Use Google Dorks to validate your idea

About me

It is my first time posting something here, so I think giving you a quick introduction is fair.

I have spent years in the Bug Bounty Hackers world. I learned hundreds of techniques for hacking websites and gathering sensitive data so companies could pay me. A few months ago, I decided to create my own business or product, and I'd fail as many times as needed before succeeding.

Bug Bounty?

Many companies and organisations offer a Bug Bounty Program (BBP) initiative where ethical hackers are invited to find and report security vulnerabilities in their systems. In return, these hackers are rewarded with cash, merchandise, or recognition. This creates a win-win situation: the company strengthens its security measures, and the ethical hackers profit from their expertise and effort.

Bug bounty programs are like freelancing for ethical hackers. Companies offer "projects" (systems to test), and hackers get paid for finding and reporting vulnerabilities, similar to how freelancers get paid per project.

The HackerOne platform is one of the biggest.

Race to the top

In bug bounty programs, speed and skill are crucial. It's a race to discover vulnerabilities before others do. Practical techniques and tactics can make you faster and more accurate, giving you the edge to find bugs first and claim the rewards.

One of these techniques is not exclusive to the BBH world, but for some reason, I don't see many people using it. It's called Google Dorking, and we'll talk about that.

Google Dorking

It's a fancy way to search Google like a pro. By using specific search queries, you can dig up information that's not easily found with regular searches. It's like having a cheat code for Google. People use it to find all sorts of stuff, like confidential files and hidden login pages.

This technique is used in the information-gathering process of hunting a target. Can you see the similarity with validating your idea? They're both based on collecting information.

For example, if you want results only from Reddit, you can use this query: site:reddit.com <your search here>. Or if you wish to search for the Bobcat company but don't want results about the animal, you can use: "bobcat" -animal.

The entire query site:reddit.com "bobcat" -animal gives exciting results.

Real-life example

Suppose your product is similar to ChangeDetection, so you want to understand how users feel about it. It's essential for validating your idea and maybe building a SWOT matrix.

You go to the G2 product page and can't find a single review, but you know Reddit must have something about it. You search for site:reddit.com "changedetection.io", and you discover the company is pretty active on r/selfhosted. The double quotes order Google to show only the results that include it.

It delivers a lot of information. Being on the selfhosted community tells you its users can host the product in their servers. It's probably open-source. You found their target audience. The threads have hundreds of comments from actual customers reviewing the product.

This example scratches a small surface of what we can get from this technique. You'll find many interesting results if you remove the Reddit part of the query and leave only "changedetection.io".

Here are a few keys you can use.

intitle:
inurl:
intext:
define:
site:
phonebook:
maps:
book:
info:
movie:
weather:
related:
link:

I hope it helps you validate your product.

Note by the author:

The Bug Bounty world is impressive, so I had to write about it briefly. I could write ten thousand more words on it, but this is not the idea of this post. Actually, this is my first post in which I try to engage with the IH community.

There are hundreds of product opportunities on it in BB. I'll write about it in the future to review existing products on the market and the exciting characteristics of this niche.