The concept of "Google hacking" dates back to August 2002, when Chris Sullo included the "nikto_google.plugin" in the 1.20 release of the Nikto vulnerability scanner.[3] In December 2002 Johnny Long began to collect Google search queries that uncovered vulnerable systems and/or sensitive information disclosures – labeling them googleDorks.[4]
The list of Google Dorks grew into a large dictionary of queries, which were eventually organized into the original Google Hacking Database (GHDB) in 2004.[5][6]
Concepts explored in Google hacking have been extended to other search engines, such as Bing[7] and Shodan.[8] Automated attack tools[9] use custom search dictionaries to find vulnerable systems and sensitive information disclosures in public systems that have been indexed by search engines.[10]
Google Dorking has been involved in some notorious cybercrime cases, such as the Bowman Avenue Dam hack[11] and the CIA breach where around 70% of its worldwide networks were compromised.[12] Star Kashman, a legal scholar, has been one of the first to study the legality of this technique.[13] Kashman argues that while Google Dorking is technically legal, it has often been used to carry out cybercrime and frequently leads to violations of the Computer Fraud and Abuse Act.[14] Her research has highlighted the legal and ethical implications of this technique, emphasizing the need for greater attention and regulation to be applied to its use.
