Basic syntax of dorking
The most important thing to keep universal in the creation of ALL DORKS, is the concept of syntax. If I spoke English with a Chinese sentence structure, it wouldn’t make any sense. It’s the exact same to Google or Bing. If you don’t speak their language, they won’t understand you. ALWAYS CHECK WHAT SYNTAX YOUR DESIRED SEARCH ENGINE OPERATES ON
Syntax is the way that something is interpreted. Google reads phrases and independent terms depending on its “smart read” features. Which we can’t disable.
What this means:
If we were to search
Google will search for a site with shop.com in the domain and Gaming being some what of importance to that site. This is an issue because, very few sites will contain [shop.com]
The way we can improve on this syntax error is by using a space:
Gaming shop .com
Hopefully, this highlighting has distinguished how google will now interpret this search.
Most search engines allow the user to input “” (Quotation marks) to help indicate this word/phrase must be written on the site. This is considered a Search Operator but is not usually disclosed on services like Google and Bing as it serves as common knowledge to the informed. Use it to your advantage. It can be used to String words together to create phrases.
Remember search engines have their own criteria on syntax, which leads without saying that it’s most ideal to test out all possible syntax uses to help assist with the usage of these search operators when creating our Dorks.
Ordering & Capitalization
Google’s recent Search Algorithm Enhancement Update entailed updates towards their search query targeting and response algorithm. Those poses both an opportunity and a threat. Presenting the avid concern of rewriting all my Dork Types multiple times and Disabling some Exploits on Google that were previously able to be utilized; but also allowing for new techniques to improve results.
This can be described under the usage of Capitalization and Ordering.
Order matters. Easiest and most conceptualised explanation of this change is that. When utilizing the targeting of page extensions, parameters or directories, consider the order of the URL that can be the results of this target.
What does this mean? Well a site doesn’t put .com after the parameter, simply because it’s the domain and that’s not possible unless it’s a redirection of the site. Which *hint* is exactly what happens if you do this. Same can be said for page extensions and directories.
Dorking Syntax rules
Rule 1 :
Page Extension CANNOT go AFTER Parameter
Wrong – id=25/.php
Right – .php?id=25
Rule 2 :
Page Extension CANNOT go BEFORE Domain Extension
Wrong – index .php bing.com
Right – bing.com/index.php
Rule 3 :
Parameter CANNOT go BEFORE Page Extension
Wrong – Id=25/index.php
Right – index.php?id=25
Rule 4 :
Parameter CANNOT go BEFORE Directories
Wrong – Id=25 /apps/index.html
Right – /apps/index.html?id=25
Rule 5 :
Parameter CANNOT go BEFORE Domain Extension
Wrong – Id=25 bing.com
Right – bing.com?id=25
General Syntax Rules:
Operators do not go directly before Search Functions e.g.
All Search Functions EXCEPT inurl: operate with Operators e.g.
intext:shop + online
Don’t link/string/connect Text Targets with URL Targets e.g.
game website + ?id=
Quotes CANNOT work on inurl:
inurl: will NOT allow spaces.
IF you add a regex operator to inurl, a wildcard will not work.IF you add a wildcard to inurl, a regex operator will not work.