Finding subdomain using Google dorks
This is my first article on medium, in this article we will be discussing how we can find subdomains of a website by not using some tools rather by just a simple google search, sounds interesting right…..
So let’s begin to find sub-domains.
First of all we should know what is Google dork which we are using to find the subdomains . Basically Google dork is sometimes just referred to as a dork, is a search string that uses advanced search operators to find information that is not readily available on a website. Google dorking, also known as Google hacking, can return information that is difficult to locate through simple search queries.
In simple language, we will filter the pages according to our requirements so as to get the results faster and accurate.
To find sub domains you must know about some basic keyword used in google dorks.
So first let’s do a simple google search on google.
As you can see it shows 10,45,00,00,000 and it is not possible to visit each page and find the subdomains. So we will use dorks to see only results related to google.com as in this search, all pages related to google is showing like Wikipedia, some blogs about google and many more which are not useful for us in this case.
By just using “site:” we get only results related to google.com and total results which is showing has also been decreased now only 26,200 results are showing which is very low as compared to Image 1, also if you see carefully you will be able to see that the results in Image 2 are all sub domains of google.
Also suppose if a page is coming may time and you don’t want to see that in results like xyz.google.com, you can use “-” to remove that page.
Search will be now- site:google -xyz.google.com and the results will include pages from google.com but not xyz.google.com.
Thanks for reading the article waiting for your valuable feedback.
