy of our search. I will only be providing the Search Functions (SF) from Bing and Google.
Complex Dorking is something very useful when creating Dorks. It’s the usage of Search Functions to optimize the results of a search to meet a specific criterion.
(PP) And new to
Search Functions (SF)
Usage of Search Functions can be debated. But I don’t care how you want to debate
it.inurl:?PP= or .PT or Directory
For any questions about the usage of site:
We are able to add our domain extensions that came with the domain into the Dork, enabling us to choose a country code (us, it, kr, au, br, nl) OR our regular sites domain type(com, org, net). This is what we consider to be our targeted country Search Function. Which can help. Other aspects that help is changing the location of the Parser to where you’d like to extract URLs for as Google likes to optimize it’s results with the location of the user.
The amazing thing about google is it has such a large amount of capabilities; it is
genuinely hard to keep up. Thankfully I’ve comprised the most detailed guide to using
Google optimally right here.
Transforming this Basic Dork into a Complex Dork is as using a Search
Function For Example:
intext:“mario bros” .php?id=
Now is a basic example of how we can use Search Functions.
Donjuji. A cracker to initiate the UHQ mainstream of Combo Cloud’s. Released a very Basic Guide to Dorks several years ago. “ https://pastebin.com/raw/39wTesCS” In this guide he outlines the usage of Search Functions and demonstrates the usage of Search Functions to target his page types and parameters. Very interestingly he also exposed a common
accessibility vulnerability of lot of databases have. That being the “.sql” file exposed on the search engine as an anchor page. A rather large mistake by the developers. This out of the box usage of Search Functions as well as knowledge of file types and exposure vulnerabilities is exactly what hacking stands for.The definition for hacking it trying to get around something, find a fix. Or in our case, find a fix to ourDorks, finding these vulnerabilities like how Donjuji experimented. I HIGHLY SUGGEST trying
to find your own methods as there are plenty undiscovered. One day you may become the next
Search Function Dorks:
intext:“mario bros” .php?id=
mario bros inurl:.php?id=
mario bros .php?id= site:.com
mario bros site:.com ext:php ?id=
mario bros .php?id= site:it
mario bros site:it ext:php ?id=
mario bros ?id= ext:php
mario bros ext:php ?id=
Hopefully this helps with your understanding of Search Functions. It’s a pretty basic tool which, once utilized becomes an amazing tool in the field of Dorking.
The Big Questions
Now as I expect most of you to be asking. “How do I know how to make a Dork” The way of the Dork is orientated around Dork Types. Dork Types are just ways to order
and compile your Dorks. Nothing surprising to the name but it does require some creativity, some experimenting and some time.
“How to use a Dork and what is a Parser?”
Dorks are used on a Parser. This is a tool that completes the queries on the desired search engine and then scrapes the results. It’s rather simple and tools suggested can vary.
How to make Dork Types
Dork Types are just the format that you can generate Dorks from. I will be using my own formatting for declaring each part of a Dork. This is because I’m not happy with how the community labels them, so I’m making my own. This will hopefully become a branding of sorts towards my Dorks but I’ll accommodate however you want to interact with
these words and what you want to use as an abbreviation.
Keyword (Target) =
xKW Keywords 2 =
Page Extension = PE
Parameter = xP
Search Function = SF
Directories = Dir
Keyword 3 = KW3
Making Dork Types requires you to FOLLOW the rules of Dorking. For Google this is inclusive of the rules in Google Syntax
With this logic we can use our Operators, Search Functions and knowledge of Dorking to createDorkTypes.
Some examples will be
KW + *KW2 \ ext:PE
inurl:?xP= “KW” / *KW2 \
ext:PE \ inurl:?xP= KW2 + *KW
These basics of Dorking will not change. So worth with the logic I’ve provided to trial Dork Types and create a list of successful Dork Types to use when generating. This will allow you the advantage of your own custom Dork Types to yourself instead of sharing with your peers by me sending mine.