How to automate Google Dorks using FGDS? 

**Note: The content in this article is only for educational purposes and understanding of cybersecurity concepts. It should enable people and organizations to have a better grip on threats and know how to protect themselves against them. Please use this information responsibly.** 

You can make the Google Dorks scanning process automatic by using the Fast-Google-Dorks-Scan tool. You’ll find this automated tool on GitHub. It helps you scan for different Google Dorks at a fast pace, and you can add it to your recon workflow. 

What is Google Dorking? 

A Google Dork, also referred to as Google Dorking or Google hacking, is a valuable tool for security researchers. While the average person uses Google to find text, images, videos, and news, in the infosec world, Google can be a powerful hacking tool. 

You can’t hack websites directly using Google, but its extensive web-crawling capabilities can index almost anything on your website, including sensitive information. 

We can use special arguments in a normal Google query to find specific information. Dork comes in a format operator: keyword. 

It’s important to understand that although this information is publicly accessible and legal to use, it can be misused by malicious individuals to damage your online presence. Google tracks your activity when performing these queries, so you are advised to use them responsibly, either for your own research or to defend your website against vulnerabilities. 

Google Dorks are search queries that can help you find specific information on the web by exploiting the advanced search operators in Google Search. 

The three components are: 

1. URL: the web address of a website. 

2. Text: refers to the content or body of a webpage. 

3. Title: the webpage’s name or heading, which is often displayed in the browser’s title bar and search engine results. 

• To read more about Google Dorks, refer to the link here: Google Dorks – Stratos Ally 
• To read more about FGDS, refer to the link here: Fast-Google-Dorks-Scan 

Some of the key advantages include: 

1. Automation of Google Dorking: Manually performing Google Dorks can be time-consuming. FGDS automates the process, allowing users to scan for vulnerabilities or exposed information efficiently across multiple sites. 

2. Time Efficiency: By quickly scanning through a list of predefined Google Dorks, FGDS saves considerable time in identifying security flaws, enabling professionals to focus on analysis and mitigation. 

3. Customization: The tool allows users to add or modify Dorks, making it flexible and adaptable to different types of searches or vulnerability assessments based on specific reconnaissance needs. 

4. Comprehensive Reconnaissance: FGDS provides a broad scope of search queries, helping to uncover misconfigurations, sensitive information exposure, and hidden admin portals that may otherwise go unnoticed during manual searches. 

5. Open-source and Free: Being an open-source tool, FGDS is accessible to anyone, making it a valuable resource for both professional and educational purposes without the need for paid licenses. 

Walkthrough 

1. Clone the FGDS Repository: git clone https://github.com/IvanGlinkin/Fast-Google-Dorks-Scan.git 

2. Navigate to the Directory: cd Fast-Google-Dorks-Scan 

3. Grant Execute Permissions: sudo chmod 777 FGDS.sh    

4. Run FGDS: ./FGDS.sh     

5. Testing this URL (testfire.net): ./FGDS.sh testfire.net   

This command will run the Google Dork scan against the target domain testfire.net to identify any exposed sensitive information.  

Here we can see all the Google Dorks queries in action:  

a. Google query: site:testfire.net inurl:admin 

b. Google query: site:testfire.net inurl:login 

c. Google query: site:testfire.net filetype:rtf 

Here’s the outcome that shows the Q3 earnings of the organization: 

d. You can see the list of some of the other dorks here in the image below. 

6. You need to change your IP address if you get an error like the one in the image below. You can use this tool with a proxy. 

In summary, FGDS automates and accelerates Google Dorking, making it an invaluable tool for anyone looking to identify potential security risks efficiently and comprehensively. 

Here are the summary points: 

1. Automation: FGDS automates Google Dork scanning, reducing manual search time. 

2. Efficiency: Quickly scans predefined Google Dorks to identify security flaws. 

3. Customization: Users can add or modify Dorks for tailored searches. 

4. Comprehensive: Uncovers misconfigurations and sensitive information that may be overlooked. 

5. Open-source: Free to use, making it accessible for all users. 

7. Example Queries: Executes queries for admin pages, login pages, and specific file types. 

8. Proxy Support: Change IP or use a proxy if errors occur. 

9. Conclusion: FGDS enhances Google Dorking efficiency for identifying security risks.