The OSINT Newsletter - Issue #82
Dorking for Dummies: Search Engine OSINT That Goes Beyond Google
đ Welcome to the 82nd issue of The OSINT Newsletter. This is the first issue in the beginner OSINT series that will be released biweekly. These issues will be free with the goal of helping new investigators improve their skills. Hereâs an overview of this issue:
Search operators
Going beyond Google
Case study
Takeaways
đŞ If you missed the last newsletter, hereâs a link to catch up.
⥠Integrating LLMs into the Intelligence Cycle
đď¸ If you prefer to listen, hereâs a link to the podcast instead.
Letâs get started. âŹď¸
Dorking for Dummies: Search Engine OSINT That Goes Beyond Google
Search engines are the front door to the internet. So if you want to get that door open, you need a key (or to know your way around them).
Whilst most beginners stick to Google (the biggest and most popular search engine), youâre missing out on a huge amount of data if you donât explore the alternatives. Plus, when it comes to Open Source Intelligence (OSINT), how you search is just as important as what you search for.
In this inaugural issue, weâll give you the rundown on dorking for search engine OSINT. Including:
The basics of dorking
Essential search operators
Why Bing and Yahoo belong in your toolkit
And how these techniques play out in action.
Letâs start searching smarter.
What Is Dorking?
Dorking is a search technique pioneered by cybersecurity expert Johnny Long, who coined the term âGoogle dorkingâ in his Bible for search engine pen testers. Basically, dorking is using advanced, specified search queries to find data thatâs publicly accessible, but a pain to locate.
Itâs easy for search engines to skip over data from certain sources: misconfigured servers, open directories, or publicly exposed login portals for example. With a well-chosen dork, you can help the search engine search better. Itâs all about knowing how to speak to the search engine: with a well-chosen dork, you can help Google to bring back exactly what you need.
How to Use Search Operators
Before diving into advanced dorking, you need to master the basic operators - the building blocks of all OSINT search queries. These are some basic examples:
These operators are the bread and butter of dorking. By combining them, you can cook up highly targeted queries that bring back impressively specific results. Letâs say youâre looking specifically for documents related to Bigfoot (the iconic American cryptid). You only want information from legitimate US government sources, and you only want these sources in a PDF format. Your Google search operators would look like this:
site:.gov filetype:pdf âbigfootâ
Easy. This will bring up only the Sasquatch-related data youâre looking for, in the format you want, from your specified source.
Going Beyond Google: Bing, Yahoo and More
Google is the worldâs most popular search engine, with over 89% of global search volume. Naturally, this makes it the first port of call for OSINT investigators, too. But donât be so quick to discount the competitors - there are people out there who actually use Bing. By choice.
Hereâs why you should consider adding Bing and Yahoo (yes, itâs still going) to your OSINT toolkit.
Alternative Indexing
The way each search engine crawls and stores information shapes what results you see. Even after almost 30 years of refining, Google has its flaws; itâs heavily influenced by algorithms that push the most popular, commercial content to the top - and leave the niche stuff OSINT investigators need languishing at the bottom. Bing and Yahoo, on the other hand, use different indexing logic. This can lead to very different (and pretty surprising) results for the exact same query.
Fewer Restrictions
Alongside pushing more paid ads and commercial content, Google has also recently strengthened its filters to block malicious activity. While this might keep the service safe from cyberattacks and hacks, it does limit the power of some traditionally effective dorks. Meanwhile, Bing and Yahoo are much more lenient.
Pro tip: Bing has extra dorking powers, too. If you wanted to Bing dork your Bigfoot query, you could also include alternative names for our favourite elusive humanoid. Use the near: operator to bring up pages that also include related terms, like: âbigfootâ near:âsasquatchâ near:âhairy creatureâ.
Regional and Niche Coverage
Google is biased towards English language content, whilst Bing and Yahoo are also great at pulling in region-specific and non-English content. Of course, there is a limit to how much non-native search engines can bring up; combine the Googles and Bings of the West with region-specific engines - like Yandex (Russia) or Baidu (China) - for the area youâre targeting to get the most relevant results. Itâs pretty impossible to do international OSINT with Google alone.
Dorking in Action: The Fake Job Scam
Now letâs see these techniques in action. In our imaginary investigation, youâve just seen a very convincing job posting from a tech company while browsing LinkedIn. Everything looks good, but you have suspicions that a scam is afoot. So, you use your brand new search engine OSINT skills to dork your way out of danger.
Step One: Verify the company
First, find out if the company has a data trail. Search the company domain:
site:companyname.com. Thereâs no official site or matching domain, so thatâs a massive red flag to start.
Step Two: Check the images
Then, run a reverse image search on the recruiterâs profile photo. Unsurprisingly, you find itâs stolen from a stock photo website. Thatâs another provable sign of foul play.
Step Three: Investigate the employees
Next, investigate the individuals who say theyâre connected with the company. Search LinkedIn with the right operators: site:linkedin.com inurl:in âCompany Nameâ. Then, compare the âemployeeâ profiles with the job posting, and note down any too-similar content. In this case, it turns out the job posting shares wording with a specific profile - so you know who to chase next.
Step Four: Profit
You quickly determine the ad is fraudulent, with all the evidence to prevent others from falling victim. You even have an identity to investigate next⌠and all thanks to a couple of simple searches.
Key Takeaways
Hopefully, youâve come to the end of our first OSINT 101 newsletter with some exciting new knowledge, like:
Dorking is fun. Use operators to target your searches, and enjoy better results.
Bing is useful. Bing and Yahoo reveal data Google hides.
The world is big. OSINT needs a global approach, including native search engines.
Always search twice. Run every query - even specific dorks - multiple times across multiple engines.
â Thatâs it for the free version of The OSINT Newsletter. Consider upgrading to a paid subscription to support this publication and independent research.
By upgrading to paid, youâll get access to the following:
đ All paid posts in the archive. Go back and see what youâve missed!
đ If you donât have a paid subscription already, donât worry thereâs a 7-day free trial. If you like what youâre reading, upgrade your subscription. If you canât, I totally understand. Be on the lookout for promotions throughout the year.
đ¨ The OSINT Newsletter offers a free premium subscription to all members of law enforcement. To upgrade your subscription, please reach out to LEA@osint.news from your official law enforcement email address.